Google Cloud Endpoints - 当端点有尾随斜杠时,apiKeyRequired无效

时间:2021-06-16 20:21:44

I have an endpoint in Google Cloud Endpoints Frameworks for App Engine (Java). The endpoint is restricted to require an API key like this:

我在App Cloud(Google)的Google Cloud Endpoints框架中有一个端点。端点被限制为需要这样的API密钥:

    @ApiMethod(name = "echo", path = "echo",  apiKeyRequired = AnnotationBoolean.TRUE, httpMethod = ApiMethod.HttpMethod.GET)

Which is working. However if I add a trailing slash when making the call, the endpoint returns data without an api key requirement.

这是有效的。但是,如果在进行调用时添加尾部斜杠,则端点将返回没有api密钥要求的数据。

I have tried to restrict api access globally in the api definition, like this:

我试图在api定义中全局限制api访问,如下所示:

@Api(
name = "myapi",
version = "v1",
apiKeyRequired = AnnotationBoolean.TRUE,

This however does not seem to work. I have regenerated the openapi.json and redeployed both the openapi.js and the app engine app, and the endpoint is still accessible if it has a trailing slash, but not without.

然而,这似乎不起作用。我重新生成了openapi.json并重新部署了openapi.js和app引擎应用程序,如果端点有一个尾部斜杠,端点仍然可以访问,但不是没有。

Does anyone know how I can prevent this? Any insight is much appreciated.

有谁知道我怎么能阻止这个?非常感谢任何见解。

1 个解决方案

#1


0  

I was unable to solve this within Google Endpoints, so I utilized tuckey's urlrewrite to remove the trailing slashes in a filter

我无法在Google端点中解决这个问题,因此我使用了tuckey的urlrewrite来删除过滤器中的尾部斜杠

web.xml

web.xml中

         <filter>
        <filter-name>UrlRewriteFilter</filter-name>
        <filter-class>org.tuckey.web.filters.urlrewrite.UrlRewriteFilter</filter-class>
           <init-param>
                <param-name>confPath</param-name>
                <param-value>/WEB-INF/urlrewrite.xml</param-value>
            </init-param>
    </filter>
    <filter-mapping>
        <filter-name>UrlRewriteFilter</filter-name>
        <url-pattern>/_ah/api/*</url-pattern>
        <dispatcher>REQUEST</dispatcher>
    </filter-mapping>

urlrewrite.xml

    <?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE urlrewrite PUBLIC "-//tuckey.org//DTD UrlRewrite 3.1//EN" "http://www.tuckey.org/res/dtds/urlrewrite3.1.dtd">
<urlrewrite>
    <rule match-type="regex">  
      <note>Remove trailing slash</note>
      <from>^(.*)/$</from>
      <to type="redirect">$1</to>
    </rule>  
</urlrewrite>

more info:

更多信息:

http://www.tuckey.org/urlrewrite/manual/4.0/index.html

http://www.tuckey.org/urlrewrite/manual/4.0/index.html

Note: as of yet, it is not redirecting properly. I'm continuing to work on that, and will post updates, but now at least I'm getting a 404 for the version with the trailing slash, rather than the response data without api key, which satisfies my security needs at the moment

注意:到目前为止,它还没有正确重定向。我将继续努力,并将发布更新,但现在至少我得到的是带有斜杠的版本的404,而不是没有api密钥的响应数据,这满足了我目前的安全需求

#1


0  

I was unable to solve this within Google Endpoints, so I utilized tuckey's urlrewrite to remove the trailing slashes in a filter

我无法在Google端点中解决这个问题,因此我使用了tuckey的urlrewrite来删除过滤器中的尾部斜杠

web.xml

web.xml中

         <filter>
        <filter-name>UrlRewriteFilter</filter-name>
        <filter-class>org.tuckey.web.filters.urlrewrite.UrlRewriteFilter</filter-class>
           <init-param>
                <param-name>confPath</param-name>
                <param-value>/WEB-INF/urlrewrite.xml</param-value>
            </init-param>
    </filter>
    <filter-mapping>
        <filter-name>UrlRewriteFilter</filter-name>
        <url-pattern>/_ah/api/*</url-pattern>
        <dispatcher>REQUEST</dispatcher>
    </filter-mapping>

urlrewrite.xml

    <?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE urlrewrite PUBLIC "-//tuckey.org//DTD UrlRewrite 3.1//EN" "http://www.tuckey.org/res/dtds/urlrewrite3.1.dtd">
<urlrewrite>
    <rule match-type="regex">  
      <note>Remove trailing slash</note>
      <from>^(.*)/$</from>
      <to type="redirect">$1</to>
    </rule>  
</urlrewrite>

more info:

更多信息:

http://www.tuckey.org/urlrewrite/manual/4.0/index.html

http://www.tuckey.org/urlrewrite/manual/4.0/index.html

Note: as of yet, it is not redirecting properly. I'm continuing to work on that, and will post updates, but now at least I'm getting a 404 for the version with the trailing slash, rather than the response data without api key, which satisfies my security needs at the moment

注意:到目前为止,它还没有正确重定向。我将继续努力,并将发布更新,但现在至少我得到的是带有斜杠的版本的404,而不是没有api密钥的响应数据,这满足了我目前的安全需求