Coarse-grained URL level permission control
Permission control is mainly divided into coarse-grained URL level permission control and fine-grained Method level permission control. (Recommended learning: web front-end video tutorial)
Our operations in the background system, whether we click a button or click a menu item, are accessing a server-side resource, and what identifies the server resource is the URL. How to control users' operating permissions on server resources? There will be two tables in our database:
User table and permission control table. The users in the user table are associated with the relevant permissions in the permission control table. Filter is used to determine whether the current user has the permission corresponding to the URL address. If the user's corresponding permission list does not have the currently accessed URL address, it will prompt that the permissions are insufficient. If the user's corresponding permission list contains the URL address, the user is allowed to access.
Simply put, coarse-grained permission control based on URL is to store the corresponding relationship between users, permissions, and access URLs in the database. When the current user accesses a URL address, the database is queried to determine the user's current status. The permissions you have, whether it contains this URL, if it does, access is allowed, if it does not, it prompts that you have insufficient permissions.
Fine-grained method-level permission control
Fine-grained method-level permission control is more granular than coarse-grained permission control. Similarly, when you click a button or a menu item in the background system, you are accessing a URL resource on the server side, and this URL address will involve methods in the presentation layer, business layer, and DAO data layer. The coarse-grained one is to query the relevant permissions of the current user in the data table and compare them to determine whether to release the user. The difference is that the fine-grained permission control is implemented based on custom annotations.
For example: add an annotation @Permission ("custom permission name") to a method in the business layer. This annotation contains the permission information required to access the method, and is also created in the database. Two tables: user table and permission table. The permission name in the permission table must be consistent with the custom name in the annotation just added to the method. To put it bluntly, the permission information is described in the permission table, and then By adding annotations to the method, the purpose of permission control on the method is achieved. The permissions in the permission table corresponding to the user in the user table are also associated in the data table. Which methods and resources can the user access? It is controlled through data tables combined with annotations.
The underlying implementation principle is: spring manages the objects corresponding to the beans configured in applicationContext.xml. When the user accesses a URL address, spring can return the proxy object of the real object being accessed. When accessing each method of the real object, the proxy object will query the database to determine whether the current user has the permissions defined in the annotation. Because it is the proxy object of the real object, it can implement this series of operations, and finally determine whether Result with permissions to control user access.
Simply put, fine-grained permission control is achieved through proxy objects combined with custom annotations. When the user accesses the method of the target object, permission annotation information is added to the method, and a proxy object is created for the target object. , access the proxy object before accessing the real object, and the proxy object goes to the database to query the permission data to determine whether the user has the required permissions described in the annotation. If you have access rights, access will be allowed. If you don't have access rights, access will be blocked and a message indicating insufficient rights will be displayed.
The above is the detailed content of How to implement network permission control. For more information, please follow other related articles on the PHP Chinese website!
网络ms是什么意思Jul 12, 2021 am 10:52 AM网络ms是指网络延迟了以ms(毫秒)为单位的数据。网络中的ms就是指的毫秒,ms数值则代表了网络的延时情况,如果ms数值越高,说明当前网络延迟状况严重,用户进行游戏时会出现卡顿现象;如果ms数值越低,也就代表了网络状况流畅。
网络接入已满是什么意思Feb 28, 2023 pm 02:15 PM网络接入已满的意思是指当前连接的WIFI已经达到预定的设备数量了,无法再接入新的设备了;通俗说就是路由器设置了只能连接N个设备,现在已经足够了,所以新的设备就连接不了。
在因特网上的每一台主机都有唯一的地址标识称为什么Aug 22, 2022 pm 03:24 PM每一台主机都有唯一的地址标识称为“IP地址”。IP地址是IP协议提供的一种统一的地址格式,它为互联网上的每一个网络和每一台主机分配一个唯一的逻辑地址,以此来屏蔽物理地址的差异。由于有这种唯一的地址,才保证了用户在连网的计算机上操作时,能够高效而且方便地从千千万万台计算机中选出自己所需的对象来。
网络忙是什么意思Mar 10, 2023 pm 03:39 PM网络忙的意思就是“网络忙线”,指对方拒绝接听电话或者当信号不好时,就会出现提示网络忙;提示网络忙的其他原因有:1、所处的电话基站的无线信道太少或打电话的人太多;2、晚上IP路由比较忙,所以会经常听到网络忙的提示。
进网许可和进网试用有什么区别Sep 28, 2022 am 11:22 AM进网许可和进网试用的区别:1、标志上的颜色不同,进网试用的标志颜色是绿色,而进网许可标志是蓝色的;2、两者的使用时间不同,进网试用是给用户一年的试用期,但是进网许可是直接进行使用,没有时间限制。
chn-ct是什么网络Oct 27, 2022 pm 05:09 PMchn-ct是中国电信的4G网络。CHN-CT全称China Telecom(FDD-LTE),翻译过来是中国电信(第四代移动通信网络),属于中国电信的移动通信网络,只有电信用户可以使用。CHN-CT技术包括TD-LTE和FDD-LTE两种制式,但LTE只是3.9G,因此在严格意义上其还未达到4G的标准;只有升级版的LTE Advanced才满足国际电信联盟对4G的要求。
evdo是什么网络Oct 26, 2022 am 11:31 AMevdo是电信的CDMA网络的3G网络制式,最高速度可以达到3.1M左右;evdo是三个单词的缩写,全称为“CDMA2000 1xEV-DO”,已被国际电联ITU接纳为国际3G标准。
puo的网络意思是什么Nov 21, 2022 am 10:43 AMpuo的网络意思是禁止的用户操作。puo其原理是通知用户是否对应用程序使用硬盘驱动器和系统文件授权,以达到帮助阻止恶意程序损坏系统的效果。puo提示要求获得许可才能提升权限时,桌面被锁定,这样它只接受来自Windows进程的消息;Windows页面内存管理进程作为单线程运行在每个处理器上,并在系统不处理其他线程的时候分派处理器的时间。
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
AI Hentai Generator
Generate AI Hentai for free.
Hot Article
Hot Tools
SublimeText3 English version
Recommended: Win version, supports code prompts!
Safe Exam Browser
Safe Exam Browser is a secure browser environment for taking online exams securely. This software turns any computer into a secure workstation. It controls access to any utility and prevents students from using unauthorized resources.
Zend Studio 13.0.1
Powerful PHP integrated development environment
DVWA
Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is very vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, to help web developers better understand the process of securing web applications, and to help teachers/students teach/learn in a classroom environment Web application security. The goal of DVWA is to practice some of the most common web vulnerabilities through a simple and straightforward interface, with varying degrees of difficulty. Please note that this software
mPDF
mPDF is a PHP library that can generate PDF files from UTF-8 encoded HTML. The original author, Ian Back, wrote mPDF to output PDF files "on the fly" from his website and handle different languages. It is slower than original scripts like HTML2FPDF and produces larger files when using Unicode fonts, but supports CSS styles etc. and has a lot of enhancements. Supports almost all languages, including RTL (Arabic and Hebrew) and CJK (Chinese, Japanese and Korean). Supports nested block-level elements (such as P, DIV),
