德尔福的DataSnap授权不能repecting TRoleAuth属性 [英] Delphi DataSnap authorization not repecting TRoleAuth attribute

问题描述

我想实现一个Delphi XE的DataSnap应用程序授权。我打破了这个分解成一个很简单的例子，但仍然没有看到一个方法或类TRoleAuth属性的影响。

I am trying to implement authorization in a Delphi XE DataSnap application. I broke this down into a very simple example, but still do not see the effects of the TRoleAuth attribute for a method or class.

下面是一个简单的DSServerMethods类，包含生成的样本方法。类已被装饰来宾和任何人授权的角色，并拒​​绝不受欢迎的角色。该ReverseString方法已被饰以只读否认角色：

Here is a simple DSServerMethods class that includes the generated sample methods. The class has been decorated with the guest and anyone authorized roles, and the unwelcome denied role. The ReverseString method has been decorated with the readonly denied role:

type
  [TRoleAuth('guest,anyone','unwelcome')]
  TMyDSServerMethods = class(TDSServerModule)
    DataSetProvider1: TDataSetProvider;
  ...
  public
    { Public declarations }
    function EchoString(Value: string): string;
    [TRoleAuth('','readonly')]
    function ReverseString(Value: string): string;
    ...
  end;

我分配在OnUserAuthenticate方法的角色。例如，我对谁我从分配的OnUserAuthenticate只读角色的用户，我相信应该拒绝执行ReverseString函数，用户权限的角色。

I am assigning roles on the OnUserAuthenticate method. For example, I have a user for whom I am assigning the readonly role from OnUserAuthenticate, a role which I believe should deny that user permission to execute the ReverseString function.

据我所知，我的code应该对来自TDSAuthenticationManager的OnUserAuthorize方法EventObject.AuthorizedRoles和EventObject.DeniedRoles字符串列表比较用户的角色，并设置相应的这种方法的有效形​​式参数。

From what I understand, my code should compare the user's roles against the EventObject.AuthorizedRoles and EventObject.DeniedRoles TStrings from the OnUserAuthorize method of the TDSAuthenticationManager, and set the valid formal parameter of this method accordingly.

下面是一个简单的方法OnUserAuthorize我使用测试功能。当我踏进它使用调试器响应于用户与只读角色尝试调用ReverseString，EventObject.AuthorizedRoles和EventObject.DeniedRoles都是零，以及EventObject.Roles包含只读作用

Here is a simple OnUserAuthorize method I am using for tesing. When I step into it using the debugger in response to a user with the readonly role attempting to invoke ReverseString, EventObject.AuthorizedRoles and EventObject.DeniedRoles are both nil, and EventObject.Roles contains the readonly role.

procedure TServerContainer1.DSAuthenticationManager1UserAuthorize(
  Sender: TObject; EventObject: TDSAuthorizeEventObject;
  var valid: Boolean);
begin
  outputdebugstring(PChar(Eventobject.UserName));
  if EventObject.UserRoles <> nil then
    outputdebugstring(PChar(eventobject.UserRoles.Text));
  if EventObject.AuthorizedRoles <> nil then
    outputdebugstring(PChar(eventobject.AuthorizedRoles.Text));
  if EventObject.DeniedRoles <> nil then
    outputdebugstring(PChar(eventobject.DeniedRoles.Text));
  valid := True;
end;

我缺少了点，还是有我需要设置的地方，使TRoleAuth属性发挥作用的属性？

Am I missing the point, or is there a property that I need to set somewhere to enable the TRoleAuth attribute to function?

= = = = = = = = = =
编辑：垫德隆提供了答案。所述DSAuth单元（其中TRoleAuth自定义属性的类声明）由在其中限定的DSServerModule后裔单元的接口部分缺失。

= = = = = = = = = = Mat DeLong provided the answer. The DSAuth unit (where the TRoleAuth custom attribute class is declared) was missing from the interface section of the unit in which the DSServerModule descendant was defined.

推荐答案

有一件事情，以确保的是，在你的服务器的方法类，你有DSAuth单元的接口部分的uses子句。如果不这样做，你应该会看到一个编译时警告说：不支持的语言特性：自定义属性'。如果发生这种情况，这意味着你的属性被忽略，因为TRoleAuth类型是未知的。

One thing to make sure of is that in your server methods class you have the "DSAuth" unit in the uses clause of the interface section. If you don't, you should see a compile time warning saying "Unsupported language feature: ‘custom attribute’". If this is happening, it means your attributes are being ignored because the TRoleAuth type is unknown.

如果不是的话，那么我不知道那将是什么。如果工作正常，你OnUserAuthorize事件，您应该看到EventObject.DeniedRoles包含在code属性定义的只读的作用。你也应该看到EventObject.UserRoles含这个角色。如果是这种情况，那么你就不会需要实现OnUserAuthorize可言，和code会自动拒绝该用户授权。

If that isn't the case, then I'm not sure what else it would be. If working properly, in your OnUserAuthorize event, you should see "EventObject.DeniedRoles" containing the "readonly" role defined in the code attribute. You should also see "EventObject.UserRoles" containing this role. If this is the case, then you wouldn't need to implement OnUserAuthorize at all, and the code would automatically deny this user authorization.

一对夫妇的注意事项：

• 如果你把一个函数或过程的TRoleAuth属性，它将替换穿上类属性（仅适用于一种方法。）它不会增加它。

• If you put a TRoleAuth attribute on a function or procedure, it replaces the attribute put on the class (only for that one method.) It doesn't add to it.

如果您设置的最终应用到方法（通过修改TDSAuthenticationManager组件上的角色集合）的设计时属性，那么该属性（）你在$ C $下加入将被忽略

If you set a design-time attribute that ends up apply to the method (by modifying the 'Roles' collection on the TDSAuthenticationManager component) then the attribute(s) you added in code will be ignored.

希望帮助，

垫

这篇关于德尔福的DataSnap授权不能repecting TRoleAuth属性的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！