使用Apache Olingo V2/JPA进行授权 [英] Authorization using Apache Olingo V2 / JPA
问题描述
我正在尝试为使用Apache Olingo JPA注释处理器公开的OData2服务器实现自定义授权方案;授权涉及一个基本的user:operation对,用于限制对数据库的查询/更新/插入/删除操作;想法是通过用户名/密码保护服务器层(Tomcat),然后将用户ID传播到OData层以执行权限检查.
I am trying to implement a custom authorization scheme for an OData2 server which is exposed using the Apache Olingo JPA annotation processor; the authorization involves a basic user:operation pair to restrict query/update/insert/delete operations on the database; the idea is to secure the server layer (Tomcat) via username/password, and then propagating the user id to the OData layer to perform the permission check.
有人实施过类似的东西吗?我当前的方法包括扩展ODataJPAProcessor并在相关方法(readEntity,updateEntity等)中进行检查;但是我不确定这是否是最好的方法.
Has anyone implemented something similar? My current approach involves extending the ODataJPAProcessor and making the checks in the relevant methods (readEntity, updateEntity, etc.); however I am not sure if this would be the best way forward.
任何帮助将不胜感激.
关于, -爱德华多.
推荐答案
在我的项目中,我们使用了身份提供程序和JWT令牌.令牌已经过验证,并已在公开的OData servlet中使用,并且所有权限检查都在处理器内部.我们使用Decorator设计模式将标准处理器包装为Secured
,而在OData处理程序中仅允许使用Secured
.
On my project we used identity provider and JWT token. Token was validated and used in the exposed OData servlet and all the permission checks were inside the processors. We used a Decorator design pattern to wrap standard processors with the Secured
ones and only the Secured
ones were allowed inside OData handler.
我不能保证这是最好的方法,但这听起来很合理.
I cannot guarantee that it is the best approach, but it sounds reasonable.
这篇关于使用Apache Olingo V2/JPA进行授权的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!