【发布时间】:2016-04-14 06:13:04
【问题描述】:
我有以下 Google Cloud Endpoints API,我希望它只可供具有特定角色的经过身份验证的用户访问。
几行代码就可以说超过一千个单词:
import com.google.appengine.api.users.User;
@Api(
name = "heroesApi",
version = "v1",
clientIds = {...},
scopes = {...},
audiences = {...},
namespace = @ApiNamespace(
ownerDomain = "my.domain.com",
ownerName = "my.domain.com",
packagePath=""
)
)
public class HeroesApi {
// THIS IS THE FUNCTION THAT I DON´T KNOW WHERE TO PUT
/**
* Validates that the user is logged in with a specific role
* @param user
* @throws UnauthorizedException
* @throws ForbiddenException
*/
private void validateUser(User user) throws UnauthorizedException, ForbiddenException {
IUserController userController = ControllerFactory.get.userController();
if (user == null) {
throw new ForbiddenException("You must be logged in, my friend.");
} else if (!userController.isLoggedAsSuperHero(user)) {
throw new UnauthorizedException("You must be logged in as a Superhero.");
}
}
// API METHODS
@ApiMethod(path = "something", httpMethod = ApiMethod.HttpMethod.PUT)
public DoneTask doSomething(Some thing, User superhero) throws UnauthorizedException, ForbiddenException {
// this is what I want to avoid on each function
this.validateUser(superhero);
// Now I'll do something special
IUserController userController = ControllerFactory.get.userController();
return userController.doSome(thing);
}
// MORE GORGEOUS METHODS JUST FOR SUPERHEROES, SO I HAVE TO PERFORM THE VALIDATION...
}
虽然我想通过 web.xml 文件为对 /api/heroesApi/* 的所有请求添加一个过滤器,但问题是如何捕获 Google Appengine Api 用户。
Google 是否提供了一些东西来执行此操作?
欢迎任何避免重复致电validateUser(User) 的建议
【问题讨论】:
-
所以要明确一点,您希望 J2EE 身份验证确定谁通过 Google Cloud 进行身份验证?
-
@tim-biegeleisen 我想在类级别验证用户,而不是方法级别。按照我提到的方式进行操作更像是一种解决方法,但如果可行的话对我来说就足够了。
标签: java google-app-engine google-cloud-endpoints google-authentication