本例演示如何通过编程方式对服务应用权限。权限是决定角色能否访问服务的一组规则。
在本例中,首先通过拒绝访问 esriEveryone 角色使服务处于私有状态,esriEveryone 是一个为使本例包含站点中的所有用户而构建的虚拟角色。然后,添加第二条规则以向用户提供的角色授予几何服务的访问权限。代码中包含了一个额外函数用于显示如何通过向 esriEveryone 角色再次授予访问权限使服务处于公共状态。
该脚本尝试通过 HTTPS(加密连接)登录并安全地获取令牌。。如果尚未对 ArcGIS Server 配置 HTTPS,则脚本的默认行为是尝试不安全登录(未加密)。如果希望请求安全登录,请对脚本使用 --secure 选项。
该脚本是使用 Python 编写的,但不需要安装任何 Esri 软件。要运行脚本,请执行以下操作:
在 Windows 中:
- 将内容保存到名为 setPermissions.py 的文件中。
- 使用以管理员身份运行选项打开一个命令提示符窗口。
- 运行 setPermission.py,例如:setPermissions.py --user admin --password secret --role "GIS Department"
在 Linux 中:
- 将内容保存到名为 setPermissions.py 的文件中。
- 使文件可执行 (chmod u+x)。
- 如果 /usr/bin 中不存在 Python,请编辑第一行以指向 Python 安装包(通常不需要此步)。
- 运行 setPermissions.py,例如:./setPermissions.py --user admin --password secret --role "GIS Department"
#!/usr/bin/python
# Demonstrates how to set permissions on the geometry service.
import httplib, urllib # used for connecting to ArcGIS Server
import re # used for parsing responses
import sys
def main(argv=None):
(user,password, serverName, serverPort, role, secure) = getInputParameters()
token = getToken(user, password, serverName, serverPort, secure)
makeServicePrivate(serverName, serverPort, token, "Geometry", "GeometryServer")
setServicePermission(serverName, serverPort, token, "Geometry", "GeometryServer", role)
def makeServicePublic(serverName, serverPort, token, service, serviceType):
url = "/arcgis/admin/services/" + service + "." + serviceType + "/permissions/add"
params = urllib.urlencode({'principal' : 'esriEveryone', 'isAllowed':'true', 'f' : 'json', 'token' : token})
response = makeHttpPost(serverName, serverPort, url, params)
if (operationSuccessful(response)) :
print "Successfully made " + service + "." + serviceType + " public."
else:
print "Unable to make " + service + "." + serviceType + " public."
def makeServicePrivate(serverName, serverPort, token, service, serviceType):
url = "/arcgis/admin/services/" + service + "." + serviceType + "/permissions/add"
params = urllib.urlencode({'principal' : 'esriEveryone', 'isAllowed':'false', 'f' : 'json', 'token' : token})
response = makeHttpPost(serverName, serverPort, url, params)
if (operationSuccessful(response)) :
print "Successfully made " + service + "." + serviceType + " private."
else:
print "Unable to make " + service + "." + serviceType + " private."
def setServicePermission(serverName, serverPort, token, service, serviceType, role):
url = "/arcgis/admin/services/" + service + "." + serviceType + "/permissions/add"
params = urllib.urlencode({'principal' : role, 'isAllowed':'true', 'f' : 'json', 'token' : token})
response = makeHttpPost(serverName, serverPort, url, params)
if (operationSuccessful(response)) :
print "Successfully granted " + role + " permission to " + service + "." + serviceType
else:
print "Unable to grant " + role + " permission to " + service + "." + serviceType
def operationSuccessful(response):
statusPattern = re.compile('[\w]+')
statusValue = statusPattern.findall(response)[1]
if (statusValue == "success"):
return 1
else:
return 0
def getToken(username, password, serverName, serverPort, secure):
tokenURL = "/arcgis/admin/generateToken"
params = urllib.urlencode({'username': username, 'password': password, 'client': 'requestip', 'f': 'json'})
response = makeHttpPost(serverName, serverPort, tokenURL, params, secure)
if (response == None):
print "ERROR: Unable to login. The following may have caused this:"
print
print " 1) Incorrect username or password."
print " 2) Incorrect server name or port."
if (secure):
print " 3) The server may not have https enabled."
print
print
sys.exit()
tokenPattern = re.compile('[\w-]+')
tokenMatch = tokenPattern.findall(response)[1]
return tokenMatch
def makeHttpPost(serverName, serverPort, url, params, secure=0):
headers = {"Content-type": "application/x-www-form-urlencoded", "Accept": "text/plain"}
if (serverPort == 80) :
securePort = 443
else:
securePort = 6443
try:
httpsFailed = 0
httpsConn = httplib.HTTPSConnection(serverName, securePort)
httpsConn.request("POST", url, params, headers)
response = httpsConn.getresponse()
if (response.status == 200):
data = response.read()
httpsConn.close()
return data
else:
httpsFailed = 1
except:
httpsFailed = 1
if (httpsFailed and secure):
return
try:
httpConn = httplib.HTTPConnection(serverName, serverPort)
httpConn.request("POST", url, params, headers)
response = httpConn.getresponse()
if (response.status == 200):
data = response.read()
httpConn.close()
return data
else:
httpConn.close()
return
except:
return
def getInputParameters() :
if (len(sys.argv) == 1):
print "Sets a role's permission for ArcGIS Server geometry service."
print
print " --user Publisher/administrator user to log into ArcGIS Server with."
print " --password Password for publisher/administrator login"
print " --server Server machine. Optional, default is localhost."
print " --port Port to use when connecting. Option, default 6080."
print " --role ArcGIS Server role being affected."
print " --secure Requires a secure login."
print
sys.exit()
user = None
password = None
role = None
serverName = "localhost"
serverPort = 6080
secure = 0
for i in range(1, len(sys.argv)) :
if (sys.argv[i] == "--user" and i < len(sys.argv)-1):
user = sys.argv[i+1]
elif (sys.argv[i] == "--password" and i < len(sys.argv)-1) :
password = sys.argv[i+1]
elif (sys.argv[i] == "--server" and i < len(sys.argv)-1) :
serverName = sys.argv[i+1]
elif (sys.argv[i] == "--port" and i < len(sys.argv)-1) :
port = sys.argv[i+1]
elif (sys.argv[i] == "--role" and i < len(sys.argv)-1):
role = sys.argv[i+1]
elif (sys.argv[i] == "--secure"):
secure = 1
if (user == None or password == None or role == None) :
if (user == None):
print "The --user parameter was not provided."
elif (password == None):
print "The --password parameter was not provided."
elif (role == None):
print "The --role parameter was not provided."
sys.exit()
else:
return (user,password, serverName, serverPort, role, secure)
# Script start
if __name__ == "__main__":
sys.exit(main(sys.argv[1:]))