限制dropwizard管理页面
如何验证Dropwizard管理门户,从而限制普通用户访问它?限制dropwizard管理页面,dropwizard,Dropwizard,如何验证Dropwizard管理门户,从而限制普通用户访问它? 请帮助在您的配置中,您可以在http下设置adminUsername和adminPassword,如下所示: http: adminUsername: user1234 adminPassword: pass5678 对于DW 0.7,我的方法是: public class AdminConstraintSecurityHandler extends ConstraintSecurityHandler { pri
请帮助在您的配置中,您可以在
http
下设置adminUsername
和adminPassword
,如下所示:
http:
adminUsername: user1234
adminPassword: pass5678
对于DW 0.7,我的方法是:
public class AdminConstraintSecurityHandler extends ConstraintSecurityHandler {
private static final String ADMIN_ROLE = "admin";
public AdminConstraintSecurityHandler(final String userName, final String password) {
final Constraint constraint = new Constraint(Constraint.__BASIC_AUTH, ADMIN_ROLE);
constraint.setAuthenticate(true);
constraint.setRoles(new String[]{ADMIN_ROLE});
final ConstraintMapping cm = new ConstraintMapping();
cm.setConstraint(constraint);
cm.setPathSpec("/*");
setAuthenticator(new BasicAuthenticator());
addConstraintMapping(cm);
setLoginService(new AdminMappedLoginService(userName, password, ADMIN_ROLE));
}
}
public class AdminMappedLoginService extends MappedLoginService {
public AdminMappedLoginService(final String userName, final String password, final String role) {
putUser(userName, new Password(password), new String[]{role});
}
@Override
public String getName() {
return "Hello";
}
@Override
protected UserIdentity loadUser(final String username) {
return null;
}
@Override
protected void loadUsers() throws IOException {
}
}
并以以下方式使用它们:
environment.admin().setSecurityHandler(new AdminConstraintSecurityHandler(...))
较新的Jetty版本没有
MappedLoginService
,因此@Kamil的答案不再有效。我已修改了他们的答案,以使其从Dropwizard 1.2.2开始工作:
public class AdminConstraintSecurityHandler extends ConstraintSecurityHandler {
private static final String ADMIN_ROLE = "admin";
public AdminConstraintSecurityHandler(final String userName, final String password) {
final Constraint constraint = new Constraint(Constraint.__BASIC_AUTH, ADMIN_ROLE);
constraint.setAuthenticate(true);
constraint.setRoles(new String[]{ADMIN_ROLE});
final ConstraintMapping cm = new ConstraintMapping();
cm.setConstraint(constraint);
cm.setPathSpec("/*");
setAuthenticator(new BasicAuthenticator());
addConstraintMapping(cm);
setLoginService(new AdminLoginService(userName, password));
}
public class AdminLoginService extends AbstractLoginService {
private final UserPrincipal adminPrincipal;
private final String adminUserName;
public AdminLoginService(final String userName, final String password) {
this.adminUserName = Objects.requireNonNull(userName);
this.adminPrincipal = new UserPrincipal(userName, new Password(Objects.requireNonNull(password)));
}
@Override
protected String[] loadRoleInfo(final UserPrincipal principal) {
if (adminUserName.equals(principal.getName())) {
return new String[]{ADMIN_ROLE};
}
return new String[0];
}
@Override
protected UserPrincipal loadUserInfo(final String userName) {
return adminUserName.equals(userName) ? adminPrincipal : null;
}
}
}
只需确保不要将这些存储在GitHub之类的公共回购中…:-)您知道在DW 0.7.1的配置文件中是否也有这样做的可能性吗?不适用于DW 0.8.4,这些字段在配置规范中未提及。此答案不适用于DW/Jetty的更高版本。见下文我的答案,该答案自DW 1.2.2起生效