Java 在Google App Engine中验证所有API端点
我有下面的Google Cloud Endpoints API,我希望它只能用于具有特定角色的经过身份验证的用户 只有几行代码比千言万语更能说明问题:Java 在Google App Engine中验证所有API端点,java,google-app-engine,google-cloud-endpoints,google-authentication,Java,Google App Engine,Google Cloud Endpoints,Google Authentication,我有下面的Google Cloud Endpoints API,我希望它只能用于具有特定角色的经过身份验证的用户 只有几行代码比千言万语更能说明问题: import com.google.appengine.api.users.User; @Api( name = "heroesApi", version = "v1", clientIds = {...}, scopes = {...}, audiences = {...}, namespace
import com.google.appengine.api.users.User;
@Api(
name = "heroesApi",
version = "v1",
clientIds = {...},
scopes = {...},
audiences = {...},
namespace = @ApiNamespace(
ownerDomain = "my.domain.com",
ownerName = "my.domain.com",
packagePath=""
)
)
public class HeroesApi {
// THIS IS THE FUNCTION THAT I DON´T KNOW WHERE TO PUT
/**
* Validates that the user is logged in with a specific role
* @param user
* @throws UnauthorizedException
* @throws ForbiddenException
*/
private void validateUser(User user) throws UnauthorizedException, ForbiddenException {
IUserController userController = ControllerFactory.get.userController();
if (user == null) {
throw new ForbiddenException("You must be logged in, my friend.");
} else if (!userController.isLoggedAsSuperHero(user)) {
throw new UnauthorizedException("You must be logged in as a Superhero.");
}
}
// API METHODS
@ApiMethod(path = "something", httpMethod = ApiMethod.HttpMethod.PUT)
public DoneTask doSomething(Some thing, User superhero) throws UnauthorizedException, ForbiddenException {
// this is what I want to avoid on each function
this.validateUser(superhero);
// Now I'll do something special
IUserController userController = ControllerFactory.get.userController();
return userController.doSome(thing);
}
// MORE GORGEOUS METHODS JUST FOR SUPERHEROES, SO I HAVE TO PERFORM THE VALIDATION...
}
我曾经考虑过通过web.xml文件为/api/heroesApi/*的所有请求添加一个过滤器,但问题是如何捕获Google Appengine api用户
谷歌是否提供了这样的服务
任何避免重复调用
validateUser(User)
的建议都是受欢迎的默认情况下,Google Cloud Endpoints不会超越角色,因此您的应用程序必须构建角色概念,您必须编写过滤器并获取当前用户,并对照您端维护的角色进行检查
要获取筛选器中的当前用户,请尝试以下操作
我还没有对此进行测试,但我确信只要您的系统使用google帐户作为身份验证,您就可以使用appengine中的UserService Api获取当前用户。因此,您希望通过J2EE身份验证来确定谁通过google云进行了身份验证?@tim biegeleisen我想在类级别验证用户,不是方法级别。按照我提到的方式来做更像是一种变通方法,但如果可行的话,对我来说就足够了。