Spring boot 我们如何在JavaSpringBoot中动态使用策略执行器？

沙拉夫·乔拉西亚 5月7日星期五下午5:00（20小时前） 对我来说

与此类似，我可以通过在application.properties中提供路径、方法和资源来使用静态策略实施器。但在实时应用程序中，我们将有N个角色，我们将有N个API，这些API将在KeyClope中的资源、策略和权限中提供。在将来，如果我们希望在keydape中添加更多的角色，并且在必要的权限下添加新的资源。我们不会回到springboot来更改资源和角色的代码。所有的权限检查应该是动态的春季启动我们如何才能做到这一点，请帮助我

我目前使用的静态方法对于一些角色来说效果很好。我们正在向KeyClope中添加更多角色

下面是静态代码

应用程序.属性

server.port = 8090

keydape.realm=大学

keydape.auth-server-url=http://localhost:8080/auth

keydove.ssl必需=外部

keydape.resource=课程管理

Keyclope.bearer only=真

keydropage.credentials.secret=a5df9621-73c9-4e0e-9d7a-97e9c692a930

KeyClope.securityConstraints[0].authRoles[0]=教师

KeyClope.securityConstraints[0].authRoles[1]=ta

KeyClope.securityConstraints[0].authRoles[2]=学生

KeyClope.securityConstraints[0].authRoles[3]=父级

KeyClope.securityConstraints[0]。securityCollections[0]。名称=课程管理

KeyClope.securityConstraints[0]。securityCollections[0]。模式[0]=/courses/get/*

#keydove.policy enforcer config.lazy load path=true

keydove.policy enforcer config.path[0]。path=/courses/get/*

KeyClope.policy enforcer配置文件路径[0]。方法[0]。方法=获取

KeyClope.policy enforcer配置。路径[0]。方法[0]。作用域[0]=视图

KeyClope.policy enforcer配置文件路径[0]。方法[1]。方法=删除

KeyClope.policy enforcer配置。路径[0]。方法[1]。作用域[0]=删除

配置类

package com.lantana.school.course.coursemanagment.security; 

package com.lantana.school.course.coursemanagment.services;

import java.nio.charset.StandardCharsets;

package com.lantana.school.course.coursemanagment.services;

package com.lantana.school.course.coursemanagment.services;

`导入java.util.List

导入org.keydape.AuthorizationContext

导入org.keydeport.keydeposecuritycontext

导入org.keydeport.representations.idm.authorization.Permission

公共阶级身份{

private final KeycloakSecurityContext securityContext;



public Identity(KeycloakSecurityContext securityContext) {

  

                            this.securityContext = securityContext;

}



/**

 * An example on how you can use the {@link org.keycloak.AuthorizationContext} to check for permissions granted by Keycloak for a particular user.

 *

 * @param name the name of the resource

 * @return true if user has was granted with a permission for the given resource. Otherwise, false.

 */

public boolean hasResourcePermission(String name) {

            System.out.println("Permission: "+getAuthorizationContext().hasResourcePermission(name));

    return getAuthorizationContext().hasResourcePermission(name);

}



/**

 * An example on how you can use {@link KeycloakSecurityContext} to obtain information about user's identity.

 *

 * @return the user name

 */

public String getName() {

            System.out.println("UserName: "+securityContext.getIdToken().getPreferredUsername());

    return securityContext.getIdToken().getPreferredUsername();

}



/**

 * An example on how you can use the {@link org.keycloak.AuthorizationContext} to obtain all permissions granted for a particular user.

 *

 * @return

 */

public List<Permission> getPermissions() {

            System.out.println("Permission 2: "+getAuthorizationContext().getPermissions());

    return getAuthorizationContext().getPermissions();

}



/**

 * Returns a {@link AuthorizationContext} instance holding all permissions granted for an user. The instance is build based on

 * the permissions returned by Keycloak. For this particular application, we use the Entitlement API to obtain permissions for every single

 * resource on the server.

 *

 * @return

 */

private AuthorizationContext getAuthorizationContext() {

            System.out.println("getAuthorizationContext: "+ securityContext.getAuthorizationContext());



    return securityContext.getAuthorizationContext();

}

导入java.math.biginger

导入java.net.URI

导入java.util.ArrayList

导入java.util.List

导入javax.servlet.http.HttpServletRequest

导入org.keydeport.keydeposecuritycontext

导入org.springframework.beans.factory.annotation.Autowired

导入org.springframework.hateoas.EntityModel

//导入org.springframework.hateoas.Link

//导入org.springframework.hateoas.server.mvc.WebMvcLinkBuilder

//导入org.springframework.http.HttpHeaders

导入org.springframework.http.MediaType

导入org.springframework.http.ResponseEntity

导入org.springframework.ui.Model

导入org.springframework.web.bind.annotation.DeleteMapping

导入org.springframework.web.bind.annotation.GetMapping

导入org.springframework.web.bind.annotation.PathVariable

导入org.springframework.web.bind.annotation.PostMapping

导入org.springframework.web.bind.annotation.RequestBody

导入org.springframework.web.bind.annotation.RequestHeader

导入org.springframework.web.bind.annotation.RestController

导入org.springframework.web.servlet.support.ServletUriComponentsBuilder

导入com.fasterxml.jackson.core.JsonProcessingException

导入com.lantana.school.course.coursemanagment.security.Identity

@RestController

公共类课程控制器{

   @Autowired

   private HttpServletRequest request;



