我正在尝试为使用Apache Olingo JPA注释处理器公开的OData2服务器实现自定义授权方案;授权涉及一个基本用户:操作对,以限制对数据库的查询/更新/插入/删除操作;我们的想法是通过用户名/密码保护服务器层(Tomcat),然后将用户ID传播到OData层以执行权限检查。
有没有人实现类似的东西?我目前的方法是扩展ODataJPAProcessor并在相关方法中进行检查(readEntity,updateEntity等);但是我不确定这是否是最好的前进方式。
非常感谢任何帮助。
此致 -Eduardo。
答案 0 :(得分:0)
On my project we used identity provider and JWT token. Token was validated and used in the exposed OData servlet and all the permission checks were inside the processors. We used a Decorator design pattern to wrap standard processors with the Secured ones and only the Secured ones were allowed inside OData handler.
I cannot guarantee that it is the best approach, but it sounds reasonable.