Spring boot 我们如何在JavaSpringBoot中动态使用策略执行器?
沙拉夫·乔拉西亚 5月7日星期五下午5:00(20小时前) 对我来说 与此类似,我可以通过在application.properties中提供路径、方法和资源来使用静态策略实施器。但在实时应用程序中,我们将有N个角色,我们将有N个API,这些API将在KeyClope中的资源、策略和权限中提供。在将来,如果我们希望在keydape中添加更多的角色,并且在必要的权限下添加新的资源。我们不会回到springboot来更改资源和角色的代码。所有的权限检查应该是动态的春季启动我们如何才能做到这一点,请帮助我 我目前使用的静态方法对于一些角色来说效果很好。我们正在向KeyClope中添加更多角色 下面是静态代码Spring boot 我们如何在JavaSpringBoot中动态使用策略执行器?,spring-boot,keycloak,keycloak-services,keycloak-rest-api,keycloak-connect,Spring Boot,Keycloak,Keycloak Services,Keycloak Rest Api,Keycloak Connect,沙拉夫·乔拉西亚 5月7日星期五下午5:00(20小时前) 对我来说 与此类似,我可以通过在application.properties中提供路径、方法和资源来使用静态策略实施器。但在实时应用程序中,我们将有N个角色,我们将有N个API,这些API将在KeyClope中的资源、策略和权限中提供。在将来,如果我们希望在keydape中添加更多的角色,并且在必要的权限下添加新的资源。我们不会回到springboot来更改资源和角色的代码。所有的权限检查应该是动态的春季启动我们如何才能做到这一点,请帮
应用程序.属性
server.port = 8090
keydape.realm=大学
keydape.auth-server-url=http://localhost:8080/auth
keydove.ssl必需=外部
keydape.resource=课程管理
Keyclope.bearer only=真
keydropage.credentials.secret=a5df9621-73c9-4e0e-9d7a-97e9c692a930
KeyClope.securityConstraints[0].authRoles[0]=教师
KeyClope.securityConstraints[0].authRoles[1]=ta
KeyClope.securityConstraints[0].authRoles[2]=学生
KeyClope.securityConstraints[0].authRoles[3]=父级
KeyClope.securityConstraints[0]。securityCollections[0]。名称=课程管理
KeyClope.securityConstraints[0]。securityCollections[0]。模式[0]=/courses/get/*
#keydove.policy enforcer config.lazy load path=true
keydove.policy enforcer config.path[0]。path=/courses/get/*
KeyClope.policy enforcer配置文件路径[0]。方法[0]。方法=获取
KeyClope.policy enforcer配置。路径[0]。方法[0]。作用域[0]=视图
KeyClope.policy enforcer配置文件路径[0]。方法[1]。方法=删除
KeyClope.policy enforcer配置。路径[0]。方法[1]。作用域[0]=删除
配置类
package com.lantana.school.course.coursemanagment.security;
package com.lantana.school.course.coursemanagment.services;
import java.nio.charset.StandardCharsets;
package com.lantana.school.course.coursemanagment.services;
package com.lantana.school.course.coursemanagment.services;
`导入java.util.List
导入org.keydape.AuthorizationContext
导入org.keydeport.keydeposecuritycontext
导入org.keydeport.representations.idm.authorization.Permission
公共阶级身份{
private final KeycloakSecurityContext securityContext;
public Identity(KeycloakSecurityContext securityContext) {
this.securityContext = securityContext;
}
/**
* An example on how you can use the {@link org.keycloak.AuthorizationContext} to check for permissions granted by Keycloak for a particular user.
*
* @param name the name of the resource
* @return true if user has was granted with a permission for the given resource. Otherwise, false.
*/
public boolean hasResourcePermission(String name) {
System.out.println("Permission: "+getAuthorizationContext().hasResourcePermission(name));
return getAuthorizationContext().hasResourcePermission(name);
}
/**
* An example on how you can use {@link KeycloakSecurityContext} to obtain information about user's identity.
*
* @return the user name
*/
public String getName() {
System.out.println("UserName: "+securityContext.getIdToken().getPreferredUsername());
return securityContext.getIdToken().getPreferredUsername();
}
/**
* An example on how you can use the {@link org.keycloak.AuthorizationContext} to obtain all permissions granted for a particular user.
*
* @return
*/
public List<Permission> getPermissions() {
System.out.println("Permission 2: "+getAuthorizationContext().getPermissions());
return getAuthorizationContext().getPermissions();
}
/**
* Returns a {@link AuthorizationContext} instance holding all permissions granted for an user. The instance is build based on
* the permissions returned by Keycloak. For this particular application, we use the Entitlement API to obtain permissions for every single
* resource on the server.
