This article is your author for youlin, welcome to reprint, but please indicate the article from the article ~ ^ _ ^ ~
Author Introduction: Youlin graduated from a college undergraduate college that had been renamed. This person loves open source technology.
1. Why do permission control?
In modern society with extremely developed network communications, human activities are increasingly dependent on the network, and people continue to move people's activities that have previously completed in realities to the network. People can conduct commercial activities, entertainment, communication exchanges, etc. through the free business activities. Commercial interests involved, personal interests are getting bigger, so there are many network security issues.
How to ensure that your information is not more eye-catching in other people's information.
2. How to protect yourself
The nature of the nature will be judged to the identity and news of the other party before attacking or escapeing other objects. Before the dog is attack, it must be smelling you first, and it is a stranger. This is certified as you. If you are a master, he certainly doesn't attack you, but if you are a stranger, you will get different trend. If it also attacks it, it may escape, which is also the result of its judgment of your behavior.
Also we can introduce this behavior into the network. To protect yourself, you must first authenticate things that you have active. And how we do this, there are many ways. You can assign a unique identifier that you can identify using your resources. But once your resource is placed on the network, all of them can try to use them through the network, those people may be the person you assign the identifier, or it is a complete unfamiliar person. So you have to assign each of the only IDs for each of them. This will result in the session session. Once each user is connected to the application, we build a unique session with everyone. So we can obtain the user's information through Session and identify his identity.
So the rest is how to use good session to protect your app, how to make it maximize.
Now let's take a look at several methods. At the same time, you will see how I protect my app.
3. Use session to protect your resources and create flexible permission control mechanisms
1. The first is our most common. Whenever someone wants to use the resources you want to protect, you manually determine whether the user in your session has this permission. Take a look at the pseudo code below, we protect the general process of resources.
IF (session.getusername () & session.hasright ())
{
My protection resources;
}
Else
{
You have no right to access my resources;
}
You can find that every time you have a request to use your protection, you have to manually determine if there is any use permission.
So we think: Why don't you create a framework to let the system to judge these resources, and what we have to do is to point out the resources we have to protect, and others will come to our framework. So the authentication framework is generated. And we can make it easy in Cocoon.
2. Cocoon Authentication Framework. This is the second method of the session we have to study. But let's skip, and will introduce this framework in detail later.
3. Above we let Framework do some repetitive work, the next step we have studied a focus, how to give me a flexible permission control mechanism.
We can imagine that when a system is very large, there are many modules. If we have your own control system or control method, it will be very chaotic. Then why don't we control it? So I thought of a method of flexible processing solutions. That is to give a unified number of all modules. Then map with a given user, user group, or role. The user wants to use a feature, one module, first view this mapping. See if there is any use permission. such as:
n The system will divide different users. Each type of user belongs to a role. There are 3 role guests, Poweruser, Admin So there is a role table Roles. Its structure is as follows:
Role Table Roles:
1. Role ID: (R_ID)
2. Role name: (r_name)
3. Description: (r_des)
The specific surface structure is as follows:
Transport failed to transfer to cancel
n The system will give the system to a different feature, then give each functionally given the permissions, and finally map (MAP) to the role. The user has a specific authority with a certain function due to a certain type of user.
Example: We have a feature to leave a whisper for admin. Our given function ID is 301, 3 represents a large module function, here is a message, 01 is a specific write private permission, with this, 302 to delete private words or others in the message module operating.
So we can map this feature to different roles. If the function corresponds to the role mapping:
301 - PowerUser - YES
Then we think that users belonging to Poweruser can have permissions to whisper to the owner.
If the corresponding role is mapped as follows:
301 - PowerUser - No
Then we think that users belonging to the role Poweruser will not leave a whisper for the owner.
N and we will return him to a role relative to each user. No user can only belong to a role.
The benefits of unified management bringing very clearly, and another huge benefit can make us very convenient to change our functional modules to the user's mapping.
