Java 在Google App Engine中验证所有API端点_Java_Google App Engine_Google Cloud Endpoints_Google Authentication

Java 在Google App Engine中验证所有API端点

java google-app-engine

Java 在Google App Engine中验证所有API端点,java,google-app-engine,google-cloud-endpoints,google-authentication,Java,Google App Engine,Google Cloud Endpoints,Google Authentication,我有下面的Google Cloud Endpoints API，我希望它只能用于具有特定角色的经过身份验证的用户只有几行代码比千言万语更能说明问题： import com.google.appengine.api.users.User; @Api( name = "heroesApi", version = "v1", clientIds = {...}, scopes = {...}, audiences = {...}, namespace

我有下面的Google Cloud Endpoints API，我希望它只能用于具有特定角色的经过身份验证的用户

只有几行代码比千言万语更能说明问题：

import com.google.appengine.api.users.User;

@Api(
    name = "heroesApi",
    version = "v1",
    clientIds = {...},
    scopes = {...},
    audiences = {...},
    namespace = @ApiNamespace(
        ownerDomain = "my.domain.com",
        ownerName = "my.domain.com",
        packagePath=""
    )
)

public class HeroesApi {

    // THIS IS THE FUNCTION THAT I DON´T KNOW WHERE TO PUT
    /**
     * Validates that the user is logged in with a specific role
     * @param user
     * @throws UnauthorizedException
     * @throws ForbiddenException
     */
    private void validateUser(User user) throws UnauthorizedException, ForbiddenException {
        IUserController userController = ControllerFactory.get.userController();
        if (user == null) {
            throw new ForbiddenException("You must be logged in, my friend.");
        } else if (!userController.isLoggedAsSuperHero(user)) {
            throw new UnauthorizedException("You must be logged in as a Superhero.");
        }
    }


    // API METHODS

    @ApiMethod(path = "something", httpMethod = ApiMethod.HttpMethod.PUT)
    public DoneTask doSomething(Some thing, User superhero) throws UnauthorizedException, ForbiddenException {

        // this is what I want to avoid on each function
        this.validateUser(superhero);

        // Now I'll do something special
        IUserController userController = ControllerFactory.get.userController();
        return userController.doSome(thing);

    }

   // MORE GORGEOUS METHODS JUST FOR SUPERHEROES, SO I HAVE TO PERFORM THE VALIDATION...

}

我曾经考虑过通过web.xml文件为/api/heroesApi/*的所有请求添加一个过滤器，但问题是如何捕获Google Appengine api用户

谷歌是否提供了这样的服务

任何避免重复调用

validateUser（User）

的建议都是受欢迎的

默认情况下，Google Cloud Endpoints不会超越角色，因此您的应用程序必须构建角色概念，您必须编写过滤器并获取当前用户，并对照您端维护的角色进行检查

要获取筛选器中的当前用户，请尝试以下操作

我还没有对此进行测试，但我确信只要您的系统使用google帐户作为身份验证，您就可以使用appengine中的UserService Api获取当前用户。

因此，您希望通过J2EE身份验证来确定谁通过google云进行了身份验证？@tim biegeleisen我想在类级别验证用户，不是方法级别。按照我提到的方式来做更像是一种变通方法，但如果可行的话，对我来说就足够了。