I have read some posts on privilege control, the more confused, what is the use of AOP (Aspect Oriented Programming, aspect), with a container, RBAC (role-based access control method), SSO, JIVE PROY mode, etc. Waiting, and Role is GROUP, it is really a big head, first write a simple implementation method, and then study highly. This method does not rely on the container framework for small systems (main JSP pages less than 100 because it is hardcoded to JSP), which is suitable for systems to accurately control the page Field. (Instruments: To distinguish the permissions control and business logic, business logic is to determine some of the conditional runtime, such as student management system, one student enters the system, can only look at your record, because of it The record is determined by a student number, so this is a business logic, and as a student can't watch the teacher's record, this is a student's identity, so this is the right to control.) Ok, enter the topic! Bule: User (User Information: Userid UserPassword et al) Role (Role Description: Roleid Roledesc) Permission (Permission Description: Permissionid PermissionDesc) User-Role (user role) Role-Permission (Role Permission) : Roleid permissionid) User-Permission (user permission table: userid permissionid) Important:
1 This Role does not inherit relationship, just the collection of Permissions 2 User-Permission table is only for convenience, its data is based on both USER-ROLE ROLE-Permission, only when User-Role-Permission is updated. Update this table, does not give the user separately, only one or more ROLEs can only be given. 3 Permission distribution, this is a difficult point, many of the more complicated privilege control systems are also because this is developed, and it will try to simply, do not consider business logic, focus on the page, divided into two layers, first is to control JSP page, then you need to control the page Field (including Link, Text, TextBox, Button, etc.), and the Field is also a privilege (R and W, read and writable) Basic ideas: Enter JSP When the page is checked, check the user's information, if this permission contains this code, if this permission does not include this code, this function is completed by tag (will not write tag? Don't close, copy!). Watch the code! 1 Construction table (such as above) 2 built two Class (bean) (userProfile is user basemission is permission UserProfile.java: online COM. ××. ××. ××; import java.util.collection;
public class UserProfile {private String userId; private String userType; private String companyNo; private String companyName; private String companyType; private Collection userPermissions; public String getUserId () {return userId;} public void setUserId (String userId) {this.userId = userId;} public String getUserType () {return userType;} public void setUserType (String userType) {this.userType = userType;} public String getCompanyNo () {return companyNo;} public void setCompanyNo (String companyNo) {this.companyNo = companyNo;} public String getCompanyName () {return companyName;} public void setCompanyName (String companyName) {this.companyName = companyName;} public String getCompanyType () {return companyType;} public void setCompanyType (String companyType) {this.companyType = PUBLIC Collection GetUserPermissions () {Return UserperMissions; PUBLIC VOID SETUSERPERMISSIONS Issions) {this.userpermissions = userpermissions;}}
Userpermission.java: qu. × ×. ××;
public class UserPermission {private int permissionId; private String privilege; public int getPermissionId () {return permissionId;} public void setPermissionId (int permissionId) {this.permissionId = permissionId;} public String getPrivilege () {return privilege;} public void setPrivilege (String privilege) {this.privilege = privilege;}} 3 plus two tags (page and field): securitytagforpage.java: postage com. **. **. Taglib; import java.util. *;
public class SecurityTagForPage extends TagSupport {private int permissionID; public int doEndTag () throws JspException {HttpSession session = pageContext.getSession (); // time of the login of the user's session in userProfile into UserProfile userProfile = (UserProfile) session.getAttribute ( "userProfile"); Collection collection = userProfile.getUserPermissions (); Iterator it = collection.iterator (); while (it.hasNext ()) {UserPermission userPermission = (UserPermission) it.next (); if ((permissionID == userPermission.getPermissionId ())) {return EVAL_PAGE;}} return SKIP_PAGE;} public int getPermissionID () {return permissionID;} public void setPermissionID (int permissionID) {this.permissionID = permissionID;}}
SecurityTagForfield: Public Class SecurityTagForfield Extends Tagsupport {Private Int PermissionId; Private String Privilege
Public int desartTAG () throws jspexception {httpsession session = pageContext.getSession (); userprofile userprofile = (userprofile) session.gettribute ("userprofile";
Collection collection = userProfile.getUserPermissions (); Iterator it = collection.iterator (); while (it.hasNext ()) {UserPermission userPermission = (UserPermission) it.next (); if (privilege == null) {if (( permissionID == userPermission.getPermissionId ())) {return EVAL_BODY_INCLUDE;}} else {if ((permissionID == userPermission.getPermissionId ()) && (privilege.equals (userPermission.getPrivilege ()))) {return EVAL_BODY_INCLUDE;}} } return SKIP_BODY;} public int getPermissionID () {return permissionID;} public void setPermissionID (int permissionID) {this.permissionID = permissionID;} public String getPrivilege () {return privilege;} public void setPrivilege (String privilege) {this. Privilege = privilege;}} 4 built a securityTag.TLD file in the web-inflicity, the content is as follows: (change the directory of the class)
"http://java.sun.com/j2ee/dtds/web-jsptaglibrary_1_1.dtd">
1.0
1.1
Security
Access Control!
SecurityForfield
com.companyname.prjname.taglib.securitytagforfield
PermissionID
True
PRIVILEGE
Securityforpage
com.companyname.prjname.taglib.securitytagforpage
PermissionID
True
5 Modify the JSP that needs to be controlled in the JSP page: <% @ Taglib URI = "/ Web-inf / securitytag.tld" prefix = "security"%> <% @ page import = "com.hp.elog2.util. Util "%>
.......
... This is very big, it is recommended to control this block after all JSP pages are completed, mainly the work of Copy C and Copy V. The biggest problem in this method is Hardcode, but the structure is simple, the idea is clear, and it has a wide range of applications. Complex method I hope that the same parties will contact leon_sandy@tom.com to study together!
