It is more intuitive and flexible. Role's contribution to the system is essentially provided with a distribution unit comparing the crude particles.
GROUP and Operator are multi-to-many relationships. The relationship between the concepts is shown below:
Explanation:
The definition of Operator includes Resource Type and Method concept. That is, what and how concept. The reason why WHAT and HOW is bound to be used as an Operator concept rather than separate modeling, because many how to make something for a WHAT. For example, the release operation makes sense to the news object, and there is no meaning to the user object.
The meaning of how itself is also different. Specifically, n types of operations can be defined for each WHAT. For example, for the object of the contract, you can define a creation, submit an operation, check conflict operation. It can be considered that how concept corresponds to every business method. Among them, the operations associated with specific user identity can be defined in the operational logic of the operation, or may be defined at the operating level. For example, the creator's browsing view requires different contents of the browsing view of the ordinary user. Two operation methods can be defined externally, or may be processed according to the specific logic within one operation method. Which way of specific use should be processed according to the actual situation.
Such an architecture should be able to meet the functional needs of most of the coarse granular permission control in the case of easy understanding and management. However, in addition to coarse granular permissions, there will be countless fine-grained permissions for specific instances in the system. These issues are resolved to business logic, so considerately of the following two points:
On the one hand, the permissions of fine-grained permissions must be implemented in support information that must be allocated on the resource. For example, if the creator and ordinary users see different information content, the resource itself should have information on its creator. On the other hand, the permissions of fine-grained levels often have considerable business logic correlation. For different business logic, often means completely different privileges and strategies. In contrast, coarse granular permissions are more versatility, and it is achieved as an architecture, more reused value; and the permissions of fine particle size are cumbersome, and it is not necessary. It is more concise and flexible to achieve customized code.
Therefore, fine-grained control should be resolved under the bottom layer, and Resource is instantiated, you must specify Owner and Groupprivilege to determine the type of constraint when operating the resource: OWNEROK or GROUPOK or allok. Groups should be multi-to-many relationships with Role strictly separation of User and Group, and Group is only used to classify users, and does not contain any Role; Role is only granted User, not Group. If the user needs a combination of various Privilege, it is necessary to add ROLE. Privilege must be able to access the resource, with the user parameter, so permission control is complete.
thought:
The core of the permission system consists of the following three parts: 1. Create permissions, 2. Allocate permissions, 3. Use permissions, then, the main participants in the system are as follows: 1. Create permissions - Creator creation, 2. Assign permission - Administrator assignment, 3. Use permissions - User:
1. Creator creates Privilege, Creator, which will be divided, a subsystem or a module when designing and implementing a system, what permissions should be. Here, this is the object declaration of Privilege and Resource, and it does not really contact the Privilege to the specific Resource instance to form an Operator. 2. Administrator Specifies the association of Privilege and Resource Instance. In this step, the permissions truly associated with the resource instance, producing Operator (PrivileGe Instance). Administrator uses Operator's basic elements to create his ideal permission model. For example, create a role, create user groups, assign users to user groups, associating user groups and roles, etc. ... These operations are done by Administrator.
3. User uses the permissions assigned by Administrator to use each subsystem. Administrator is a user, there is a more suitable model for him to manage and maintain in his mind. So, as long as the programmer answers a question, what is the permissions can access what resources, that is, the Operator that said. The programmer provides Operator means wearing a helmet to the system. Administrator can establish his hoped permission framework in accordance with his will, delete, manage Resource and Privilege relationships. You can set the correspondence between users and roles Role. (If Creatrator is as a Basic inventor, Administrator is Basic's user, he can do some script programming) Operator is the most critical part of this system, it is a link, a department in Programmer, Administrator, Between User.
Use a functional module to give examples.
One. Establish a role function and assign it:
1. If you want to do an employee management module (ie, resources), this module has three features, namely, addition, modify, delete. Assign one of these three functions, this ID is called function code:
EMP_ADDEMP, EMP_DELETEEMP, EMP_UPDATEEMP.
2. Create a role (Role), add the above function code to this role's permissions and save it into the database. The roles include system administrators, testers, etc.
3. Establish an employee's account and assign one or several roles to this employee. For example, this employee can be either company administrators or test staff. This way he logs in to the system will only see the modules he owns permissions.
two. Add identity information to the session.
When logging in, look for this employee in the database, if there is, if you exist, then find the employee's permission information according to the employee's SN, put all the permissions information of the employee into a HashMap, such as putting the above EMP_ADDEMP, etc. Hashmap. Then save the HashMap in a UserInfobean. Finally, put this UserInfobean in the session, so that the system can obtain the identity information of this user at any time during the operation of the program.
three. Different from the user's permissions.
You can compare the privilege of the current employee and "function ID" assigned to this menu to determine if the current user has permission to open this menu. For example: If you don't have any one of these three IDs in the HashMap of the employee permissions, then this menu will not display, if there is any ID in the employee's HashMap, this menu will be displayed. For a news system, it is assumed that it has a function (Privilege): view, release, delete, modify; assume that "the news system manager can only delete the release of January, and super administrators can Delete all such limits, which belongs to the business logic, not the user rights range. That is to say, the permission is responsible for the permission to delete the permission, as for which content can be deleted should be determined according to userrole or usergroup (Of course give UserRole The or usergroup allocation should contain two business logics above.
A user can have multiple roles, but the user can only enter the system with one role. The score method of the role can be divided according to the actual situation, divided by department or institution, as for the role, which looks at the system administrator how much permission. User-Role-Permissions key is role. When the user logs in, it is logged in with both user and roles (because one user can have a variety of roles, but can only play a role at the same time), obtain the user's permissions according to the role, and initialize after logging in. This skill is that a certain user can only log in with a role.
