2

我写了一个小的 grails webapp。我正在使用 milton.io 通过 webdav 访问一些内容。所以 webdav 仍在工作,我可以放置、获取、删除文件 - 等等。但现在我想添加身份验证和授权。这就是问题所在:

资源接口给了我两种方法:

Object authenticate(String user, String password);
boolean authorise(Request request, Request.Method method, Auth auth);

所以我的资源类实现了资源接口,但是框架从不调用方法验证。我必须自己实现 Auth Basic 吗?

我对弥尔顿的了解很差。可能是我忘记了什么,因为我的 webdav 客户端(例如,尸体)从不要求输入用户名/密码。

感谢您的帮助彼得韦弗

我的资源类的签名:

class SResource implements GetableResource, PropFindableResource, Resource, DeletableResource, MoveableResource,  ReportableResource, CopyableResource 

class SFileResource extends SResource implements ReplaceableResource

class SFolderResource extends SResource implements PutableResource, MakeCollectionableResource, CollectionResource

这是获取 HttpManager 的构建器

class SMiltonConfig implements MiltonConfigurator {


protected HttpManagerBuilder builder;
protected List<Initable> initables;
protected HttpManager httpManager;

public SMiltonConfig(){
    try {
        // Attempt to use Enterprise edition build if available
        Class builderClass = Class.forName("io.milton.ent.config.HttpManagerBuilderEnt");
        builder = (HttpManagerBuilder) builderClass.newInstance();
        println ("load Ent. HTTP Manager")
    } catch (InstantiationException ex) {
        builder = new HttpManagerBuilder();
        println ("load Std. HTTP Manager")
    } catch (IllegalAccessException ex) {
        println ("load Std. HTTP Manager")
        builder = new HttpManagerBuilder();
    } catch (ClassNotFoundException ex) {
        println ("load Std. HTTP Manager")
        builder = new HttpManagerBuilder();
    }
}

@Override
public HttpManager configure(Config arg0) throws ServletException {
    ResourceFactory rf = new SResourceFactory();
    builder.setMainResourceFactory(rf);
    checkAddInitable(initables, builder.getMainResourceFactory());
    httpManager = builder.buildHttpManager();
    for( Initable i : initables ) {
        i.init(config, httpManager);
    }
    return httpManager;
}

@Override
public void shutdown() {
    httpManager.shutdown()
    for( Initable i : initables ) {
        i.destroy(httpManager);
    }        
}

private void checkAddInitable(List<Initable> initables, Object o) {
    if( o instanceof Initable) {
        initables.add((Initable)o);
    } else if( o instanceof List ) {
        for( Object o2 : (List)o) {
            checkAddInitable(initables, o2);
        }
    }
}
}

这里是 ResourceFactory

class SResourceFactory implements ResourceFactory {

def fileSystemService

public SResourceFactory(){
    println "loading resource Factory"
    def ctx = ServletContextHolder.servletContext.getAttribute(GrailsApplicationAttributes.APPLICATION_CONTEXT)
    fileSystemService = ctx.fileSystemService
}

@Override
public Resource getResource(String host, String strPath)
throws NotAuthorizedException, BadRequestException {
    SResource sfr
    sfr = fileSystemService.getFolderByPath(strPath)
    return sfr
}
}
4

1 回答 1

1

如果您需要基本身份验证 - 您必须启用它。因此,将以下行添加到 SMiltonConfig 类的 config 方法中。

builder.setEnableOptionsAuth(true); // enables auth
builder.setEnableBasicAuth(true);   // optional

这是资源授权方法的示例

    @Override
    public boolean authorise(Request r, Method m, Auth a) {
       return a != null;
    }

希望能帮助到你

弗洛里安·普凡

于 2012-10-19T10:49:55.573 回答