在java中使用API密钥限制我的端点
我正在使用面向java的云端点v2。我的问题是,任何人都可以通过API Explorer或直接从URL访问这些端点。我想保护我的端点。我阅读了如何使用API键来限制整个API或某些方法的文档 这就是我正在尝试的在java中使用API密钥限制我的端点,java,google-app-engine,google-cloud-platform,google-cloud-endpoints-v2,Java,Google App Engine,Google Cloud Platform,Google Cloud Endpoints V2,我正在使用面向java的云端点v2。我的问题是,任何人都可以通过API Explorer或直接从URL访问这些端点。我想保护我的端点。我阅读了如何使用API键来限制整个API或某些方法的文档 这就是我正在尝试的 @Api( name = "zeem", version = "v1" ) public class Account { @ApiMethod(name = "getRegistration", path = "getRegistration", api
@Api(
name = "zeem",
version = "v1"
)
public class Account {
@ApiMethod(name = "getRegistration", path = "getRegistration", apiKeyRequired = AnnotationBoolean.TRUE)
public Registered getRegistration(@Named("phone") Long phone){
// code ....
}
即使我尝试直接从url访问这个方法,它也可以工作
http://localhost:8080/_ah/api/zeem/v1/getRegistration?phone=123 // Successfully getting response
openapi.json "/zeem/v1/getRegistration": {
"get": {
"operationId": "ZeemGetRegistration",
"parameters": [
{
"name": "phone",
"in": "query",
"required": true,
"type": "integer",
"format": "int64"
}
],
"responses": {
"200": {
"description": "A successful response",
"schema": {
"$ref": "#/definitions/Registered"
}
}
},
"security": [
{
"api_key": [ ]
}
]
}
},
<?xml version="1.0" encoding="utf-8"?>
<!-- [START_EXCLUDE] -->
<!--
Copyright 2016 Google Inc.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<!-- [END_EXCLUDE] -->
<web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee
http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"
version="3.1">
<welcome-file-list>
<welcome-file>welcome</welcome-file>
</welcome-file-list>
<!-- OBJECTIFY -->
<filter>
<filter-name>ObjectifyFilter</filter-name>
<filter-class>com.googlecode.objectify.ObjectifyFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>ObjectifyFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- ENDPOINTS -->
<servlet>
<servlet-name>EndpointsServlet</servlet-name>
<servlet-class>com.google.api.server.spi.EndpointsServlet</servlet-class>
<init-param>
<param-name>services</param-name>
<param-value>
org.octabyte.zeem.API.Account,
org.octabyte.zeem.API.CommentApi,
org.octabyte.zeem.API.FriendApi,
org.octabyte.zeem.API.ListApi,
org.octabyte.zeem.API.PostApi,
org.octabyte.zeem.API.SearchApi,
org.octabyte.zeem.API.UserApi,
org.octabyte.zeem.API.StoryApi
</param-value>
</init-param>
</servlet>
<!-- Route API method requests to the backend. -->
<servlet-mapping>
<servlet-name>EndpointsServlet</servlet-name>
<url-pattern>/_ah/api/*</url-pattern>
</servlet-mapping>
<!-- Security -->
<security-role>
<role-name>admin</role-name>
</security-role>
<security-constraint>
<web-resource-collection>
<web-resource-name>admin</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
</web-app>
欢迎
目标过滤器
com.googlecode.objectify.ObjectifyFilter
目标过滤器
/*
端点服务器
com.google.api.server.spi.EndpointsServlet
服务
org.octabyte.zeem.API.Account,
org.octabyte.zeem.API.CommentApi,
org.octabyte.zeem.API.FriendApi,
org.octabyte.zeem.API.ListApi,
org.octabyte.zeem.API.PostApi,
org.octabyte.zeem.API.SearchApi,
org.octabyte.zeem.API.UserApi,
org.octabyte.zeem.API.StoryApi
端点服务器
/_空气污染指数/*
管理
管理
/*
管理
有几种方法可以对您的用户进行端点身份验证,例如,您可以使用,也可以研究使用。您是第一个吗?是的,我添加了它请检查更新请发布您的
web.xml