IsUserInRole业务逻辑的码头限制

Question

我需要检查用户是否为admin。

我正在使用Basic-Auth并广泛使用org.eclipse.jetty.websocket;我需要检查我的websocket处理程序中的约束。

我使用jetty.websocket不javax.websocket

//THIS THROWS AN EXCEPTION - AN HTTP UPGRADE REQUEST WON'T ALLOW FOR isUserInRole(String role); 
import org.eclipse.jetty.websocket.*; 
... 
ServletUpgradeRequest upgradeRequest = (ServletUpgradeRequest) session.getUpgradeRequest(); 
upgradeRequest.isUserInRole("admin-role"); 

//DON'T KNOW HOW TO USE THIS 
import org.eclipse.jetty.util.security.*; 
... 
security.getIdentityService().getSystemUserIdentity().isUserInRole(String string, Scope scope); 

Answer 1

如果有更好的方法请说。这并不漂亮。

//in my MyWebsocketServer.java 
... 
if (ServerMain.hasRole(sess.getUpgradeRequest().getUserPrincipal().getName(),"admin-role")) { 
... 

//in my ServerMain.java 
... 
public static boolean hasRole(String usr, String role){ 
    Iterator iter = loginService.getUsers().get(usr).getSubject().getPrincipals().iterator(); 
    while (iter.hasNext()){ 
     if (((Principal) iter.next()).getName().equals(role)) return true; 
    } 
    return false; 
}