我正在设置多个图形映射到Gremlin服务器中的OrientDB数据库。但是,我找不到在Groovy中编写脚本的内容以及在配置yaml文件中配置的内容,以便能够将每个经过身份验证的用户映射到单个图,而不是让所有经过身份验证器验证的用户能够访问一切。有什么办法可以做到这一点?
答案 0 :(得分:1)
Gremlin Server不提供任何授权功能,仅提供身份验证。您必须自己构建一些东西来处理将用户限制为不同的图(或其他约束)的情况。那将意味着建立两件事:
ChannelInboundHandlerAdapter-可能称为AuthorizationHandler Channelizer实现-可能称为AuthorizingChannelizer AuthorizationHandler基本上只会覆盖Netty的channelRead()方法
@Override
public void channelRead(ChannelHandlerContext ctx, Object msg) throws Exception {
if (msg instanceof RequestMessage){
RequestMessage requestMessage = (RequestMessage) msg;
// examine contents of RequestMessage to see what is being requested
// e.g. the graph - the user information will be there too but
// depending on the authentication method you're using you might need
// to re-decode it at this time as it doesn't appear that the authenticated
// user is placed on the ChannelHandlerContext for some reason. i made
// a note to change that as it seems helpful and is a simple enough thing
// to do
}
}
对于AuthorizingChannelizer,您基本上将扩展WebSocketChannelizer并覆盖configure()方法:
@Override
public void configure(ChannelPipeline pipeline) {
super.configure(pipeline);
// add an instance of your `AuthorizingChannelizer` to the end of the
// netty pipeline which will put it after the `AuthenticationHandler`
// but before all the Gremlin processing/execution
pipeline.addLast("authorizier", authorizingChannelizer);
}
然后,在Gremlin Server配置中,将channelizer设置替换为AuthorizingChannelizer的完全限定名称。假设您将包含该类的jar放在Gremlin Server的路径中,则它应该在启动时创建它的实例。
我将查看现有的“ handler”和“ channelizer”代码,以获取更多有关如何实现此目标的启发。