使用 Elasticsearch 按用户过滤以获得更安全的端点

问题描述 投票:0回答:0

我正在尝试将 JHipster v5 应用程序升级到 v7.9.3。使用 JHipster 5,我能够通过按用户登录添加过滤器来保护 Elasticsearch 端点。

public ResponseEntity<List<BloodPressure>> searchBloodPressures(@RequestParam String query, Pageable pageable) {
    log.debug("REST request to search for a page of BloodPressures for query {}", query);
    BoolQueryBuilder queryBuilder = QueryBuilders.boolQuery().must(queryStringQuery(query));
    if (SecurityUtils.isAuthenticated() && !SecurityUtils.isCurrentUserInRole(AuthoritiesConstants.ADMIN)) {
        queryBuilder = queryBuilder.filter(matchQuery("user.login",
            SecurityUtils.getCurrentUserLogin().orElse("")));
    }
    Page<BloodPressure> page = bloodPressureSearchRepository.search(queryBuilder, pageable);
    HttpHeaders headers = PaginationUtil.generateSearchPaginationHttpHeaders(query, page, "/api/_search/blood-pressures");
    return new ResponseEntity<>(page.getContent(), headers, HttpStatus.OK);
}

使用 JHipster 7,这是我尝试锁定它之前方法的样子。

public ResponseEntity<List<BloodPressure>> searchBloodPressures(
    @RequestParam String query,
    @org.springdoc.api.annotations.ParameterObject Pageable pageable
) {
    log.debug("REST request to search for a page of BloodPressures for query {}", query);
    Page<BloodPressure> page = bloodPressureSearchRepository.search(query, pageable);
    HttpHeaders headers = PaginationUtil.generatePaginationHttpHeaders(ServletUriComponentsBuilder.fromCurrentRequest(), page);
    return ResponseEntity.ok().headers(headers).body(page.getContent());
}

JHipster 5 允许我将 

queryBuilder
直接传递给 
search()
方法。但是,对于 JHipster 7,它需要一个字符串。是否可以从 
queryBuilder
获取查询以使其全部正常工作?

这是我目前所拥有的:

public ResponseEntity<List<BloodPressure>> searchBloodPressures(
    @RequestParam String query,
    @org.springdoc.api.annotations.ParameterObject Pageable pageable
) {
    log.debug("REST request to search for a page of BloodPressures for query {}", query);
    BoolQueryBuilder queryBuilder = QueryBuilders.boolQuery().must(queryStringQuery(query));
    if (SecurityUtils.isAuthenticated() && !SecurityUtils.hasCurrentUserThisAuthority(AuthoritiesConstants.ADMIN)) {
        queryBuilder = queryBuilder.filter(matchQuery("user.login", SecurityUtils.getCurrentUserLogin().orElse("")));
    }
    // todo: figure out how to use queryBuilder in search()
    // SearchSourceBuilder sourceBuilder = new SearchSourceBuilder();
    // sourceBuilder.query(queryBuilder);
    Page<BloodPressure> page = bloodPressureSearchRepository.search(query, pageable);
    HttpHeaders headers = PaginationUtil.generatePaginationHttpHeaders(ServletUriComponentsBuilder.fromCurrentRequest(), page);
    return ResponseEntity.ok().headers(headers).body(page.getContent());
}


BloodPressureSearchRepository
的代码如下:

package org.jhipster.health.repository.search;

import static org.elasticsearch.index.query.QueryBuilders.queryStringQuery;

import java.util.List;
import java.util.List;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.elasticsearch.search.sort.SortBuilder;
import org.jhipster.health.domain.BloodPressure;
import org.jhipster.health.repository.BloodPressureRepository;
import org.springframework.data.domain.Page;
import org.springframework.data.domain.PageImpl;
import org.springframework.data.domain.PageRequest;
import org.springframework.data.domain.Pageable;
import org.springframework.data.elasticsearch.core.ElasticsearchRestTemplate;
import org.springframework.data.elasticsearch.core.SearchHit;
import org.springframework.data.elasticsearch.core.SearchHits;
import org.springframework.data.elasticsearch.core.query.NativeSearchQuery;
import org.springframework.data.elasticsearch.core.query.NativeSearchQueryBuilder;
import org.springframework.data.elasticsearch.core.query.Query;
import org.springframework.data.elasticsearch.repository.ElasticsearchRepository;
import org.springframework.scheduling.annotation.Async;
import org.springframework.transaction.annotation.Isolation;
import org.springframework.transaction.annotation.Propagation;
import org.springframework.transaction.annotation.Transactional;

/**
 * Spring Data Elasticsearch repository for the {@link BloodPressure} entity.
 */
public interface BloodPressureSearchRepository
    extends ElasticsearchRepository<BloodPressure, Long>, BloodPressureSearchRepositoryInternal {}

interface BloodPressureSearchRepositoryInternal {
    Page<BloodPressure> search(String query, Pageable pageable);

    Page<BloodPressure> search(Query query);

    void index(BloodPressure entity);
}

class BloodPressureSearchRepositoryInternalImpl implements BloodPressureSearchRepositoryInternal {

    private final ElasticsearchRestTemplate elasticsearchTemplate;
    private final BloodPressureRepository repository;

    BloodPressureSearchRepositoryInternalImpl(ElasticsearchRestTemplate elasticsearchTemplate, BloodPressureRepository repository) {
        this.elasticsearchTemplate = elasticsearchTemplate;
        this.repository = repository;
    }

    @Override
    public Page<BloodPressure> search(String query, Pageable pageable) {
        NativeSearchQuery nativeSearchQuery = new NativeSearchQuery(queryStringQuery(query));
        return search(nativeSearchQuery.setPageable(pageable));
    }

    @Override
    public Page<BloodPressure> search(Query query) {
        SearchHits<BloodPressure> searchHits = elasticsearchTemplate.search(query, BloodPressure.class);
        List<BloodPressure> hits = searchHits.map(SearchHit::getContent).stream().collect(Collectors.toList());
        return new PageImpl<>(hits, query.getPageable(), searchHits.getTotalHits());
    }

    @Override
    public void index(BloodPressure entity) {
        repository.findOneWithEagerRelationships(entity.getId()).ifPresent(elasticsearchTemplate::save);
    }
}

相关:https://github.com/mraible/21-points-v7/issues/5

java elasticsearch jhipster
最新问题
© www.soinside.com 2019 - 2024. All rights reserved.