开发自定义鉴权插件
devspore提供鉴权插件接口,您只需实现对应鉴权接口即可。
自定义鉴权插件
- 继承抽象类Processor,实现doProcess接口,可定义多个插件。
- 插件均需注册为bean。
import com.huawei.devspore.plugin.spi.authorization.AuthObject; import com.huawei.devspore.plugin.spi.authorization.AuthSubject; import com.huawei.devspore.plugin.spi.authorization.Authorizer; import org.springframework.stereotype.Component; /** * custom Authorizer */ @Component public class CustomAuthorizer implements Authorizer { /** * 执行鉴权 * * @param subject 鉴权主体 * @param resource 鉴权客体,被鉴权对象 * @param operation 被鉴权的动作,传入方法自动注解的operation,为MetaBo对象上的对应的Operation: * CREATE,DELETE,UPDATE,VIEW...或者用户自定义扩展API中的action * @param properties 鉴权动作的其它context * @return 鉴权通过返回true,否则返回false */ @Override public boolean authorize(@NonNull final AuthSubject subject, @NonNull final AuthObject resource, @NonNull final String operation, @Nullable final Map<String, String> properties) { // do your authorizer code ........ return true; } }
AuthSubject对象
AuthSubject对象即鉴权主体。
参数名称 |
数据类型 |
描述 |
---|---|---|
tenantId |
String |
根据用户所在的租户传值:
|
uid |
String |
鉴权主体的user id,不允许为空。 |
AuthObject对象
AuthObject对象即鉴权客体,被鉴权对象。
参数名称 |
数据类型 |
描述 |
---|---|---|
projectId |
String |
被鉴权资源所在的项目id,对于不属于项目的资源,允许为空。
|
resource |
String |
被鉴权资源,不允许为空。 根据MetaBOAuthorizeType不同的值,传入对应值。
|
horizon插件与鉴权插件配合使用
- Entry插件中调用鉴权插件。
import com.huawei.devspore.horizon.DataEvent; import com.huawei.devspore.horizon.Operation; import com.huawei.devspore.horizon.exception.PluginException; import com.huawei.devspore.horizon.factory.Plugins; import com.huawei.devspore.horizon.processor.Processor; import com.huawei.devspore.metadata.v1.model.MetaBO; import com.huawei.devspore.plugin.spi.authorization.AuthObject; import com.huawei.devspore.plugin.spi.authorization.AuthSubject; import com.huawei.devspore.plugin.spi.authorization.Authorizer; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.lang.NonNull; import org.springframework.lang.Nullable; import org.springframework.stereotype.Component; import java.util.Map; @Component public class CustomProcessor extends Processor { // 此处使用注入自定义鉴权插件bean @Autowired @Qualifier("customAuthorizer ") private Authorizer customAuthorizer ; @Override public boolean doProcess(@NonNull final DataEvent dataEvent) throws PluginException { if (authorizer == null) { throw new PluginException("No Authorizer SPI implementation defined"); } MetaBO metaBO = Plugins.getMetaBO(dataEvent); AuthObject resource = new AuthObject(); resource.setResource(metaBO.getName()); return authorize(getAuthSubject(), resource, getOperation(dataEvent), null); } private AuthSubject getAuthSubject() { AuthSubject authSubject = new AuthSubject(); authSubject.setTenantId("租户ID"); authSubject.setUid("用户ID"); return authSubject; } /** * @return operation for authorization, audit and other purposes */ public String getOperation(DataEvent dataEvent) { if (dataEvent.getOperation() == Operation.CUSTOM) { return dataEvent.getCustomMethod(); } else { return dataEvent.getOperation().toString(); } } }
- 设置自定义鉴权插件。
import com.huawei.devspore.plugin.spi.authorization.AuthObject; import com.huawei.devspore.plugin.spi.authorization.AuthSubject; import com.huawei.devspore.plugin.spi.authorization.Authorizer; import org.springframework.stereotype.Component; /** * custom Authorizer */ @Component public class CustomAuthorizer implements Authorizer { /** * 执行鉴权 * * @param subject 鉴权主体 * @param resource 鉴权客体,被鉴权对象 * @param operation 被鉴权的动作,传入方法自动注解的operation,为MetaBo对象上的对应的Operation: * CREATE,DELETE,UPDATE,VIEW...或者用户自定义扩展API中的action * @param properties 鉴权动作的其它context * @return 鉴权通过返回true,否则返回false */ @Override public boolean authorize(@NonNull final AuthSubject subject, @NonNull final AuthObject resource, @NonNull final String operation, @Nullable final Map<String, String> properties) { // do your authorizer code ........ return true; } }
- 配置文件。
devspore: horizon: processors: customProcessor