限制数据从一个Grails RESTful服务返回了AngularJS [英] Restricting Data Returned from a Grails Restful Service with AngularJS
问题描述
我是新来使用AngularJS并希望使用REST Grails的集成。虽然我发现使用Grails / AngularJS执行CRUD操作大量的教程中,我发现有点帮助我理解来限制数据的基础上登录的用户从一个Grails RESTful服务返回角的最佳方式,我讨厌问。意见的问题在这里,因为我知道这是在但在这种情况下,我认为这是相关的,能真正为别人学习如何建立在Grails /角真实世界应用很有利有点皱起了眉头。
I am new to using AngularJS and wanted to integrate with Grails using REST. While I have found many great tutorials on using Grails/AngularJS to perform CRUD operations, I have found little to help me understand the best way to restrict data returned to Angular from a Grails RESTful service based on the user logged in. I hate to ask an opinion question here as I know it is a bit frowned upon but in this case I think it is relevant and could really be beneficial for others learning how to build real world applications with Grails/Angular.
因此,可以说,我们有一个简单的域名类别:
So lets say we have a simple Domain Class:
class Book {
String title
String author
static constraints = {
}
}
和我们公开此为REST式控制器(纯香草)
and we expose this as a RESTful controller (plain vanilla)
import grails.rest.RestfulController
class BookController extends RestfulController<Book>{
def springSecurityService
static responseFormats = ['json', 'xml']
BookController(){
super(Book)
}
}
在我来说,我现在用的资产管道的Grails插件。我有一个角控制器:
In my case I am using the asset-pipeline Grails plugin. I have an angular controller:
var book = angular.module('book', []);
book.controller('BookCtrl',
function ($scope, $http) {
$scope.getBook = function () {
$http.get('/myApp/book').
success(function (data) {
console.log("success: " + data);
$scope.book = data;
}).error(function (data) {
console.log("error: " + data);
$scope.book = data;
});
};
$scope.getBook();
}
);
和视图(略):
<div>
<table class="table table-hover">
<tr>
<th>Title</th>
<th>Author</th>
</tr>
<tr ng-repeat="b in book">
<td>{{b.title}}</td>
<td>{{b.author}}</td>
</tr>
</table>
</div>
当我只是在寻找所有的图书清单对象这个工作得很好,我得到的书一个不错的表。但是,当我想讲的限制退换书的基础上登录的用户(让我们说,在这种情况下,用户拥有书籍的列表),我不知道什么可能是继续的最佳方式。从认证的角度来看我想也许使用 Spring Security的REST插件可能是有益的传球令牌作为参数传递给BookController的(假设我重写指数()方法)。然后,我可以查找在REST响应令牌和过滤结果。这是否看起来是正确的方法呢?感谢您的任何反馈,
When I am simply looking for the list of all Book Objects this works just fine, I get a nice table of books. But when I would like say limit the books returned based on the user logged in (let's say in this case it is a list of Books the user owns), I am not sure what may be the best way to proceed. From an authentication standpoint I thought that perhaps using the Spring Security REST plugin might be helpful in passing a token as a parameter to the BookController (assuming I override the index() method). I could then look up the token and filter results in the REST response. Does this seem like the proper approach? Thank you for any feedback,
推荐答案
是的,这是指的 样品角/ Grails的应用 它使用 Grails的弹簧,安全休息 插件基于令牌authn / AuthZ的。要回答你的问题,你必须做两种:
Yes, refer this sample Angular/Grails app which uses grails-spring-security-rest plugin for token based authn/authz. To answer your question, you have to do both:
- 从客户端(角度)来访问REST服务基于令牌的认证。
- 过滤的用户在服务器端拥有的书籍。
基于令牌的认证在示例应用程序展示。对于过滤用户,你可能最终在你的控制器这样做:
Token based authentication is showcased in the sample app. For filtering user, you might end up doing this in your controller:
def index() {
//getPrincipal() is a method on controller metaClass
//used here for convenience which is similar to saying
//springSecurityService.principal.username
respond Book.findByUser( principal.username )
}
以上会工作的基础上,你提到,将是一个连接表某处说登录的用户拥有图书的假设。
Above would work based on the assumption you mentioned that there would be a join table somewhere to say a logged in user owns books.
这篇关于限制数据从一个Grails RESTful服务返回了AngularJS的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!