Mar*_*ira 7 java authentication oauth rbac dropwizard
我们正在为下一个项目寻找Dropwizard,我们需要实现的一个基于角色的访问控制机制.
有没有一种标准的简单方法可以使用Dropwizard或我可以遵循的示例?
你看过dropwizard-auth了吗?它可以很容易地插入你想要的任何身份验证方法(Shiro,Spring等).它还支持OAuth2,如果你想走得那么远......
您可以像这样实现Shiro身份验证器:
public class BasicAuthenticator implements Authenticator<BasicCredentials, Subject> {
@Override
public Optional<Subject> authenticate(BasicCredentials credentials) throws AuthenticationException {
Subject subject = SecurityUtils.getSubject();
try {
subject.login(new UsernamePasswordToken(credentials.getUsername(), credentials.getPassword(), false));
return Optional.of(subject);
} catch (UnknownAccountException | IncorrectCredentialsException | LockedAccountException e) {
} catch (AuthenticationException ae) {
}
return Optional.absent();
}
}
你可以在这样的环境中注册Shiro(从你的run方法调用):
void configureAuthentication(Environment environment) {
JdbcRealm realm = getJdbcRealm(); // However your Shiro realm is configured
DefaultSecurityManager securityManager = new DefaultSecurityManager(realm);
SecurityUtils.setSecurityManager(securityManager);
environment.jersey().register(new BasicAuthProvider<Subject>(new BasicAuthenticator(), "Shiro"));
}
然后检查这样的角色:
@GET
public SecretPlan getSecretPlan(@Auth Subject subject) {
if (user.hasRole("secretPlanner")) {
return new SecretPlan();
} else {
return new NonSecretPlan();
}
}
| 归档时间: |
|
| 查看次数: |
2695 次 |
| 最近记录: |