0

我有以下自定义安全规则

@Singleton
public class AdminHandler implements SecurityRule {
    @Override
    public SecurityRuleResult check(HttpRequest<?> request, @Nullable RouteMatch<?> routeMatch, @Nullable Map<String, Object> claims) {
        if (routeMatch instanceof MethodBasedRouteMatch) {
            MethodBasedRouteMatch methodBasedRouteMatch = (MethodBasedRouteMatch) routeMatch;
            if (methodBasedRouteMatch.hasAnnotation(IAdminRequirement.class)) {
                AnnotationValue<IAdminRequirement> requiredPermissionAnnotation = methodBasedRouteMatch.getAnnotation(IAdminRequirement.class);
                // Get parameters from annotation on method
                Optional<String> resourceIdName = requiredPermissionAnnotation.stringValue("resourceIdName");
                Optional<String> permission = requiredPermissionAnnotation.stringValue("permission");
                if (permission.isPresent() && resourceIdName.isPresent() && claims != null) {
                    // Use name of parameter to get the value passed in as an argument to the method
                    String resourceId = methodBasedRouteMatch.getVariableValues().get(resourceIdName.get()).toString();
                    // Get claim from jwt using the resource ID
                    Object permissionForResource = ((Map) claims.get("https://your-domain.com/claims")).get(resourceId);
                    if (permissionForResource != null && permissionForResource.equals(permission.get())) {
                        // if the permission exists and it's equal, allow access
                        return SecurityRuleResult.ALLOWED;
                    }
                }
            }
        }
        return SecurityRuleResult.UNKNOWN;
    }
}

在 HttpRequest<?> 请求标头中,我找不到检查用户是否经过身份验证的方法,声明是否存在?

如何检查用户是否经过身份验证?

@Post
    @IAdminRequirement(resourceIdName = "IdentityServer", permission = "read")
    Maybe<HttpResponse<?>> post(@Body ProductViewModel model);
4

1 回答 1

1

如果声明不为空,则请求已通过身份验证

于 2021-01-01T17:59:30.580 回答