创建的Restlet授权者为细粒度的授权 [英] Creating a Restlet Authorizer for fine grained authorization

问题描述

我试图实现使用的Restlet一个RESTful API，并发现任何东西比的基础性作用和方法认证器更很少。我已经存储在数据库中为该用户可访问这些路由的路由和方法。我遇到现在的问题是如何获得的认证器的路径。是不是我需要采集资源？而究竟如何我应该航线的授权人？我已经张贴了我至今一个正在寻找如何在我的授权人获取的路径或资源。所有信息都将AP preciated，我已经看了，虽然书籍和许多普通的例子，并没有发现什么安静我要找的。

我的路由应用：

 公共类MyRoutingApp扩展org.restlet.Application {    @覆盖
    公共同步的Restlet createInboundRoot（）{        上下文的背景下=的getContext（）;
        路由器路由器=新路由器（背景）;        router.attach（/用户，Users.class）;
        router.attach（/后，Posts.class）;
        router.attach（/注释，Comments.class）;        ChallengeAuthenticator认证=新ChallengeAuthenticator（
                背景下，ChallengeScheme.HTTP_BASIC，我的测试境界）;        //创建验证，以确保用户authenicated
        MyVerifier验证=新MySecretVerifier（）;
        //抢用户的角色，并将其添加到请求
        MyEnroler enroler =新MyEnroler（）;        authenticator.setVerifier（验证）;
        authenticator.setEnroler（enroler）;        //中查找，如果可以允许用户资源
        MyAuthorizer授权人=新MyAuthorizer（）;
        authorizer.setNext（路由器）;        authenticator.setNext（授权人）;
        返回认证;
    }
}
 

我的授权人：

 公共类MyAuthorizer扩展授权者{    @覆盖
    保护布尔授权（请求请求，响应响应）{        //拥有验证和enroler的安全角色和用户
        ClientInfo客户端信息= request.getClientInfo（）;
        // GET HTTP方法
        方法方法= request.getMethod（）;        //需要获得路线或资源用户尝试访问
        //允许或基于角色和方法禁止访问
    }
}
 

解决方案

目标资源URI是通过请求＃getResouceRef（）可用。getRemainingPart（）。

I'm attempting to implement a RESTful API using Restlet and have found very little on anything more than the basic Role and Method Authorizers. I have stored in a database the routes and methods for those routes that a user can access. The issue I'm running into now is how to get the path in the Authorizer. Is it the resource I'm needing to gather? And how exactly am I supposed to route to the authorizer? I've posted what I have so far an am looking how in my Authorizer to get the path or resource. Any information is appreciated, I've looked though books and many generic examples and haven't found quiet what I'm looking for.

My Routing Application:

public class MyRoutingApp extends org.restlet.Application {

    @Override  
    public synchronized Restlet createInboundRoot() { 

        Context context = getContext();
        Router router = new Router(context);

        router.attach("/user", Users.class);
        router.attach("/post", Posts.class);
        router.attach("/comment", Comments.class);

        ChallengeAuthenticator authenticator = new ChallengeAuthenticator( 
                context, ChallengeScheme.HTTP_BASIC, "My test realm" );

        //create Verifier to ensure that the user is authenicated
        MyVerifier verifier = new MySecretVerifier();
        //grab user Roles and add them to the request
        MyEnroler enroler = new MyEnroler();

        authenticator.setVerifier( verifier );
        authenticator.setEnroler( enroler );

        //Looks up if user can be allowed to resource
        MyAuthorizer authorizer = new MyAuthorizer();
        authorizer.setNext( router );

        authenticator.setNext( authorizer );
        return authenticator; 
    }
}

My Authorizer:

public class MyAuthorizer extends Authorizer {

    @Override
    protected boolean authorize( Request request, Response response ) {

        //has the security roles and user from verifier and enroler
        ClientInfo info = request.getClientInfo();
        //get http method
        Method method = request.getMethod();

        //need to get the route or resource user is attempting to access
        //allow or disallow access based on roles and method
    }
}

解决方案

The target resource URI is available via the Request#getResouceRef().getRemainingPart().

这篇关于创建的Restlet授权者为细粒度的授权的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！