   @Autowired

   private CourseService couseService;

  

   @Autowired

   private hateo hatoeslink;

  

   List<String> rol=new ArrayList<String>();

导入java.util.ArrayList

//导入java.util.Iterator

导入java.util.LinkedHashMap

导入java.util.List

导入java.util.Map

导入org.apache.commons.codec.binary.Base64

导入org.json.JSONArray

导入org.json.JSONObject

导入org.springframework.stereotype.Component

@组成部分

公共课程服务{

   public static final Map<Long, Course> courseMap = new LinkedHashMap<Long, Course>();



   static {

          Course cs2001 = new Course("CS2001", "Mathematical Foundations of Computing", "introduction", "term1");

          Course cs2002 = new Course("CS2002", "Computer Organization and Systems", "introduction", "term1");

          Course cs2003 = new Course("CS2003", "Data Management and Data Systems", "introduction", "term2");

          Course cs2004 = new Course("CS2004", "Introduction to Computer Graphics and Imaging", "introduction", "term3");

          Course cs2005 = new Course("CS2005", "Design and Analysis of Algorithms", "introduction", "term4");

          Course cs2006 = new Course("CS2006", "Analysis of Networks", "introduction", "term4");

          courseMap.put(cs2001.getId(), cs2001);

          courseMap.put(cs2002.getId(), cs2002);

          courseMap.put(cs2003.getId(), cs2003);

          courseMap.put(cs2004.getId(), cs2004);

          courseMap.put(cs2005.getId(), cs2005);

          courseMap.put(cs2006.getId(), cs2006);

   }



   public Course getCourse(Long id) {

          return courseMap.get(id);

   }



   public Course addCourse(Course course) {

          courseMap.put(course.getId(), course);

          return course;

   }



   public void deleteById(long id) {

          courseMap.remove(id);

}

       return role;   

   }

  

  

模型类

package com.lantana.school.course.coursemanagment.security; 

package com.lantana.school.course.coursemanagment.services;

import java.nio.charset.StandardCharsets;

package com.lantana.school.course.coursemanagment.services;

package com.lantana.school.course.coursemanagment.services;

导入org.springframework.hateoas.RepresentationModel

公共课课程扩展了表征模型{

   private static long nextID = 1000;





   public Course(String code, String name, String modules, String enrollmentTerm) {

          super();

          this.id = nextID++;

          this.code = code;

          this.name = name;

          this.modules = modules;

          this.enrollmentTerm = enrollmentTerm;

   }



   Long id;

   String code;

   String name;

   String modules;

   String enrollmentTerm;



   public String getCode() {

          return code;

   }



   public void setCode(String code) {

          this.code = code;

   }



   public String getName() {

          return name;

   }



   public void setName(String name) {

          this.name = name;

   }



   public String getModules() {

          return modules;

   }



   public void setModules(String modules) {

          this.modules = modules;

   }



   public String getEnrollmentTerm() {

          return enrollmentTerm;

   }



   public void setEnrollmentTerm(String enrollmentTerm) {

          this.enrollmentTerm = enrollmentTerm;

   }



   public Long getId() {

          return id;

   }



   public void setId(Long id) {

          this.id = id;

   }

}

       return role;   

   }

  

  

hateos自定义类

package com.lantana.school.course.coursemanagment.security; 

package com.lantana.school.course.coursemanagment.services;

import java.nio.charset.StandardCharsets;

package com.lantana.school.course.coursemanagment.services;

package com.lantana.school.course.coursemanagment.services;

导入java.util.List

导入org.springframework.beans.factory.annotation.Autowired

导入org.springframework.hateoas.EntityModel

导入org.springframework.hateoas.server.mvc.WebMvcLinkBuilder

导入org.springframework.stereotype.Component

导入org.springframework.ui.Model

导入com.fasterxml.jackson.core.JsonProcessingException

@组成部分

公务舱{

   @Autowired

   private CourseService couseService;

  

   public EntityModel<Course> hateoLink(List<String> role,long id,Model model,String token)

   { Course course = couseService.getCourse(id);

          course.removeLinks();

          role.stream().forEach(action ->{

                 if(action.equalsIgnoreCase("teacher"))

                 {     

---

}

如果您使用的是Key斗篷的授权服务（如果您使用的是PEP），则不必在spring boot Key斗篷配置中定义角色。请注意，这些角色不是策略实施者配置的一部分。如果您只是删除

Key斗篷.securityConstraints[0].authRoles

，并在KeyClope服务器上检查您的策略中的角色，您应该很好

       return role;   

   }

  

  

至于资源路径，我看到您已经注释掉了

keydeport.policy enforcer config.lazy load path

。将其与

http方法作为scope

，您不必提供任何有关资源的额外配置，因为keydeport适配器将自动从注释（如

@PostMapping（“/courses”）

（您必须以HTTP方法命名KeyClope中的作用域才能工作）。在这种情况下，您实际上使用的是默认的PEP配置，不必指定任何内容，只需为应用程序启用策略强制