我正在尝试使用 ReSTLet 实现 RESTful API,但除了基本的角色和方法授权器之外,几乎没有发现任何其他内容。我已将用户可以访问的路线和这些路线的方法存储在数据库中。我现在遇到的问题是如何获取Authorizer中的路径。这是我需要收集的资源吗?我到底应该如何路由到授权者?我已经发布了到目前为止我所拥有的内容,正在寻找如何在我的授权者中获取路径或资源。任何信息都值得赞赏,我浏览了书籍和许多通用示例,但没有找到我正在寻找的安静内容。
我的路由应用程序:
public class MyRoutingApp extends org.restlet.Application {
@Override
public synchronized Restlet createInboundRoot() {
Context context = getContext();
Router router = new Router(context);
router.attach("/user", Users.class);
router.attach("/post", Posts.class);
router.attach("/comment", Comments.class);
ChallengeAuthenticator authenticator = new ChallengeAuthenticator(
context, ChallengeScheme.HTTP_BASIC, "My test realm" );
//create Verifier to ensure that the user is authenicated
MyVerifier verifier = new MySecretVerifier();
//grab user Roles and add them to the request
MyEnroler enroler = new MyEnroler();
authenticator.setVerifier( verifier );
authenticator.setEnroler( enroler );
//Looks up if user can be allowed to resource
MyAuthorizer authorizer = new MyAuthorizer();
authorizer.setNext( router );
authenticator.setNext( authorizer );
return authenticator;
}
}
我的授权人:
public class MyAuthorizer extends Authorizer {
@Override
protected boolean authorize( Request request, Response response ) {
//has the security roles and user from verifier and enroler
ClientInfo info = request.getClientInfo();
//get http method
Method method = request.getMethod();
//need to get the route or resource user is attempting to access
//allow or disallow access based on roles and method
}
}
最佳答案
目标资源 URI 可通过 Request#getResouceRef().getRemainingPart() 获得。
关于java - 创建 ReSTLet Authorizer 以进行细粒度授权,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/16499192/