如何在其他应用程序中使用Liferay的许可系统? [英] How to use Liferay's permission system in other applications?
问题描述
我正在考虑使用Liferay的权限系统在外部Java应用程序(而不是Portlet)中实现访问安全性. Liferay具有用于管理用户,组,角色,权限和资源的强大功能.如果我可以利用这些资源而不是在外部应用程序中重新发明轮子,那将是很好的.
I'm considering using Liferay's permission system to implement access security in an external Java application (not a portlet). Liferay has robust features for managing users, groups, roles, permissions and resources. It would be great if I could leverage those instead of re-inventing the wheel in our external app.
Liferay和我们的外部应用程序被配置为使用相同的CAS和LDAP进行身份验证,因此它们共享相同的用户.
Liferay and our external application are configured to use the same CAS and LDAP for authentication, so they share the same users.
到目前为止,我已经成功使用了Liferay的 JSON- WS API 来管理用户的角色.很好,但是我需要将其下一步.
So far I've successfully used Liferay's JSON-WS API to manage a user's Roles. This is great but I need to take it to the next step.
我可以使用JSON-WS API定义和管理Liferay权限和资源吗?
我看到了用于检查用户是否具有特定权限(例如,具有用户权限)的API方法,但是我没有看到用于创建和分配权限和资源的方法.
I see API methods for checking if a user has certain permissions (ie. has-user-permission) but I don' see methods for creating and assigning Permissions and Resources.
诚然,我需要更好地了解Liferay中如何定义权限和动作.据我了解,权限和操作是在与特定Portlet关联的XML文件中定义的.
Admittedly, I need to better understand how permissions and actions are defined in Liferay. From what I understand, permissions and actions are defined in XML files which are associated with specific portlets.
在我们的案例中,外部应用程序将没有任何portlet,那么我将如何定义自定义权限和操作?(也许创建一个仅用于定义操作和资源的自定义portlet?) .我仍然需要一种以编程方式定义资源的方法,因为需要为外部应用程序中的某些域对象创建资源.
In our case, the external app won't have any portlets so how would I define custom permissions and actions? (maybe create a custom portlet which is only used for defining actions and resources?). I would still need a way to define resources programmatically since resources would need to be created for certain domain objects in our external app.
推荐答案
我知道这已经很老了,但是我还是想回答这个问题,以备将来参考.
I know this is old but I wanted to answer this anyway for future reference.
您在这里有一个新颖的主意,但我还不太了解您打算如何检查用户在您的应用程序中是否具有特定权限.您是否打算在每个请求中查询Liferay JSON-WS API,以验证您是否具有权限?如果在服务器端执行此操作,则可能会导致性能下降,但否则此想法似乎还可以.但是不要在客户端(通过javascript在浏览器中)进行操作-用户可以操纵请求或响应来获取对敏感信息的访问.
You have a novel idea here but I don't quite understand yet how do you plan to check if a user has a specific permission in your application. Do you plan to query the Liferay JSON-WS API on every request to verify you have permission? If you do it on the server side then you might get a performance penalty but otherwise the idea seems OK. But don't do it on the client side (in-browser via javascript) - The user could manipulate the request or response to gain access to sensitive information.
据我所知,您无法使用JSON-WS API定义权限和资源,但是它们存储在数据库中,并且您可以通过Service Builder创建自己的JSON-WS服务以为您的应用程序公开这些功能.
As far as I know you cannot define Permissions and Resources using the JSON-WS API but they are stored in the database and you CAN create your own JSON-WS service via Service Builder to expose those features for your application.
就定义权限而言-由于您将不得不构建自己的服务来管理事务,因此您最好使用适当的基于XML的配置来定义权限,并将其与服务一起部署.
As far as defining the permissions goes - Since you are going to have to build your own service to manage things anyway then you might as well define your permissions using the proper XML based configuration and deploy those along with the service.
我对您最终采用什么解决方案感到有些好奇,因为我认为您已经完成了这个项目.
I'm a little bit curious on what solution you ended up with because I assume that you have already finished this project.
这篇关于如何在其他应用程序中使用Liferay的许可系统?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
