使用Apache Olingo V2/JPA进行授权 [英] Authorization using Apache Olingo V2 / JPA

问题描述

我正在尝试为使用Apache Olingo JPA注释处理器公开的OData2服务器实现自定义授权方案；授权涉及一个基本的user:operation对，用于限制对数据库的查询/更新/插入/删除操作；想法是通过用户名/密码保护服务器层(Tomcat)，然后将用户ID传播到OData层以执行权限检查.

I am trying to implement a custom authorization scheme for an OData2 server which is exposed using the Apache Olingo JPA annotation processor; the authorization involves a basic user:operation pair to restrict query/update/insert/delete operations on the database; the idea is to secure the server layer (Tomcat) via username/password, and then propagating the user id to the OData layer to perform the permission check.

有人实施过类似的东西吗?我当前的方法包括扩展ODataJPAProcessor并在相关方法(readEntity，updateEntity等)中进行检查；但是我不确定这是否是最好的方法.

Has anyone implemented something similar? My current approach involves extending the ODataJPAProcessor and making the checks in the relevant methods (readEntity, updateEntity, etc.); however I am not sure if this would be the best way forward.

任何帮助将不胜感激.

关于， -爱德华多.

推荐答案

在我的项目中，我们使用了身份提供程序和JWT令牌.令牌已经过验证，并已在公开的OData servlet中使用，并且所有权限检查都在处理器内部.我们使用Decorator设计模式将标准处理器包装为Secured，而在OData处理程序中仅允许使用Secured.

On my project we used identity provider and JWT token. Token was validated and used in the exposed OData servlet and all the permission checks were inside the processors. We used a Decorator design pattern to wrap standard processors with the Secured ones and only the Secured ones were allowed inside OData handler.

我不能保证这是最好的方法，但这听起来很合理.

I cannot guarantee that it is the best approach, but it sounds reasonable.

这篇关于使用Apache Olingo V2/JPA进行授权的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！