Exploration of Struts Project Permissions Solutions
Some time ago I have read some information about JaaS. There are not many information on the Internet. The articles are focused on the JaaS class that told some cores (but quite good, huh ... for this The entry is excellent, and the feeling given to me is like:
"God, almost no one used it ~!"
The source code of the CHINAXP Forum involves this application, and they are doing that, this gives me a lot of revelation.
In a project I have participated (under development), I use JaaS's verification mechanism (which is not very familiar with the mastery of the JaaS, and temporarily use another method to solve it, this method is again The part of the down is involved.)
Let me say some of my background for it:
It is a relatively large project (provincial highway road work platform), with a large division can be divided into 26 submodules of 10 large modules, specifically divided into basic information maintenance, road administration, road approval, etc., mainly Yes (maintenance, browsing, and printing for a module)
After discussion, we considered this when designing permissions:
Divide three "roles": users, user groups, permissions;
Their relationship is: the user belongs to a user group; put it in the user group. (All of this is the discussion of "on the spot customer representative".)
As the following table is the content:
Rightid RightName 00100 Maintenance Basic Information 00101 Browse Basic Information 00500 Maintenance Volunteer Information 00501 Viewing Traffic Information ...... ...
The system module is configured with XML, such as:
Module_config.xml
......
(Ponating when using a single case mode when the container is started)
Bind specific permissions to each * .do request:
Request_source.xml
......
(Also resolved and put it in the container)
The system center permissions process control basically I divide it into two steps:
1. Using Filter and JaaS to filter illegal users
All of these * .jsp also guides through * .do, so that there is no permission "blind spot" throughout the system, that is, you can guarantee that each * .do is "clean".
This involves the following documents, the specific code is not given here:
(1) Iroadlogin.configiroadLogin {
com.ifreeway.iroad.security.databaseLoginmodule Required debug = true;
}
This file determines which LoginModule object that is loaded according to this file when creating a LogInText object.
(2) ParsequestFilter.java is filtered by illegal users for each request.
(3) DatabaseEloginmodule.java
(4) SimpleCallbackHandler.java
The introduction of several classes in the upper side involves excessive JAAS core classes, it is recommended to read the contents of the following:
Http://www.yesky.com/20030114/1648365.shtml This article is absolutely helpful for you to understand JaaS, you can also read more Jaas information through my site: http://plateau.sicool.com
2. 2. When ensuring that a legal user (user has passed the filter, the user) requests * .do to determine whether the user has the right to request the DO. You can create a method in the parent class baseAction of each action to determine if it is legal, such as:
Public Boolean Validateright (String _Request_do) throws errorRequestexception {
/ / Get the group where User is located: a
/ / According to _Request_do, assume it: useeradmin.do
// Get its group: B
/ / Then determine if the request is legal according to whether the two groups (A and B) are the same group.
// At this time, A and B are easy to obtain in the container without loss of performance.
}
Prerequisites: Another public baseAction in the project, other Actions should inherit it. This topic I want to use the Struts development project is very easy to understand.
Such as: there is a useeradminaction.java
Then first call Validateright ("UserAdmin.do") when this is executed, if false is returned, then jump to the Error page.
In fact, the solution I wrote on the top is enough in my current project. Who said: "Is it enough for principles?" The item's permission design is really a very big discussion topic. This is a throwing jade, I hope to give you a little prompt, I hope you can give me some better way to prompt, you can contact me through Plateau_t@sina.com and I also contact me. You can send me a message on my site (http://plateau.sicool.com).
Jplateau, Monday, October 20, 2003
