如何访问我定义的java grpc服务的请求元数据? [英] How do I access request metadata for a java grpc service I am defining?
问题描述
对于某些背景,我正在尝试使用 grpc auth ,以便为我定义的某些服务提供安全保障。
For some background, I am attempting to use grpc auth in order to provide security for some services I am defining.
让我们看看我是否可以问这是一种有意义的方式。对于我的python代码,实现服务器端代码非常容易。
Let's see if I can ask this is a way that makes sense. For my python code, it was pretty easy to implement the server side code.
class TestServiceServer(service_pb2.TestServiceServer):
def TestHello(self, request, context):
## credential metadata for the incoming request
metadata = context.invocation_metadata()
## authenticate the user using the metadata
因此,正如您所知,我能够非常轻松地从上下文中获取元数据。对我来说更难的是在java中做同样的事情。
So, as you can tell, I am able to get the metadata from "context" quite easily. What is harder for me is to do the same thing in java.
public class TestImpl extends TestServiceGrpc.TestServiceImplBase {
@Override
public void testHello(TestRequest req, StreamObserver<TestResponse> responseObserver) {
// How do I get access to similar request metadata here?
// from the parameter positions, it looks like it should be
// "responseObserver" but that doesn't seem similar to "context"
}
}
我承认我的问题来自几个方向。
I'll admit my problem comes from a few directions.
1)我不熟悉Java
1) I am not well versed in Java
2)我大量使用python的pdb顺序调试类,看看我可以使用哪些方法。我不知道/我不熟悉java的类似工具。
2) I heavily used python's "pdb" in order to debug the classes and see what methods are available to me. I don't know of/am not proficient at a similar tool for java.
3)此时文档似乎相当稀疏。它向您展示了如何在服务器端设置ssl连接,但是我找不到服务器的示例来查看请求元数据,正如我在python中所示。
3) The documentation seems rather sparse at this point. It shows you how to set up an ssl connection on the server side, but I can't find an example of the server taking a look at request metadata, as I have shown in python.
有人可以给我一个如何做到这一点的想法,或者让我看一下有用的java调试工具与python的pdb相同吗?
Could someone please give me an idea of how to do this, or perhaps show me a useful debugging tool for java in the same vein of python's pdb?
EDIT / ANSWER:
EDIT/ANSWER :
我需要先写一个实现接口ServerInterceptor的定义。
I needed to first write a definition implementing the interface ServerInterceptor.
private class TestInterceptor implements ServerInterceptor {
....
然后在实际绑定我的服务和构建我的服务器之前,我需要这样做。
Then, before actually binding my service and building my server, I needed to do this.
TestImpl service = new TestImpl();
ServerServiceDefinition intercepted = ServerInterceptors.intercept(service, new TestInterceptor());
现在我能够创建服务器。
Now I was able to create the server.
server = NettyServerBuilder.forPort(port)
// enable tls
.useTransportSecurity(
new File(serverCert),
new File(serverKey)
)
.addService(
intercepted // had been "new TestImpl()"
)
.build();
server.start();
当我解除客户端请求时,这实际上可以调用我的ServerInterceptor。
This allowed my ServerInterceptor to actually be called when I fired off a client side request.
这个链接非常有助于解决这个问题。
This link was quite helpful in figuring this out.
推荐答案
使用 ServerInterceptor
然后通过 Context
传播身份。这允许您有一个用于身份验证的中央策略。
Use a ServerInterceptor
and then propagate the identity via Context
. This allows you to have a central policy for authentication.
拦截器可以从元数据头
中检索身份。然后应验证身份。然后可以通过 io.grpc.Context
将验证后的身份传达给应用程序(即 testHello
):
The interceptor can retrieve the identity from Metadata headers
. It should then validate the identity. The validated identity can then be communicated to the application (i.e., testHello
) via io.grpc.Context
:
/** Interceptor that validates user's identity. */
class MyAuthInterceptor implements ServerInterceptor {
public static final Context.Key<Object> USER_IDENTITY
= Context.key("identity"); // "identity" is just for debugging
@Override
public <ReqT, RespT> ServerCall.Listener<ReqT> interceptCall(
ServerCall<ReqT, RespT> call,
Metadata headers,
ServerCallHandler<ReqT, RespT> next) {
// You need to implement validateIdentity
Object identity = validateIdentity(headers);
if (identity == null) { // this is optional, depending on your needs
// Assume user not authenticated
call.close(Status.UNAUTENTICATED.withDescription("some more info"),
new Metadata());
return new ServerCall.Listener() {};
}
Context context = Context.current().withValue(USER_IDENTITY, identity);
return Contexts.interceptCall(context, call, headers, next);
}
}
public class TestImpl extends TestServiceGrpc.TestServiceImplBase {
@Override
public void testHello(TestRequest req, StreamObserver<TestResponse> responseObserver) {
// Access to identity.
Object identity = MyAuthInterceptor.USER_IDENTITY.get();
...
}
}
// Need to use ServerInterceptors to enable the interceptor
Server server = ServerBuilder.forPort(PORT)
.addService(ServerInterceptors.intercept(new TestImpl(),
new MyAuthInterceptor()))
.build()
.start();
这篇关于如何访问我定义的java grpc服务的请求元数据?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!