使用 spring boot、jpa 和 security 的多用户 Restful api [英] Multi-user restful api using spring boot, jpa and security
问题描述
我想创建一个多用户 api,用户可以在其中登录到宁静的服务并拥有自己的空间来进行预订课程.用户之间不会共享预订.
I want to create a multi user api, where users log in to a restful service and have their own space for say a booking class. Bookings are not shared between users.
我正在努力理解什么是最好的模式来创造这个,同时尽可能多地利用弹簧靴的魔力.
I'm struggling to understand what the best pattern is to create this, while utilizing as much as possible of the magic of spring boot.
我正在使用 Spring Boot JPA 并使用 @Entity 定义一个 User 和 Booking 类.
I'm using Spring Boot JPA and defining a User and Booking class with @Entity.
我的预订随后引用了此用户类别.但是,有没有一种方法可以使用 @RepositoryRestResource 或类似的注释来自动隔离每个用户的数据模型,然后使用 Spring Security 来保护 CRUD 端点,或者我是否需要创建自己的 @RestResponse 来根据用户的授权和然后创建一个 findByUser 方法来执行隔离?
My booking then references this user class. However is there a way I can use @RepositoryRestResource or a similar annotation to automatically isolate data models for each user then use Spring Security to secure the CRUD endpoint or do I need to create my own @RestResponse that looks up users based on their Authorization and then create a findByUser method to perform the isolation?
(注意我是 Spring、Spring Boot 等的新手)
(note i'm new to Spring, Spring Boot etc)
有人建议我研究 ACL,但我很难找到解释它们如何工作的简单资源
it's been suggested I look into ACLs, but i'm struggling to find good SIMPLE resources explaining how they work
推荐答案
如果您确实有每个用户的独立数据,并且您希望透明机制能够仅选择或更新您允许查看的数据,您应该查看T eclipselink 的多租户支持.
If you really have isolated data for each user and you want a transparent mechanism to be able to select or update only the data you are allowed to see you should look T eclipselink's multitenancy support.
http://wiki.eclipse.org/EclipseLink/Development/Indigo/多租户
这是一个关于在 spring-data-jpa 中设置此问题的已接受答案的问题多租户与 spring 数据 jpa 和 eclipselink
Here is a question with accepted answer about setting this up in spring-data-jpa Multi tenancy with spring data jpa and eclipselink
hibernate 似乎也支持多租户http://docs.jboss.org/hibernate/orm/5.0/userGuide/en-US/html_single/#d5e3197
Also hibernate seems to have support for multitenancy http://docs.jboss.org/hibernate/orm/5.0/userGuide/en-US/html_single/#d5e3197
但请记住,对启用多租户的实体的查询始终按租户 ID 进行过滤 - 因此分离非常严格.
But keep in mind that queries on multitenancy enabled entities are then always filtered by the tenant id - so the separation is quite strict.
这篇关于使用 spring boot、jpa 和 security 的多用户 Restful api的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
