Shulou(Shulou.com)06/01 Report--

This article mainly explains "how to achieve rights management based on Spring Boot". The content of the explanation is simple and clear, and it is easy to learn and understand. Please follow the editor's ideas to study and learn "how to achieve rights management based on Spring Boot".

Authority management

Permissions are the most important part of every system, and the general development system starts from the permissions system.

In terms of the strength of control, rights management can be divided into two categories:

Function-level privilege management

Data-level rights management.

From the perspective of control direction, rights management can also be divided into two categories:

Get data from the system, such as querying orders and customer information

Submit data to the system, such as deleting orders and modifying customer information.

In terms of categories, there are two main categories:

Certification: who are you? -identify the user.

Authorization: what can you do? -restrict the features used by users.

From the control level (model):

URL level-coarse grained

Configure a filter filter in web.xml. In the filter, the requested address is parsed and the string is intercepted: url.substring (). Truncate all the paths in front of the context, leaving user_login.action. Filter code: to determine whether the currently logged-in user can access user_login.action by querying the database. Url-level control, only once in each request process, compared to the method-level permission control is coarse-grained! Access control at URL level, based on Filter.

Method level-Fine Grain

Aop aspect-oriented programming determines permissions before the method is executed, throws an exception if there is no permission, and terminates the continued operation of the method. Custom annotation adds the required permission information agent (Spring AOP) to the method of authority control, enhances it when the target method is running, obtains the permissions in the annotation of the target method through reflection technology, and queries the database to obtain the permissions of the current login users for comparison. Compared to URL-level permission control, you can control each method executed on the server side, multiple times in a single request.

Page level-Custom tags (display)

The permission control of page display is usually achieved through custom tags.

Data level-the most refined (data)

Add a field to each piece of data that records the value of the permission. Data and permission binding. Code, when you query data, you need to go to the permissions and user corresponding table, through the current login user conditions, query your data permissions. Then take the data permissions as a condition and put them into the business table for query. Thus restricting access to the data.

Apache Shiro

Apache Shiro can be used without any technology, can be directly integrated with web, and is usually used in conjunction with Spring in the enterprise.

Authentication: authentication-user login

Authorization: authorization-functional rights management

The architecture of Shiro's framework:

The principle of the Shiro access control process:

Application code-call Subject (Subject of shiro represents the current login user) to control permissions-Subject calls Shiro SecurityManager security manager within the shiro framework-security manager calls Realm (program and security data connector).

For Subject to do anything, it must call the security manager (which is automatic for us). The security manager calls the specified Realms object to connect to the security data.

Realms is used to write secure code logic and access secure data. It is a bridge between programs and secure data.

System effect

The basic framework of the project adopts the brand-new Java Web development framework-Spring Boot, which eliminates the complicated XML configuration and makes the secondary development easier; the data access layer uses Mybatis, while general Mapper and PageHelper plug-ins are introduced, which can quickly and efficiently add, delete, modify and query a single table, eliminating a large number of traditional XML configuration SQL code; the security framework adopts the popular Apache Shiro, which can realize the access control at the button level. The front-end page is built using Bootstrap, the theme style is the latest Google design language Material Design, and provides multiple sets of colors to choose from. FEBS means: Fast,Easy use,Beautiful and Safe.

The functional modules of the system are composed as follows:

Back-end of technology selection

Basic framework: Spring Boot

Persistence layer framework: Mybatis

Security framework: Apache Shiro

Prototype engine: Thymeleaf

Database connection Pool: Alibaba Druid

Caching framework: Ehcache

Log printing: logback

Others: fastjson,poi,javacsv,quartz et al.

Front end

Basic framework: Bootstrap4

JavaScript framework: jQuery

Message component: Bootstrap notify

Prompt box plug-in: SweetAlert2

Tree plug-in: jsTree

Tree table plug-in: jqTreeGrid

Table plug-in: BootstrapTable

Form verification plug-in: jQuery-validate

Multiple drop-down box plug-ins: multiple-select

Chart plug-in: Highcharts

Development environment

Language: Java

IDE:Eclipse Oxygen

Dependency Management: Maven

Database: Oracle 11g & MySQL 5.7,

Version management: SVN,git

The effect of the system is as follows:

Thank you for reading, the above is the content of "how to achieve rights management based on Spring Boot". After the study of this article, I believe you have a deeper understanding of how to achieve rights management based on Spring Boot, and the specific use needs to be verified in practice. Here is, the editor will push for you more related knowledge points of the article, welcome to follow!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.