如何访问我定义的java grpc服务的请求元数据？ [英] How do I access request metadata for a java grpc service I am defining?

问题描述

对于某些背景，我正在尝试使用 grpc auth ，以便为我定义的某些服务提供安全保障。

For some background, I am attempting to use grpc auth in order to provide security for some services I am defining.

让我们看看我是否可以问这是一种有意义的方式。对于我的python代码，实现服务器端代码非常容易。

Let's see if I can ask this is a way that makes sense. For my python code, it was pretty easy to implement the server side code.

class TestServiceServer(service_pb2.TestServiceServer):

    def TestHello(self, request, context):

        ## credential metadata for the incoming request
        metadata = context.invocation_metadata()

        ## authenticate the user using the metadata

因此，正如您所知，我能够非常轻松地从上下文中获取元数据。对我来说更难的是在java中做同样的事情。

So, as you can tell, I am able to get the metadata from "context" quite easily. What is harder for me is to do the same thing in java.

public class TestImpl extends TestServiceGrpc.TestServiceImplBase {

    @Override
    public void testHello(TestRequest req, StreamObserver<TestResponse> responseObserver) {

        // How do I get access to similar request metadata here?

        // from the parameter positions, it looks like it should be
        // "responseObserver" but that doesn't seem similar to "context"

    }

}

我承认我的问题来自几个方向。

I'll admit my problem comes from a few directions.

1）我不熟悉Java

1) I am not well versed in Java

2）我大量使用python的pdb顺序调试类，看看我可以使用哪些方法。我不知道/我不熟悉java的类似工具。

2) I heavily used python's "pdb" in order to debug the classes and see what methods are available to me. I don't know of/am not proficient at a similar tool for java.

3）此时文档似乎相当稀疏​​。它向您展示了如何在服务器端设置ssl连接，但是我找不到服务器的示例来查看请求元数据，正如我在python中所示。

3) The documentation seems rather sparse at this point. It shows you how to set up an ssl connection on the server side, but I can't find an example of the server taking a look at request metadata, as I have shown in python.

有人可以给我一个如何做到这一点的想法，或者让我看一下有用的java调试工具与python的pdb相同吗？

Could someone please give me an idea of how to do this, or perhaps show me a useful debugging tool for java in the same vein of python's pdb?

EDIT / ANSWER：

EDIT/ANSWER :

我需要先写一个实现接口ServerInterceptor的定义。

I needed to first write a definition implementing the interface ServerInterceptor.

private class TestInterceptor implements ServerInterceptor {
    ....

然后在实际绑定我的服务和构建我的服务器之前，我需要这样做。

Then, before actually binding my service and building my server, I needed to do this.

TestImpl service = new TestImpl();
ServerServiceDefinition intercepted = ServerInterceptors.intercept(service, new TestInterceptor());

现在我能够创建服务器。

Now I was able to create the server.

server = NettyServerBuilder.forPort(port)

    // enable tls
    .useTransportSecurity(
        new File(serverCert),
        new File(serverKey)
    )
    .addService(
        intercepted  // had been "new TestImpl()"
    )
    .build();

server.start();

当我解除客户端请求时，这实际上可以调用我的ServerInterceptor。

This allowed my ServerInterceptor to actually be called when I fired off a client side request.

这个链接非常有助于解决这个问题。

This link was quite helpful in figuring this out.

推荐答案

使用 ServerInterceptor 然后通过 Context 传播身份。这允许您有一个用于身份验证的中央策略。

Use a ServerInterceptor and then propagate the identity via Context. This allows you to have a central policy for authentication.

拦截器可以从元数据头中检索身份。然后应验证身份。然后可以通过 io.grpc.Context 将验证后的身份传达给应用程序（即 testHello ）：

The interceptor can retrieve the identity from Metadata headers. It should then validate the identity. The validated identity can then be communicated to the application (i.e., testHello) via io.grpc.Context:

/** Interceptor that validates user's identity. */
class MyAuthInterceptor implements ServerInterceptor {
  public static final Context.Key<Object> USER_IDENTITY
      = Context.key("identity"); // "identity" is just for debugging

  @Override
  public <ReqT, RespT> ServerCall.Listener<ReqT> interceptCall(
      ServerCall<ReqT, RespT> call,
      Metadata headers,
      ServerCallHandler<ReqT, RespT> next) {
    // You need to implement validateIdentity
    Object identity = validateIdentity(headers);
    if (identity == null) { // this is optional, depending on your needs
      // Assume user not authenticated
      call.close(Status.UNAUTENTICATED.withDescription("some more info"),
                 new Metadata());
      return new ServerCall.Listener() {};
    }
    Context context = Context.current().withValue(USER_IDENTITY, identity);
    return Contexts.interceptCall(context, call, headers, next);
  }
}

public class TestImpl extends TestServiceGrpc.TestServiceImplBase {
  @Override
  public void testHello(TestRequest req, StreamObserver<TestResponse> responseObserver) {
    // Access to identity.
    Object identity = MyAuthInterceptor.USER_IDENTITY.get();
    ...
  }
}

// Need to use ServerInterceptors to enable the interceptor
Server server = ServerBuilder.forPort(PORT)
    .addService(ServerInterceptors.intercept(new TestImpl(),
        new MyAuthInterceptor()))
    .build()
    .start();

这篇关于如何访问我定义的java grpc服务的请求元数据？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！