我有一个Dropwizard应用程序,我有一个User资源,我想让非管理员用户只能访问他们自己的数据。我也想允许"管理员"访问任何用户的数据。
int main(){
treeNode *root = NULL;
int length, a;
for(a=0;a<3;a++)
{
char *word = malloc(sizeof(char)*length+1);
printf("Enter word: ");
scanf("%s",word);
length = strlen(word);
char *wordcpy = word;
strcpy (wordcpy,word);
root = insert(root, a,wordcpy,length);
}
PrintInorder(root);
return 0;
}
我已经实现了Dropwizard的@GET
@Path("/users/{userId}")
@RolesAllowed(value="admin")
public Response getUser(@Auth final Client client, @PathParam("userId") final String userId)
throws InterruptedException {
return userDAO.getUser(userId);
}
界面,这至少授权用户使用&#34; admin&#34;访问资源的角色。
Authorizer<Principal>但是,我不确定如何授权非管理员用户仅为自己的userId访问资源。我在@Override
public boolean authorize(Principal principal, String allowedRolesForResource) {
Set<Roles> userRoles = ((Client) principal).getRoles();
String userId = ((Client) principal).getUserId();
// Create set of all the allowed roles for the resource
Set<Roles> allowedRoles = Arrays.asList(allowedRolesForResource.split("\\s*,\\s*"))
.stream()
.map(Roles::fromName)
.collect(Collectors.toSet());
if(Collections.disjoint(userRoles, allowedRoles)) {
LOGGER.info("User {} does not have any of the allowed roles [{}] for the resource", userId, allowedRolesForResource);
return false;
}
return true;
}
方法的范围内拥有个人的userId,但是我没有正在请求的资源路径,即/ users / 123.
有没有办法将请求上下文放入Authorizer类的范围内,以便我可以根据请求的资源路径和用户ID来授予访问权限?
答案 0 :(得分:1)
只需为管理员创建路径,为每个人创建一个
@GET
@Path("/users/{userId}")
@RolesAllowed(value="admin")
public Response getUser(@Auth final Client client, @PathParam("userId") final String userId)
throws InterruptedException {
return userDAO.getUser(userId);
}
@GET
@Path("/user")
public Response getUser(@Auth final Client client)
throws InterruptedException {
return userDAO.getUser(client.getUserId());
}