如何处理身份验证和授权节俭? [英] How to handle authentication and authorization with thrift?
问题描述
我正在开发它采用节俭的系统。我想检查客户的身份和被ACLED操作。是否节俭为那些任何支持?
I'm developing a system which uses thrift. I'd like clients identity to be checked and operations to be ACLed. Does Thrift provide any support for those?
推荐答案
不能直接。要做到这一点的唯一方法是有它在服务器上创建一个(临时)密钥的身份验证方法,然后更改所有的方法,使第一个参数是这个关键,他们都还抛出一个没有身份验证的错误。例如:
Not directly. The only way to do this is to have an authentication method which creates a (temporary) key on the server, and then change all your methods so that the first argument is this key and they all additionally raise an not-authenticated error. For instance:
exception NotAuthorisedException {
1: string errorMessage,
}
exception AuthTimeoutException {
1: string errorMessage,
}
service MyAuthService {
string authenticate( 1:string user, 2:string pass )
throws ( 1:NotAuthorisedException e ),
string mymethod( 1:string authstring, 2:string otherargs, ... )
throws ( 1:AuthTimeoutException e, ... ),
}
我们使用这种方法和我们的钥匙保存在一个安全的memcached实例与30分钟超时键把一切都活泼。谁收到客户端的 AuthTimeoutException
预计reauthorise并重新和我们有一些防火墙规则来阻止蛮力攻击。
We use this method and save our keys to a secured memcached instance with a 30min timeout for keys to keep everything "snappy". Clients who receive an AuthTimeoutException
are expected to reauthorise and retry and we have some firewall rules to stop brute-force attacks.
这篇关于如何处理身份验证和授权节俭?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!