我们只要实现DSAuthenticationManager1的OnuserAuthenticate和OnUserAuthorize事件,就可以对接口调用进行控制,事件如下:
procedure TServerContainer1.DSAuthenticationManager1UserAuthenticate( Sender: TObject; const Protocol, Context, User, Password: string; var valid: Boolean; UserRoles: TStrings); begin { TODO : Validate the client user and password. If role-based authorization is needed, add role names to the UserRoles parameter } if (User = 'Admin') and (Password = '123456') then begin valid := True ; UserRoles.Add('AdminGroup'); //加入到AdminGroup组别 end else if (User = 'Guest') and (Password = '123456') then begin valid := True ; UserRoles.Add('GuestGroup'); //加入到GuestGroup组别 end else valid := False ; end; procedure TServerContainer1.DSAuthenticationManager1UserAuthorize( Sender: TObject; EventObject: TDSAuthorizeEventObject; var valid: Boolean); begin { TODO : Authorize a user to execute a method. Use values from EventObject such as UserName, UserRoles, AuthorizedRoles and DeniedRoles. Use DSAuthenticationManager1.Roles to define Authorized and Denied roles for particular server methods. } if EventObject.MethodAlias = 'TServerMethods1.EchoString' then begin valid := EventObject.UserRoles.IndexOf('AdminGroup') <> -1; end; if EventObject.MethodAlias = 'TServerMethods1.ReverseString' then begin valid := EventObject.UserRoles.IndexOf('GuestGroup') <> -1; end; end;
客户端只要设置认证的用户名是Admin还是Guest就可以了,2个用户名都有属于自己的调用的接口方法,而且不能越权。
编译环境:Delphi XE7
加入DataSnap高级交流群439992010,即可下载本DEMO