检查方法权限的属性用途 [英] Attribute Useage For Checking Method Permissions
问题描述
我正在尝试实现一种安全性机制,以自动测试特定的插件权限和方法安全性特权,并且我对如何使它正常工作有些困惑.
我正在编写一个自定义的MEF元数据属性,该属性带有类似以下内容的构造函数属性:
params PluginPermission[] permission
这包含该插件被授予的所有权限的数组.
PluginPermission类如下:
PluginPermission.cs
public enum PluginPermission
{
CreateUsers,
DeleteUsers,
ReadPassword,
WritePassword,
AddUsersToGroups,
AddGroups,
DeleteGroups
}
我还编写了针对单个方法的RequiredPermissionAttribute,并使用一个或多个PluginPermission对象来告诉系统执行单个方法所需的权限.这些适用于插件的界面,例如:
ILicensingManagement.cs
[RequiredPermission(PluginPermission.CreateUsers)]
bool AddUser(string userName);
很明显,如果插件没有特定方法所需的权限,则不会执行该方法.
我要坚持的是如何在方法执行之前实际使RequiredPermissionAttribute类中的测试方法运行,以及如何在插件未满足该方法的权限要求的情况下正常退出执行. /p>
我查看了xUnit BeforeAfterTestAttribute,但是实现似乎如此具体,我努力将源代码拆开以得到解决方案.
我无法对MEF特定内容发表评论,但要记住的一件事是,自定义属性只不过是标签",除非它们不执行任何操作,否则您的代码专门检查了它们,例如使用反射.
xUnit的BeforeAfterTestAttribute可能有效,因为xUnit使用反射来执行方法.遇到此属性时,它将相应更改其行为.
.NET框架名称空间中的属性起作用,因为CLR会检查它们,否则编译器会检查它们.
我知道这并不能完全回答您的问题,但是发表评论的时间太长了.
更新:如果Type是类,则可以使用Type;如果是方法,例如MethodInfo
MethodInfo mi = /* method info */;
Attribute[] attrs = mi.GetCustomAttributes(typeof(RequiredPermissionAttribute), false);
RequiredPermissionAttribute req = attrs.Cast<RequiredPermissionAttribute>().FirstOrDefault();
if ((req != null) && (/* current user does not have the required permission */)) throw new Exception();
但这不是真正的安全解决方案,开发人员可以轻松避免这些检查.我只是简要浏览了一下,但PostSharp也许可以为您提供帮助.
I'm trying to implement a security mechanism to automatically test a particular plugins permissions and method security privileges and I've gotten a bit stuck on how to get this working.
I've writing a custom MEF Metadata attribute that takes a constructor property like:
params PluginPermission[] permission
This contains an array of all the permissions that the plugin is granted.
The PluginPermission class looks like:
PluginPermission.cs
public enum PluginPermission
{
CreateUsers,
DeleteUsers,
ReadPassword,
WritePassword,
AddUsersToGroups,
AddGroups,
DeleteGroups
}
I've also written a RequiredPermissionAttribute that targets individual methods and takes one or more PluginPermission objects to tell the system what permissions are required for an individual method to be execute. These are applied to the interface for the plugins like:
ILicensingManagement.cs
[RequiredPermission(PluginPermission.CreateUsers)]
bool AddUser(string userName);
Obviously if the plugin doesn't have the required permissions for a particular method the method is not executed.
What I'm stuck on is how to actually get the test method in the RequiredPermissionAttribute class to run before the method is executed and how to gracefully exit the execution if the permissions requirements for the method are not met by the plugin.
I looked at the xUnit BeforeAfterTestAttribute but the implementation seemed so specific I stuggled to pull the source code apart to arrive at the solution.
I can't comment on MEF specific things but one thing to keep in mind that custom attributes are nothing more than "tags", they do not do anything unless your code specifically checks for them, for example using reflection.
The BeforeAfterTestAttribute of xUnit probably works, because xUnit uses reflection to execute the methods. When it encounters this attribute it changes its behavious accordingly.
Attributes in the .NET framework namespace work because either the CLR checks for them or the compiler does.
I know this doesn't really answer your question completely but it was a bit too long to put into a comment.
Update: you can access the attributes using the Type if it's a class or the MethodInfo if it's a method, e.g.
MethodInfo mi = /* method info */;
Attribute[] attrs = mi.GetCustomAttributes(typeof(RequiredPermissionAttribute), false);
RequiredPermissionAttribute req = attrs.Cast<RequiredPermissionAttribute>().FirstOrDefault();
if ((req != null) && (/* current user does not have the required permission */)) throw new Exception();
But this is not a real security solution, a developer can easily avoid these checks. I've only briefly glanced at it but PostSharp could maybe help you.
这篇关于检查方法权限的属性用途的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
