Integrating Deadbolt

最新推荐文章于 2021-11-24 17:59:42 发布
最新推荐文章于 2021-11-24 17:59:42 发布
阅读量393 收藏
点赞数
分类专栏: play2 deadbolt 文章标签: 权限控制

[未完成,三日内完成]
实现be.objectify.deadbolt.java.DeadboltHandler接口用于提供Deadbolt满足你的项目权限约束。这个接口有四个主要的方法:
getSubject 从缓存或者数据库中获取当前用户
beforeAuthCheck 运行一个可以阻塞将来执行的授权前(pre-authorization)任务
onAuthFailure 定义当授权失败后的行为
getDynamicResourceHandler 为动态约束类型提供一个钩子
如果你选择为roles关联permission,你应该实现getPermissionsForRole方法。这使得分配permission非常容易,在subject被分配一个角色,并且被 RoleBasedPermissions 约束的情况下。RoleBasedPermissions请求subject,至少拥有一项permission。这项permission至少符合getPermissionsForRole中获取到的一项权限。这个方法的默认实现返回一个包含空列表的completed future。

授权成功

如果你想要知道何时授权成功,那么实现onAuthSuccess(Http.Context context, String constraintType, ConstraintPoint constraintPoint)方法。每当约束允许一个操作进行时,该方法被执行。
context can be used to determine request-specific information
constraintType is the name of the constraint, e.g. Dynamic, SubjectPresent, etc
constraintPoint indicates where the constraint was applied. Constraints applied using annotations (ConstraintPoint.CONTROLLER) and the routes (ConstraintPoint.FILTER) only occur once per request, but it’s possible for multiple authorizations to occur when using template constraints (ConstraintPoint.TEMPLATE). Using constraintPoint to differentiate can improve the performance of your implementation.

Dynamic constraint support

You only need to implement be.objectify.deadbolt.java.DynamicResourceHandler if you’re planning to use Dynamic or Pattern.CUSTOM constraints. Dynamic constraints are tests implemented entirely by your code. This interface has two functions:

isAllowed is used by the Dynamic constraint
checkPermission is used by the Pattern constraint when the pattern type is CUSTOM

Exposing the handler(s)

In order to expose your handler (or handlers - you can have more than one) to Deadbolt, you will need to implement the be.objectify.deadbolt.java.cache.HandlerCache trait. This implementation needs to

Provide a default handler; you can always use a specific handler in a template or controller, but if nothing is specified a well-known instance will be used.
Provide a named instance
The simplest possible implementation of HandlerCache only supports one DeadboltHandler, in which case both get and apply always return the same instance.

A one-handler cache example
 @Singleton
public class MySimpleHandlerCache implements HandlerCache
{
    private final DeadboltHandler defaultHandler = new MyDeadboltHandler();

    @Override
    public DeadboltHandler apply(final String key)
    {
        return defaultHandler;
    }

    @Override
    public DeadboltHandler get()
    {
        return defaultHandler;
    }
}

If you need to support multiple handlers, you will need some internal mechanism for differentiating between them based on the key parameter of the apply method..

An example HandlerCache implementation
 @Singleton
public class MyHandlerCache implements HandlerCache
{
    private final DeadboltHandler defaultHandler = new MyDeadboltHandler();
    private final Map<String, DeadboltHandler> handlers = new HashMap<>();

    public MyHandlerCache()
    {
        handlers.put(HandlerKeys.DEFAULT.key, defaultHandler);
        handlers.put(HandlerKeys.ALT.key, new MyAlternativeDeadboltHandler());
    }

    @Override
    public DeadboltHandler apply(final String key)
    {
        return handlers.get(key);
    }

    @Override
    public DeadboltHandler get()
    {
        return defaultHandler;
    }
}

HandlerKeys, in the above example, is just a class declaring constants that standardize handler names; because you can define specific handlers on a per-constraint basis, it makes sense to define them in a well-known place.

Note the use of ConfigKeys.DEFAULT_HANDLER_KEY - this is the default handler key specified by all annotations. In previous versions of Deadbolt, annotation-driven constraints would use HandlerCache#apply(DEFAULT_HANDLER_KEY) to obtain the handler and so the default handler had to be associated with DEFAULT_HANDLER_KEY. As of Deadbolt 2.5.3, this has been improved and any annotation-driven constraint using the default handler key will instead use HandlerCache#get.

