云端点的用户授权 [英] User Authorization for Cloud Endpoints
问题描述
我现在的代码是这样工作的:
@ApiMethod(httpMethod =PATCH,name =item.update,path =items)
public Item update newObject,User user)
抛出UnauthorizedException,OAuthRequestException {
OAuthService oAuthService = OAuthServiceFactory.getOAuthService();
if(!oAuthService.isUserAdmin()){
throw new UnauthorizedException(仅管理员用户可以修改内容。);
}
...
}
我知道应用引擎有一个用户角色的概念,但我很好奇,如果端点
做。我尝试过使用OAuthService.isUserAdmin()调用,但不
似乎工作得很好,而且文档有一个很大的警告,说
< blockquote>
注意:您不应将端点身份验证与本文中描述的
非终端点 App Engine Web应用程序的身份验证混淆关于配置设置
https://developers.google.com/appengine/articles/auth ,在 Admin
控制台中,您还可以在
web.xml中指定用户登录要求 https://developers.google.com/appengine/docs/java/config/webxml#Security_and_Authentication
文件。
我必须自己创建某种授权吗?使用传递给update方法的User对象?任何想法?
我有类似的问题。我使用的是AppEngine用户服务,结果我在数据存储中有一个专用的用户类型实体,我为每个用户存储一个特定的标志(常规/管理)。我在控制台中指定的管理员将获得正确的管理员标志)。
在我的终端API中,我获得当前用户的authDomain和id,在我的数据存储中查找以检查是否有管理标志我的用户实体的关键是由authDomain:userId组成,因为我现在只支持google用户,它看起来像(gmail.com:123456789)
这意味着管理员拥有使用AppEngine UserService登录一次(即在我的情况下是一个专门的网页),以便标志正确更新
I'm working on a cloud endpoints backend and want to restrict certain operations to admin users.
My current code works like this:
@ApiMethod(httpMethod = "PATCH", name = "item.update", path = "items")
public Item update(Item newObject, User user)
throws UnauthorizedException, OAuthRequestException {
OAuthService oAuthService = OAuthServiceFactory.getOAuthService();
if (!oAuthService.isUserAdmin()) {
throw new UnauthorizedException("Only admin users can modify content.");
}
...
}
I know app engine has a concept of user roles, but I'm curious if Endpoints do. I've tried using the OAuthService.isUserAdmin() call but that doesn't seem to be working out very well and the docs have a big old warning saying
Note: You should not confuse Endpoints auth with the auth for non-Endpoints App Engine web apps described in the article on configuration settings https://developers.google.com/appengine/articles/auth in the Admin Console, where you also specify the user login requirement in your web.xmlhttps://developers.google.com/appengine/docs/java/config/webxml#Security_and_Authentication file. That approach is not used with Endpoints."
Do I have to create some sort of authorization myself that uses the User object that's passed into the update method? Any thoughts?
I had similar issues. Indeed OAuth user service has nothing to do with AppEngine user service. What I ended up doing was having a dedicated user type entity in my datastore where I store a specific flag (regular/admin) for each user. This flag is updated when I use AppEngine user service (i.e. so that the administrators I specified in the console get the proper admin flag).
In my endpoints API I get the current user authDomain and id, look up in my datastore to check whether it has the admin flag. The key of my user entity is composed of "authDomain:userId" and as I only support google user for now, it looks like (gmail.com:123456789)
This means that an administrator has to login once using the AppEngine UserService (i.e. a dedicated webpage in my case) so that the flag is properly updated
这篇关于云端点的用户授权的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