*
* @return
*/
private AuthorizationContext getAuthorizationContext() {
System.out.println("getAuthorizationContext: "+ securityContext.getAuthorizationContext());
return securityContext.getAuthorizationContext();
}
导入java.math.biginger
导入java.net.URI
导入java.util.ArrayList
导入java.util.List
导入javax.servlet.http.HttpServletRequest
导入org.keydeport.keydeposecuritycontext
导入org.springframework.beans.factory.annotation.Autowired
导入org.springframework.hateoas.EntityModel
//导入org.springframework.hateoas.Link
//导入org.springframework.hateoas.server.mvc.WebMvcLinkBuilder
//导入org.springframework.http.HttpHeaders
导入org.springframework.http.MediaType
导入org.springframework.http.ResponseEntity
导入org.springframework.ui.Model
导入org.springframework.web.bind.annotation.DeleteMapping
导入org.springframework.web.bind.annotation.GetMapping
导入org.springframework.web.bind.annotation.PathVariable
导入org.springframework.web.bind.annotation.PostMapping
导入org.springframework.web.bind.annotation.RequestBody
导入org.springframework.web.bind.annotation.RequestHeader
导入org.springframework.web.bind.annotation.RestController
导入org.springframework.web.servlet.support.ServletUriComponentsBuilder
导入com.fasterxml.jackson.core.JsonProcessingException
导入com.lantana.school.course.coursemanagment.security.Identity
@RestController
公共类课程控制器{
@Autowired
private HttpServletRequest request;
@Autowired
private CourseService couseService;
@Autowired
private hateo hatoeslink;
List<String> rol=new ArrayList<String>();
导入java.util.ArrayList
//导入java.util.Iterator
导入java.util.LinkedHashMap
导入java.util.List
导入java.util.Map
导入org.apache.commons.codec.binary.Base64
导入org.json.JSONArray
导入org.json.JSONObject
导入org.springframework.stereotype.Component
@组成部分
公共课程服务{
public static final Map<Long, Course> courseMap = new LinkedHashMap<Long, Course>();
static {
Course cs2001 = new Course("CS2001", "Mathematical Foundations of Computing", "introduction", "term1");
Course cs2002 = new Course("CS2002", "Computer Organization and Systems", "introduction", "term1");
Course cs2003 = new Course("CS2003", "Data Management and Data Systems", "introduction", "term2");
Course cs2004 = new Course("CS2004", "Introduction to Computer Graphics and Imaging", "introduction", "term3");
Course cs2005 = new Course("CS2005", "Design and Analysis of Algorithms", "introduction", "term4");
Course cs2006 = new Course("CS2006", "Analysis of Networks", "introduction", "term4");
courseMap.put(cs2001.getId(), cs2001);
courseMap.put(cs2002.getId(), cs2002);
courseMap.put(cs2003.getId(), cs2003);
courseMap.put(cs2004.getId(), cs2004);
courseMap.put(cs2005.getId(), cs2005);
courseMap.put(cs2006.getId(), cs2006);
}
public Course getCourse(Long id) {
return courseMap.get(id);
}
public Course addCourse(Course course) {
courseMap.put(course.getId(), course);
return course;
}
public void deleteById(long id) {
courseMap.remove(id);
}
return role;
}
模型类
package com.lantana.school.course.coursemanagment.security;
package com.lantana.school.course.coursemanagment.services;
import java.nio.charset.StandardCharsets;
package com.lantana.school.course.coursemanagment.services;
package com.lantana.school.course.coursemanagment.services;
导入org.springframework.hateoas.RepresentationModel
公共课课程扩展了表征模型{
private static long nextID = 1000;
public Course(String code, String name, String modules, String enrollmentTerm) {
super();
this.id = nextID++;
this.code = code;
this.name = name;
this.modules = modules;
this.enrollmentTerm = enrollmentTerm;
}
Long id;
String code;
String name;
String modules;
String enrollmentTerm;
public String getCode() {
return code;
}
public void setCode(String code) {
this.code = code;
}
public String getName() {
return name;
}
public void setName(String name) {
this.name = name;
}
public String getModules() {
return modules;
}
public void setModules(String modules) {
this.modules = modules;
}
public String getEnrollmentTerm() {
return enrollmentTerm;
}
public void setEnrollmentTerm(String enrollmentTerm) {
this.enrollmentTerm = enrollmentTerm;
}
public Long getId() {
return id;
}
public void setId(Long id) {
this.id = id;
}
}
return role;
}
hateos自定义类
package com.lantana.school.course.coursemanagment.security;
package com.lantana.school.course.coursemanagment.services;
import java.nio.charset.StandardCharsets;
package com.lantana.school.course.coursemanagment.services;
package com.lantana.school.course.coursemanagment.services;
导入java.util.List
导入org.springframework.beans.factory.annotation.Autowired
导入org.springframework.hateoas.EntityModel
导入org.springframework.hateoas.server.mvc.WebMvcLinkBuilder
导入org.springframework.stereotype.Component
导入org.springframework.ui.Model
导入com.fasterxml.jackson.core.JsonProcessingException
@组成部分
公务舱{
@Autowired
private CourseService couseService;
public EntityModel<Course> hateoLink(List<String> role,long id,Model model,String token)
{ Course course = couseService.getCourse(id);
course.removeLinks();
role.stream().forEach(action ->{
if(action.equalsIgnoreCase("teacher"))
{
}如果您使用的是Key斗篷的授权服务(如果您使用的是PEP),则不必在spring boot Key斗篷配置中定义角色。请注意,这些角色不是策略实施者配置的一部分。如果您只是删除
Key斗篷.securityConstraints[0].authRoles
,并在KeyClope服务器上检查您的策略中的角色,您应该很好
return role;
}
至于资源路径,我看到您已经注释掉了keydeport.policy enforcer config.lazy load path
。将其与http方法作为scope
,您不必提供任何有关资源的额外配置,因为keydeport适配器将自动从注释(如@PostMapping(“/courses”)
(您必须以HTTP方法命名KeyClope中的作用域才能工作)。在这种情况下,您实际上使用的是默认的PEP配置,不必指定任何内容,只需为应用程序启用策略强制