Handler names
 import be.objectify.deadbolt.java.ConfigKeys;

public class HandlerNames {

    public static final String DEFAULT = ConfigKeys.DEFAULT_HANDLER_KEY;
    public static final String ALT = "alt-handler";

    private HandlerNames() {}
}

Finally, expose your handlers to Deadbolt. To do this, you will need to create a small module that binds your handler cache by type…

Binding the HandlerCache implementation
 package com.example.modules

import be.objectify.deadbolt.java.cache.HandlerCache;
import play.api.Configuration;
import play.api.Environment;
import play.api.inject.Binding;
import play.api.inject.Module;
import scala.collection.Seq;
import security.MyHandlerCache;

import javax.inject.Singleton;

public class CustomDeadboltHook extends Module
{
    @Override
    public Seq<Binding<?>> bindings(final Environment environment,
                                    final Configuration configuration)
    {
        return seq(bind(HandlerCache.class).to(MyHandlerCache.class).in(Singleton.class));
    }
}

…and add it to your application.conf.

conf/application.conf
play {
    modules {
        enabled += be.objectify.deadbolt.scala.DeadboltModule
        enabled += com.example.modules.CustomDeadboltHook
    }
}

Injecting handlers into the HandlerCache

In the example handler cache above, the DeadboltHandler instance is created directly within the object. What happens if you want to inject it? Just use the existing dependency injection mechanism.

Binding the DeadboltHandler implementation
 public class CustomDeadboltHook extends Module
{
    @Override
    public Seq<Binding<?>> bindings(final Environment environment,
                                    final Configuration configuration)
    {
        return seq(bind(DeadboltHandler.class).to(MyDeadboltHandler.class).in(Singleton.class),
                   bind(HandlerCache.class).to(MyHandlerCache.class).in(Singleton.class));
    }
}

Your handler cache can now be injected with that instance.

Mapping the injected DeadboltHandler implementation
 @Singleton
public class MyHandlerCache implements HandlerCache
{
    private final DeadboltHandler defaultHandler;
    private final Map<String, DeadboltHandler> handlers = new HashMap<>();

    @Inject
    public MyHandlerCache(final DeadboltHandler handler)
    {
        this.defaultHandler = handler;
        handlers.put(HandlerKeys.DEFAULT.key, defaultHandler);
        handlers.put(HandlerKeys.ALT.key, new MyAlternativeDeadboltHandler());
    }

    // ...
}

But, what happens if you want to have multiple handlers defined and injected? The most flexible mechanism is to qualify the bindings through the use of custom annotations. For the following example, we will have two handler implementations; scaling up to more handlers just follows the same logical process.

This example uses Guice, which is the default DI framework of Play; if you’re using a different DI framework, you will need to check how it supports multiple bindings of an interface.

First, create one annotation per handler implementation. These annotations will be annotated with com.google.inject.BindingAnnotation.

Binding qualifiers
 import com.google.inject.BindingAnnotation;

import java.lang.annotation.ElementType;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;

public class HandlerQualifiers
{
    @Retention(RetentionPolicy.RUNTIME)
    @Target({ElementType.TYPE, ElementType.PARAMETER})
    @BindingAnnotation
    public @interface MainHandler
    {
    }

    @Retention(RetentionPolicy.RUNTIME)
    @Target({ElementType.TYPE, ElementType.PARAMETER})
    @BindingAnnotation
    public @interface SomeOtherHandler
    {
    }
}

You can now use these annotations on their respective handlers.

Qualify the DeadboltHandler implementation
 @HandlerQualifiers.MainHandler
public class MyDeadboltHandler extends AbstractDeadboltHandler

Create a constructor in your handler cache which accepts the handlers. The parameters use the same annotations to identify which instance will be passed as an argument for that parameter.

Qualify the injected handlers
 public class MyHandlerCache implements HandlerCache
{
    private final DeadboltHandler handler;

    private final Map<String, DeadboltHandler> handlers = new HashMap<>();

    @Inject
    public MyHandlerCache(@HandlerQualifiers.MainHandler final DeadboltHandler handler,
                          @HandlerQualifiers.SomeOtherHandler final DeadboltHandler otherHandler)
    {
        this.handler = handler;
        this.handlers.put(handler.handlerName(),
                          handler);
        this.handlers.put(otherHandler.handlerName(),
                          otherHandler);
    }

    @Override
    public DeadboltHandler apply(final String name)
    {
        return handlers.get(name);
    }

    @Override
    public DeadboltHandler get()
    {
        return handler;
    }
}

The final step is to update your bindings to use the qualifiers.

