有没有办法将用户映射到 Gremlin 服务器中的各个图表?
Is there a way to map users to individual graphs in Gremlin server?
我正在 Gremlin 服务器中设置到 OrientDB 数据库的多个图形映射。但是,我找不到在 Groovy 中编写脚本的内容以及在配置 yaml 文件中配置的内容,以便能够将每个经过身份验证的用户映射到单个图形,而不是让所有用户都由身份验证器验证能够访问一切。有什么办法可以实现吗?
Gremlin 服务器不提供任何授权功能 - 仅身份验证。您将不得不自己构建一些东西来处理将用户限制到不同的图形(或其他约束)。这意味着构建两件事:
- 处理授权的自定义
ChannelInboundHandlerAdapter - 可能称为 AuthorizationHandler
- 自定义
Channelizer 实现,用于将自定义授权方连接到管道 - 可能称为 AuthorizingChannelizer
AuthorizationHandler 基本上只会覆盖 Netty 的 channelRead() 方法
@Override
public void channelRead(ChannelHandlerContext ctx, Object msg) throws Exception {
if (msg instanceof RequestMessage){
RequestMessage requestMessage = (RequestMessage) msg;
// examine contents of RequestMessage to see what is being requested
// e.g. the graph - the user information will be there too but
// depending on the authentication method you're using you might need
// to re-decode it at this time as it doesn't appear that the authenticated
// user is placed on the ChannelHandlerContext for some reason. i made
// a note to change that as it seems helpful and is a simple enough thing
// to do
}
}
对于 AuthorizingChannelizer,您基本上会扩展 WebSocketChannelizer 并覆盖 configure() 方法:
@Override
public void configure(ChannelPipeline pipeline) {
super.configure(pipeline);
// add an instance of your `AuthorizingChannelizer` to the end of the
// netty pipeline which will put it after the `AuthenticationHandler`
// but before all the Gremlin processing/execution
pipeline.addLast("authorizier", authorizingChannelizer);
}
然后,在您的 Gremlin 服务器配置中,您将 channelizer 设置替换为 AuthorizingChannelizer 的完全限定名称。假设您已将包含 class 的 jar 放在 Gremlin 服务器的路径中,它应该在启动时创建它的一个实例。
我会查看现有的“handler" and "channelizer”代码以获得更多关于如何实现这一点的灵感。
我正在 Gremlin 服务器中设置到 OrientDB 数据库的多个图形映射。但是,我找不到在 Groovy 中编写脚本的内容以及在配置 yaml 文件中配置的内容,以便能够将每个经过身份验证的用户映射到单个图形,而不是让所有用户都由身份验证器验证能够访问一切。有什么办法可以实现吗?
Gremlin 服务器不提供任何授权功能 - 仅身份验证。您将不得不自己构建一些东西来处理将用户限制到不同的图形(或其他约束)。这意味着构建两件事:
- 处理授权的自定义
ChannelInboundHandlerAdapter- 可能称为AuthorizationHandler - 自定义
Channelizer实现,用于将自定义授权方连接到管道 - 可能称为AuthorizingChannelizer
AuthorizationHandler 基本上只会覆盖 Netty 的 channelRead() 方法
@Override
public void channelRead(ChannelHandlerContext ctx, Object msg) throws Exception {
if (msg instanceof RequestMessage){
RequestMessage requestMessage = (RequestMessage) msg;
// examine contents of RequestMessage to see what is being requested
// e.g. the graph - the user information will be there too but
// depending on the authentication method you're using you might need
// to re-decode it at this time as it doesn't appear that the authenticated
// user is placed on the ChannelHandlerContext for some reason. i made
// a note to change that as it seems helpful and is a simple enough thing
// to do
}
}
对于 AuthorizingChannelizer,您基本上会扩展 WebSocketChannelizer 并覆盖 configure() 方法:
@Override
public void configure(ChannelPipeline pipeline) {
super.configure(pipeline);
// add an instance of your `AuthorizingChannelizer` to the end of the
// netty pipeline which will put it after the `AuthenticationHandler`
// but before all the Gremlin processing/execution
pipeline.addLast("authorizier", authorizingChannelizer);
}
然后,在您的 Gremlin 服务器配置中,您将 channelizer 设置替换为 AuthorizingChannelizer 的完全限定名称。假设您已将包含 class 的 jar 放在 Gremlin 服务器的路径中,它应该在启动时创建它的一个实例。
我会查看现有的“handler" and "channelizer”代码以获得更多关于如何实现这一点的灵感。