A simple way of BS system permission control

zhaozj2021-02-16  91

I have read some posts on privilege control, the more confused, what is the use of AOP (Aspect Oriented Programming, aspect), with a container, RBAC (role-based access control method), SSO, JIVE PROY mode, etc. Waiting, and Role is GROUP, it is really a big head, first write a simple implementation method, and then study highly.

This method does not rely on the container framework for small systems (main JSP pages less than 100 because it is hardcoded to JSP), which is suitable for systems to accurately control the page Field.

(Instruments: To distinguish the permissions control and business logic, business logic is to determine some of the conditional runtime, such as student management system, one student enters the system, can only look at your record, because of it Record is determined by a student number, so this is a business logic, and as a student can't watch the teacher's record, this is a student's identity, so this is permission control.)

Ok, enter the topic!

Construction form:

User (user information: userid userpassword, etc.)

Role (Role Description: RoleId Roledesc)

Permission (Permission Description: Permissionid PermissionDesc)

User-role (user role correspondence table: userid roleid)

Role-Permission (Role Permission correspondence table: roleid permissionid)

User-Permission (user permission correspondence table: userid permissionid)

Important declaration:

1 This Role does not inherit relationship, just the collection of Permissions 2 User-Permission table is only for convenience, its data is based on both USER-ROLE ROLE-Permission, only when User-Role-Permission is updated. Update this table, does not give the user separately, only one or more ROLEs can only be given. 3 Permission distribution, this is a difficult point, many of the more complicated privilege control systems are also because this is developed, and it will try to simply, do not consider business logic, focus on the page, divided into two layers, first is to control JSP page, then you need to control the page Field (including Link, Text, TextBox, Button, etc.), and the Field is also a privilege (R and W, read and writable) Basic ideas: Enter JSP When the page is checked, check the user's information, if this permission contains this code, if this permission does not include this code, this function is completed by tag (will not write tag? Don't close, copy!). Watch the code! 1 Construction table (such as above) 2 built two Class (bean) (userProfile is user basemission is permission UserProfile.java: online COM. ××. ××. ××; import java.util.collection;

public class UserProfile {private String userId; private String userType; private String companyNo; private String companyName; private String companyType; private Collection userPermissions; public String getUserId () {return userId;} public void setUserId (String userId) {this.userId = userId;} public String getUserType () {return userType;} public void setUserType (String userType) {this.userType = userType;} public String getCompanyNo () {return companyNo;} public void setCompanyNo (String companyNo) {this.companyNo = companyNo;} public String getCompanyName () {return companyName;} public void setCompanyName (String companyName) {this.companyName = companyName;} public String getCompanyType () {return companyType;} public void setCompanyType (String companyType) {this.companyType = PUBLIC Collection GetUserPermissions () {Return UserperMissions; PUBLIC VOID SETUSERPERMISSIONS Issions) {this.userpermissions = userpermissions;}}

Userpermission.java: qu. × ×. ××;

public class UserPermission {private int permissionId; private String privilege; public int getPermissionId () {return permissionId;} public void setPermissionId (int permissionId) {this.permissionId = permissionId;} public String getPrivilege () {return privilege;} public void setPrivilege (String privilege) {this.privilege = privilege;}} 3 plus two tags (page and field): securitytagforpage.java: postage com. **. **. Taglib; import java.util. *;

public class SecurityTagForPage extends TagSupport {private int permissionID; public int doEndTag () throws JspException {HttpSession session = pageContext.getSession (); // time of the login of the user's session in userProfile into UserProfile userProfile = (UserProfile) session.getAttribute ( "userProfile"); Collection collection = userProfile.getUserPermissions (); Iterator it = collection.iterator (); while (it.hasNext ()) {UserPermission userPermission = (UserPermission) it.next (); if ((permissionID == userPermission.getPermissionId ())) {return EVAL_PAGE;}} return SKIP_PAGE;} public int getPermissionID () {return permissionID;} public void setPermissionID (int permissionID) {this.permissionID = permissionID;}}

SecurityTagForfield: Public Class SecurityTagForfield Extends Tagsupport {Private Int PermissionId; Private String Privilege

Public int desartTAG () throws jspexception {httpsession session = pageContext.getSession (); userprofile userprofile = (userprofile) session.gettribute ("userprofile";

Collection collection = userProfile.getUserPermissions (); Iterator it = collection.iterator (); while (it.hasNext ()) {UserPermission userPermission = (UserPermission) it.next (); if (privilege == null) {if (( permissionID == userPermission.getPermissionId ())) {return EVAL_BODY_INCLUDE;}} else {if ((permissionID == userPermission.getPermissionId ()) && (privilege.equals (userPermission.getPrivilege ()))) {return EVAL_BODY_INCLUDE;}} } Return Skip_body;

public int getPermissionID () {return permissionID;} public void setPermissionID (int permissionID) {this.permissionID = permissionID;} public String getPrivilege () {return privilege;} public void setPrivilege (String privilege) {this.privilege = privilege;} } 4 built a securityTag.TLD file in the web-inflicity, the content is as follows: (Change the Class directory) "! - a Tag Library Descriptor - -> 1.0 1.1 security access control! SecurityForfield com.companyname.prjname.taglib.SecurityTagForField permissionID true privilege securityForPage com.companyname.prjname.taglib.SecurityTagForPage permissionID true

转载请注明原文地址:https://www.9cbs.com/read-14621.html

New Post(0)