Qualify the bindings
 public class CustomDeadboltHook extends Module
{
    @Override
    public Seq<Binding<?>> bindings(final Environment environment,
                                    final Configuration configuration)
    {
        return seq(bind(DeadboltHandler.class).qualifiedWith(HandlerQualifiers.MainHandler.class).to(MyDeadboltHandler.class).in(Singleton.class),
                   bind(DeadboltHandler.class).qualifiedWith(HandlerQualifiers.SomeOtherHandler.class).to(SomeOtherDeadboltHandler.class).in(Singleton.class),
                   bind(HandlerCache.class).to(MyHandlerCache.class).in(Singleton.class));
    }
}
Edaire
关注
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
专栏目录
Integrating Factor
anArkitek的博客
07-27 1746
文章目录Integrating Factors Integrating Factors When we have an equation like (3xy+y2)+(x2+xy)y′=0 (3xy + y^2) + (x^2+xy)y&#x27; = 0 (3xy+y2)+(x2+xy)y′=0 in the form of f(x,y)+g(x,y)y′=0 f(x,y) + g(x,...
Deadbolt 2 Java
Edaire的专栏
07-26 899
源http://deadbolt-2-java.herokuapp.com/Configurationuser拥有下面两种角色: foo bar user有下面一项permissions: printers.editController authorisation保护你的Controller免于未授权使用是一个好的application安全系统的关键因素。 例如SubjectPresent
Integrating Context and Occlusion for Car Detection by Hierarchical And-Or Model
11-19
车辆检测
matlab数据输入代码-AOGDetector:使用And-OrGraphs进行对象检测的源代码
05-27
matlab数据输入代码AOGD检测器 文件执行 Xi Song, Tianfu Wu, Yunde Jia and Song-Chun Zhu, "Discriminatively Trained And-Or Tree Model for Object Detection", In CVPR2013. Bo Li, Wenze Hu, Tianfu Wu and Song-Chun Zhu, "Modeling Occlusion by Discriminative AND-OR Structures", In ICCV2013 Bo Li, Tianfu Wu and Song-Chun Zhu, "Integrating Context and Occlusion for Car Detection by Hierarchical And-Or Model", In ECCV2014 Tianfu Wu, Bo Li and Song-Chun Zhu, "Learning And-Or Models to Represent Context and Occlusion for
Integrating C++ with QML
一蓑烟雨任平生 也无风雨也无晴
05-11 3503
Qt quick中C++与QML的整合。出自: http://www.ics.com/blog/integrating-c-qml把大象装冰箱里总共分四步: 1. 定义一个类,继承自QObject。 2. 在定义的类中声明Q_OBJECT,这样可以支持signals 和slots和meta-object system。 3. 通过Q_PROPERTY定义一些属性。 4. 在main程序中调
【练习】Integrating Data
m0_59348479的博客
11-24 181
1. 2.Add to the Build Files
Integrating with Akka
u013571243的专栏
04-22 463
Integrating with Akka Akka uses the Actor Model to raise the abstraction level and provide a better platform to build correct concurrent and scalable applications. For fault-tolerance it adopts t
Integrating-Sphere
07-12
积分球该项目控制积分球的 RGB LED。 我们需要这个校准工具,并让我们的 3D 打印机和其他开源硬件发挥作用。 您可以在我们的上阅读更多关于我们如何使用它的信息。 检查出的三维模型和电路 。
Integrating Python with Leading Computer Forensics Platforms epub
10-03
Integrating Python with Leading Computer Forensics Platforms 英文epub 本资源转载自网络,如有侵权,请联系上传者或csdn删除 本资源转载自网络,如有侵权,请联系上传者或csdn删除
Integrating Data & Services
02-11
Integrating Data & Services
Integrating Learning and Planning
09-26
David Silver RL Lecture 8 Integrating Learning and Planning
Cisco Press - Integrating Voice and Data Networks
11-07
经典教材.网络管理、开发人员以及有兴趣使用Cisco语音和数据集成产品的CCIE人员的必备参考书。
机器学习基础(六) —— Car Detection With YOLO(V2)
alnlll的博客
05-06 1453
1、问题描述 应用需要解决的问题是在一段实际公路行驶视频中实时进行车辆检测并显示其位置及预测概率,这里使用的公路行驶录像如下(这段视频资料来自drive.ai): https://github.com/Alnlll/ML/blob/master/several_apps/002-CarDetection/videos/road_video.mp4 实现车辆检测需要给出“车辆种类”、“车辆在图...
java 用户管理框架_java – 用户管理Play!框架2.0.3
weixin_29133981的博客
02-16 115
还没有准备好,但我建议你使用play-authenticate(live demo)作为基础.这是目前用于认证和授权的Play 2最先进的解决方案.它结合了deadbolt-2的授权(角色和权限)自己的身份验证,这使得堆栈开始非常舒适.虽然它的基本思想是提供一种使用OAuth对用户进行身份验证的方法 – 但提供程序是可配置的选项,因此您可以禁用它并仅基于电子邮件提供程序.注意对你很重要…没有内置的...
车辆检测“Integrating Context and Occlusion for Car Detection by Hierarchical And-Or Model”
cv_family_z的博客
11-18 2429
sczhu课题组的文章: http://www.stat.ucla.edu/~boli/projects/context_occlusion/context_occlusion.html主要思路 And-Or模型结合上下文及遮挡信息用于车辆检测,And-Or模型在三个层次上描述car-to-car上下文及遮挡信息,(1)N个car之间的空间布局,(2)单个car不同的遮挡结构,(3)part。
Integrating chemistry on fluid zone
最新发布
05-29
"Integrating chemistry on fluid zone" 是指在流体区域上进行化学反应的模拟。在流体动力学模拟中,流体区域通常被划分为网格单元,每个网格单元都有一些基本的物理属性,例如密度、速度、温度、压力等。如果在流体...

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值