For different groups of different "role" dynamics, each project creates a separate group. For new projects, create new groups. In the permission judgment, it should be controlled in business methods. For example: "Operational Ability" of different users is different (coarse granularity should be able to meet the requirements), and the "visual area" of different users is different (whether the authority data of the object being operated is allowed to be available. Access, this requires consideration of permission control when business data is modeled).
Scalability:
With the basic framework of users / privilege management, the concept of WHO (user / group) does not often need to scale. Change may be to introduce new What (new resource type) or new HOW (new way of operation). That is in three basic concepts, it is not enough to extension on Permission. In this design, Permission is substantially solved in the problem, that is, the operation of "how". So which level is defined in this "how"? Definition of Permission is appropriate in the "Business Method" level. For example, release, purchase, and cancel. Each business method can mean a "action" that the user is going. Defining at the level of business logic, on the one hand, the "purity" of the data access code is guaranteed, and on the other hand, it is also "sufficient". That is to say, for a lower level, free access data, the higher level, more fine control permissions.
Determine the right level defined by Permission, further, and it is possible to find that Permission actually implies the concept of what. That is, how the WHAT will be a complete Operator. For example, "release" operation, implies the "information" "release" concept, and it is meaningless to publish the operation for "goods". Similarly, "purchase" operation implies the "purchase" concept of "goods". The bindings here also reflect the operation of a large number of commonly used names, such as, requires different operations that distinguish between "product deletion" and "deletion of information". Different operations with "delete".
The extension capability of providing permission systems is to extension in the concept of Operator (Resource Permission). The Proxy mode is a very suitable implementation. The implementation is approximately as follows: in the business logic layer (in EJB Session Facade [Stateful SessionBean], acquiring the MethodName of the business method, retrieve the Operator data according to ClassName and MethodName, and then determine the current user according to the user information saved in this Operator information and STATEFUL Does the operation permission of this method are available. Applying In EJB mode, you can define a very clear business hierarchy, and a business may mean different views, when multiple views correspond to a business logic, such as the Swing Client, and JSP Client access the same Business is implemented by EJB. Applying rights on the business layer to provide centralized control capabilities. In fact, if the permissions system provides query capabilities, then it will be found that the view hierarchy is already not understanding permissions, it only needs to control the interface according to the query results.
flexibility:
GROUP and ROLE, just a means of assisting achievements, not required. If there are many Role of the system, authorize the "simple and convenient" purpose, then introduce the GROUP, form the ROLE of the permissions to set a Group for centralized authorization. Role is the same, is a collection of Operator, is to simplify the operation of multiple Operator.
Role liberates specific users and groups from permissions. A user can assume different roles to achieve licensed flexibility. Of course, Groups can also achieve similar functions. However, in the actual business, the Group is more divided into administrative organizational structures or business features; if the permission management is forcibly to join a different group, it will lead to the complexity of management.
Domain application. In order to authorize more flexible, you can abstract WHERE or Scope, called Domain, the real authorization is in the range of Domain, and the specific Resource will be divided into different Domain. For example: a news organization has two major branches of China, and there are different resources in both branches (sports, living, and current affairs). If all domestic news rights rules are the same, all foreign news rights rules are the same. Two domains can be established, authorized separately, and then use all kinds of news from different domains, and are controlled by the permissions on the domain.
Permission systems should also consider separating functional licenses with resource-based authorization. Many systems only have permission control for data (resources) in the system, but no permission control for system functions.
The permission system is preferably hierarchical instead of centralized management. Most customers want different departments to manage transactions within their sectors, rather than anything that requires a concentrated Administrator or Administrators group to manage. Although you can add people from different departments to the Administrators group, but their permissions are too much, you can manage the entire system resources rather than the resource of the department.
Positive authorization and negative authorization: Positive authorization assumes that the subject does not have any permissions, and then grant permissions as needed to provide a strict system. Negative authorization assumes that the subject has all rights and then retrieves some special permissions.
Permission calculation strategy: User, Group, and role in the system can be authorized, permissions can have a positive and negative points, define a set of strategies when calculating the user's payings.
There should be an AccessService, which should have a centralized administrative privilege, the maintenance of privileges (Business Administrators, Security Management Modules) and Usage (end users, each function module), which should consider general permissions and special permissions at the time of implementation. Although there are many implementations, such as using Proxy mode, these proxy should be made dependent on AccessService. An AccessService is called in each module function to check if there is a corresponding permissions. Therefore, rights management is not a matter of security management modules, but there is a relationship with the functional modules of the system. The developers of each function module should be familiar with the security management module, of course, it is also necessary to familiarize with the security rules of this module. Technical realization:
1. Form authentication, this is common, but the user will send the web container when the user arrives at the resources that are not authorized to access.
An HTML page is required to enter the username and password.
2. A servlet Sign IN / Sign OUT to centrally process all request, the disadvantage is that the application must be handled by the application.
3. With Filter to prevent users from accessing some unauthorized resources, Filter will intercept all request / response,
Then place a verification in the user's session, and then Filter relies on this identity to determine whether to release Response.
This mode is divided into:
Gatekeeper: Take the way Filter or Uniform Servlet.
Authenticator: Using Jaas yourself in the Web.
User qualification storage LDAP or database:
1. Gatekeeper intercepts checking each reached the protected resource. First check if this user has already created
Good login session, if not, GateKeeper checks if there is a global and authenticator related session?
2. If there is no global session, this user is directed to the SIGN-ON page of Authenticator,
The username and password are required.
3. Authenticator accepts username and password, verifying users through the user's qualification system.
4. If the authentication is successful, Authenticator will create a global login session and guide GateKeeper.
To create a login session for this user in his web application.
5. Authenticator and Gatekeepers share cookies or use tokens in the Query characters.
