惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

小众软件
小众软件
IT之家
IT之家
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
Security Archives - TechRepublic
Security Archives - TechRepublic
P
Proofpoint News Feed
C
CERT Recently Published Vulnerability Notes
阮一峰的网络日志
阮一峰的网络日志
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
The Cloudflare Blog
P
Palo Alto Networks Blog
Know Your Adversary
Know Your Adversary
D
Darknet – Hacking Tools, Hacker News & Cyber Security
Cisco Talos Blog
Cisco Talos Blog
L
Lohrmann on Cybersecurity
AWS News Blog
AWS News Blog
J
Java Code Geeks
博客园_首页
Scott Helme
Scott Helme
WordPress大学
WordPress大学
有赞技术团队
有赞技术团队
T
The Exploit Database - CXSecurity.com
Security Latest
Security Latest
V
Visual Studio Blog
Cloudbric
Cloudbric
Jina AI
Jina AI
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
博客园 - 叶小钗
Apple Machine Learning Research
Apple Machine Learning Research
博客园 - 聂微东
人人都是产品经理
人人都是产品经理
A
Arctic Wolf
C
Cybersecurity and Infrastructure Security Agency CISA
S
SegmentFault 最新的问题
The Last Watchdog
The Last Watchdog
SecWiki News
SecWiki News
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
W
WeLiveSecurity
K
Kaspersky official blog
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
Hacker News: Ask HN
Hacker News: Ask HN
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
宝玉的分享
宝玉的分享
Hugging Face - Blog
Hugging Face - Blog
量子位
Google Online Security Blog
Google Online Security Blog
博客园 - Franky
Simon Willison's Weblog
Simon Willison's Weblog
博客园 - 三生石上(FineUI控件)
Recent Commits to openclaw:main
Recent Commits to openclaw:main

博客园 - 无常

用 Zig 写了个 MCP Server,让 AI Agent 直接操控你的 Outlook 使用MSBUILD 构建时出错 error MSB3086: Task could not find "sgen.exe" using the SdkToolsPath PPTPD默认MTU太大引起一些网站上不了的问题 CentOS 6.0 安装配置rails 2.3.11 + redmine 1.2.1 笔记 MVC3中实现验证提示信息多语言支持 MVC3中使用验证适配器修改默认的验证提示信息 nginx 截断日志一个批处理 在没有安装有mvc3的主机上部署asp.net mvc3网站,需要包含的DLL文件 ASP.NET MVC 2 RTM client side validation一个隐秘的坑 Python:使用ctypes库调用外部DLL NHibernate+Oracle 遇到ORA-01461和ORA-01084及解决方法 ASP.NET MVC中实现多个按钮提交的几种方法 - 无常 - 博客园 为cnblogs定做一个代码插入代码的windows live writer插件 MVC 2.0: ConvertEmptyStringToNull 带来烦恼 Code: jsTree ajax 选择行政区域 送出15个Google Wave邀请,需要的赶快 GeekOS:Project1. Loading Executable Files GeekOS:二、Project0 GeekOS: 一、构建基于Ubuntu9.04的实验环境 动刀EFOracleProvider,使其支持char、timestamp(x)等类型
ABP点滴:API无权访问资源时,返回 PolicyName 信息
无常 · 2023-06-18 · via 博客园 - 无常

2023-06-18 19:52  无常  阅读(391)  评论()    收藏  举报

ABP无权访问API时,返回的是403 Forbidden 和重定向 Localtion ,但不知道具体是哪个Policy受阻。
整改思路:

  1. 重写 MethodInvocationAuthorizationService, 抛出AbpAuthorizationException异常时附带 PolicyName
  2. 重写 DefaultAbpAuthorizationExceptionHandler ,在http响应头中增加上无权限的 PolicyName。
  3. 前端判断返回403再从headers中获取

效果如:

image

相关源码:


[ExposeServices(typeof(IAbpAuthorizationExceptionHandler))]
[Dependency(ReplaceServices = true)]
public class Ch2AuthorizationExceptionHandler : DefaultAbpAuthorizationExceptionHandler
{
    public Ch2AuthorizationExceptionHandler()
    {
    }

    public override Task HandleAsync(AbpAuthorizationException exception, HttpContext httpContext)
    {
        if (exception.Data.Contains("PolicyName"))
        {
            var policyName = (string)exception.Data["PolicyName"]!;
            httpContext.Response.Headers.Add("X-Policy-Name", new Microsoft.Extensions.Primitives.StringValues(policyName));
        }

        return base.HandleAsync(exception, httpContext);
    }
}



[ExposeServices(typeof(IMethodInvocationAuthorizationService))]
[Volo.Abp.DependencyInjection.Dependency(ReplaceServices = true)]
public class Ch2MethodInvocationAuthorizationService : IMethodInvocationAuthorizationService, ITransientDependency
{
    private readonly IAbpAuthorizationPolicyProvider _abpAuthorizationPolicyProvider;
    private readonly IAbpAuthorizationService _abpAuthorizationService;

    public Ch2MethodInvocationAuthorizationService(
        IAbpAuthorizationPolicyProvider abpAuthorizationPolicyProvider,
        IAbpAuthorizationService abpAuthorizationService)
    {
        _abpAuthorizationPolicyProvider = abpAuthorizationPolicyProvider;
        _abpAuthorizationService = abpAuthorizationService;
    }

    public async Task CheckAsync(MethodInvocationAuthorizationContext context)
    {
        if (AllowAnonymous(context))
        {
            return;
        }

        var authorizationPolicy = await AuthorizationPolicy.CombineAsync(
            _abpAuthorizationPolicyProvider,
            GetAuthorizationDataAttributes(context.Method)
        );

        if (authorizationPolicy == null)
        {
            return;
        }

        //改动这里
        //await _abpAuthorizationService.CheckAsync(authorizationPolicy);
        if (!await _abpAuthorizationService.IsGrantedAsync(authorizationPolicy))
        {
            var policys = authorizationPolicy.Requirements.Cast<PermissionRequirement>()
                .Select(o => o.PermissionName).JoinAsString(",");
            throw new AbpAuthorizationException(code: AbpAuthorizationErrorCodes.GivenPolicyHasNotGranted)
                .WithData("PolicyName", policys);
        }
    }

    protected virtual bool AllowAnonymous(MethodInvocationAuthorizationContext context)
    {
        return context.Method.GetCustomAttributes(true).OfType<IAllowAnonymous>().Any();
    }

    protected virtual IEnumerable<IAuthorizeData> GetAuthorizationDataAttributes(MethodInfo methodInfo)
    {
        var attributes = methodInfo
            .GetCustomAttributes(true)
            .OfType<IAuthorizeData>();

        if (methodInfo.IsPublic && methodInfo.DeclaringType != null)
        {
            attributes = attributes
                .Union(
                    methodInfo.DeclaringType
                        .GetCustomAttributes(true)
                        .OfType<IAuthorizeData>()
                );
        }

        return attributes;
    }
}