I'm going on a long flight tomorrow and I'd like to be able to keep testing my cloud endpoints REST API while offline. The problem is that the User object is integral to most of my methods, and I need an internet connection to create valid OAuth tokens to call them from the client side (JavaScript).
我明天要去长途飞行,我希望能够在离线时继续测试我的云端点REST API。问题是User对象是我的大多数方法的组成部分,我需要一个Internet连接来创建有效的OAuth令牌,以便从客户端(JavaScript)调用它们。
On the Dev server though, no matter what account you log in on, the user is always the same (with email example@example.com). But if you feed it bogus tokens, it throws an OAuthRequestException.
但是在Dev服务器上,无论您登录什么帐户,用户始终都是相同的(使用电子邮件example@example.com)。但是,如果你喂它伪造的令牌,它会抛出一个OAuthRequestException。
Is there any way I can generate valid test tokens offline for the dev server or a way to access the User object without providing tokens at all?
有没有什么方法可以为开发服务器离线生成有效的测试令牌,或者在不提供令牌的情况下访问用户对象的方法?
Here's an example of a method I'd like to test while offline:
这是我想在离线时测试的方法示例:
@ApiMethod(name = "hylyts.get")
public Hylyt getHylyt(@Named("url") String url, @Named("id") long id, User user)
throws OAuthRequestException, UnauthorizedException {
return ofy().load().type(Hylyt.class).parent(util.getArticleKey(url, user)).id(id).now();
}
1 个解决方案
#1
2
There's a little documented way to inject a custom Authenticator class in Cloud Endpoints. This allows you to change the way the User is detected.
有一种记录方法可以在Cloud Endpoints中注入自定义Authenticator类。这允许您更改检测到用户的方式。
Here's how it works :
以下是它的工作原理:
@Api(name = "myapi", version = "v1", authenticators = {MyDummyAuthenticator.class})
public class MyAPI {
@ApiMethod(name = "hylyts.get")
public Hylyt getHylyt(@Named("url") String url, @Named("id") long id, User user)
throws OAuthRequestException, UnauthorizedException {
return ofy().load().type(Hylyt.class).parent(util.getArticleKey(url, user)).id(id).now();
}
}
And here's what your Authenticator implementation could look like :
这是您的Authenticator实现的样子:
public class MyDummyAuthenticator implements Authenticator {
@Override
public User authenticate(HttpServletRequest httpServletRequest) {
return new User("mytestuser@domain.com");
}
}
You can of course make it more complicated. Since you have access to the HttpServletRequest you can get the user's email from a HTTP header or something like it.
你当然可以让它变得更复杂。由于您可以访问HttpServletRequest,因此您可以从HTTP标头或类似的内容中获取用户的电子邮件。
Note that with an Authenticator you have access to the session in the local server but not in production. In production, httpServletRequest.getSession() will return null. THere's a trick to still fetch the session from the datastore, which I explain here.
请注意,使用Authenticator,您可以访问本地服务器中的会话,但不能访问生产中的会话。在生产中,httpServletRequest.getSession()将返回null。这仍然是从数据存储区获取会话的技巧,我在这里解释。
Then there's the question of how to keep both the normal authentication solution and your DummyAuthenticator implementation. I think you can chain authenticators, but I'm not sure how it works. In the worst case, you can just swap the Authenticator implementation during your flights.
然后是如何保持正常身份验证解决方案和DummyAuthenticator实现的问题。我认为你可以链接身份验证器,但我不确定它是如何工作的。在最坏的情况下,您可以在航班期间交换Authenticator实施。
#1
2
There's a little documented way to inject a custom Authenticator class in Cloud Endpoints. This allows you to change the way the User is detected.
有一种记录方法可以在Cloud Endpoints中注入自定义Authenticator类。这允许您更改检测到用户的方式。
Here's how it works :
以下是它的工作原理:
@Api(name = "myapi", version = "v1", authenticators = {MyDummyAuthenticator.class})
public class MyAPI {
@ApiMethod(name = "hylyts.get")
public Hylyt getHylyt(@Named("url") String url, @Named("id") long id, User user)
throws OAuthRequestException, UnauthorizedException {
return ofy().load().type(Hylyt.class).parent(util.getArticleKey(url, user)).id(id).now();
}
}
And here's what your Authenticator implementation could look like :
这是您的Authenticator实现的样子:
public class MyDummyAuthenticator implements Authenticator {
@Override
public User authenticate(HttpServletRequest httpServletRequest) {
return new User("mytestuser@domain.com");
}
}
You can of course make it more complicated. Since you have access to the HttpServletRequest you can get the user's email from a HTTP header or something like it.
你当然可以让它变得更复杂。由于您可以访问HttpServletRequest,因此您可以从HTTP标头或类似的内容中获取用户的电子邮件。
Note that with an Authenticator you have access to the session in the local server but not in production. In production, httpServletRequest.getSession() will return null. THere's a trick to still fetch the session from the datastore, which I explain here.
请注意,使用Authenticator,您可以访问本地服务器中的会话,但不能访问生产中的会话。在生产中,httpServletRequest.getSession()将返回null。这仍然是从数据存储区获取会话的技巧,我在这里解释。
Then there's the question of how to keep both the normal authentication solution and your DummyAuthenticator implementation. I think you can chain authenticators, but I'm not sure how it works. In the worst case, you can just swap the Authenticator implementation during your flights.
然后是如何保持正常身份验证解决方案和DummyAuthenticator实现的问题。我认为你可以链接身份验证器,但我不确定它是如何工作的。在最坏的情况下,您可以在航班期间交换Authenticator实施。