Shulou(Shulou.com)06/03 Report--

Reprint this article need to indicate the source: Wechat official account EAWorld, violators will be prosecuted.

Introduction:

Application basic framework Coframe is an open source application basic framework that comes with EOS products, which provides the basic capabilities of business applications such as resource management, rights management, user and role management. Users can carry out secondary development and expansion according to their own needs. This article shares the main functions, design and implementation of Coframe to you.

Table of contents:

I. brief introduction

II. System resources

III. Authority management

IV. Organization and management

I. brief introduction

Application infrastructure framework, also known as Coframe, is the product's own open source application infrastructure framework, which provides some basic functions, and users can carry out secondary development and expansion according to their own needs.

Coframe provides three core functions:

System resources: provide function menu management, dictionary code table, application management fold several application framework basic capabilities.

Privilege management: provides a complex privilege calculation model and authorization model based on Party (participant).

Based on the concepts of participants, resources and authorization, a participant model can be developed to meet the personalized needs of users.

Organization and management: provides relevant management functions of organizations, positions, employees, users, working groups and other organizations, and supports docking with existing business systems, so that applications developed based on Puyuan EOS Platform 8.0 can easily use the same set of organizations.

Logical architecture

The logical architecture diagram shows the basic functional modules of the basic application framework, and the front-end Restful form interface invokes the back-end service.

Process architecture

Schematic of Coframe integrated deployment

There are two deployment modes of application infrastructure: micro-service architecture Coframe integration mode and single application architecture Coframe integration mode.

The single-application architecture is easy to understand, that is, the application is developed directly with Coframe source code or jar package, and there is only one server at the back end, while the integration mode can encapsulate the services to be exposed by the application in Coframe, so that Coframe can manage the permissions of the application. The front end is developed with VUE, which makes it easy to use the source code for secondary development.

Data model

(click on the picture to enlarge)

The DB table structure, which is the data model of the basic framework, shows some main table structures, including permissions table, user table and so on. Users can easily carry out secondary development and extended applications.

II. System resources

Menu management

The menu framework supports two-level menus, and users can customize the path and opening mode of the menu.

The application infrastructure provides several basic menus, which users can edit on the page or directly on the database side. At present, the front-end Ui of the application infrastructure supports two-level menus, and users can expand to three-level menus according to their own needs.

Dictionary code table

The dictionary code table is the data dictionary with business attributes defined within the system.

The system administrator can configure dictionary types and dictionary entries to manage the underlying data of enumerated types in the system and to support excel import and export. Both dictionary types and dictionary data support first-level subitems.

Dictionary types: classified management of data

Dictionary data items: enumerated data to be managed

Application management

Application management, also known as service authority control, refers to the access control of application service functions in multi-application systems and single-application systems. Realize the flexible binding of roles, users and functions.

Add @ TarestOperation annotation to the functional interface method definition that requires permission management, and publish the service.

@ RequestMapping ("/ say-hello")

@ TarestService (group = "SP1", displayName = "service provision group 1", version = "1.0.0.0", groupName = "service provision group 1", name = "ISampleAppHello")

Public interface ISampleAppHello {

@ GetMapping

@ TarestOperation (checkPermission=false,name= "DEMO_001", displayName= "function 1")

String sayHello ()

/ * *

* @ TarestOperation does not manage permissions by default in @ TarestOperation

* enable the permission control function by setting checkPermission = true

* * /

@ GetMapping (value = "/ user")

@ TarestOperation (checkPermission = true,name= "DEMO_002", displayName= "function 2")

String insertDemo (@ RequestParam String name, @ RequestParam Integer age)

}

(swipe left and right to see all the code)

A single-application system is a system with only one back-end application, and there is no need to build a new application (directly integrate Coframe in an embedded way).

Multi-application system is a system with multiple back-end applications. As an independent application deployment system, Coframe needs to build new applications in coframe. As shown in the figure:

III. Authority management

The complex privilege calculation model and authorization model based on Party (participant) are provided.

Based on the concepts of participants, resources and authorization, a participant model can be developed to meet the personalized needs of users.

Role: role is an important object in Coframe, and it can also become a permission set, which represents a subset of permissions in the system, which is used to control the set of functions that users can use, and gives users a role to represent the right to use certain functions. The assignment of roles in Coframe itself not only gives certain users, employees, organizations, etc., but also gives roles access to certain functions, modules, forms, views and other resources. The permission that a user with a role can access the resources granted by the role.

Users: all users who can log on to the system are users in the system, and there are two ways to increase the login account. One is to add a user to the user management, and the second is to associate a user when a new employee is added in the organization management, and a new user will be created if the user's login name does not exist.

User management

All users who can log in to the system are users in the system, and there are two ways to increase the login account. One is to add a user to the user management, and the second is to associate a user when a new employee is added in the organization management, and a new user will be created if the user's login name does not exist. When Coframe logs in using IAM's unified authentication, it can synchronize the user information under the same tenant on the IAM side.

The user account of Coframe is determined by its login authentication method whether it is created locally or IAM, which is the user information synchronized from the same serious platform.

Local login: user account and its authentication password are stored locally. For local authentication configuration, please see: http://t.cn/EUrzEtL

Single sign-on: sso login integrated with IAM, for more information: http://t.cn/EUrZPOs

Authorization management

At present, menu authorization and service authorization are provided, and authorization management is to establish a relationship between resources and participants. As shown in the following figure, menus and applications:

That is, it can be regarded as a resource, while the account, role, organization, work, etc., can be regarded as participants. The authorization table structure is shown in the following figure:

This annotation is used to mark a data entity as an authorized entity, which needs to specify the type: resource, authorized subject, such as:

@ Entity

/ / the entity name is order and the type is resource

@ AuthEntity (name = "order", type = AuthEntityType.RESOURCE)

@ Table (name = "SAMPLE_ORDER")

Public class SampleOrder {

@ Id

@ GeneratedValue

Private Long id

Private String name

Private Date date

}

(swipe left and right to see all the code)

IV. Organization and management

Organization management

Organization refers to the organization of an enterprise, which generally contains information about institutions, positions, employees and so on.

Organization management maintains the information and relationships of institutions, posts, personnel and other information and relationships through the maintenance of an organization personnel tree, and can set the roles of these organizational objects.

Working group management

The working group is similar to the organization, is to manage the project team, working group and other temporary organizations, the business usually has a certain timeliness of the working group, is a non-permanent body.

A working group is an organizational group dynamically created by an enterprise, under which there can be sub-working groups and employee information.

Summary:

The above introduces the main basic functions of the application infrastructure, as well as some ideas in the design process, such as authorization model.

As the basic framework of open source application will continue to improve with the development of planning, users can change the adaptation according to their own needs. You are also very welcome to participate more to make it stronger.

Selected questions:

Q1: is this a front-end separation project? I think the front end is deployed separately in nginx.

Answer: the front end is separated from the front end, and the front end is developed with VUE.

Q2: does the connected SSO support CAS? If it is CAS, are there any good designs at the front end for projects that are separated at the front end? Because CAS is generally based on fliter to access CAS server.

A: the connected SSO is Oauth3.0. Currently, CAS is not supported. Please refer to it.

Is 3:Coframe open source? Is it available for commercial use?

A: it is generally open source to the company's customers, but the source code is not released (not on hosting platforms such as github).

Q4: is it a platform-level application? can I access a third-party application?

A: no, it provides basic capabilities such as menu and authorization, which can be redeveloped based on source code or develop your own applications based on jar.

Q5: what is the latest version at present? Is Shiro used for authorization?

A: the latest snapshot version, 8.0.0-SNAPSHOT, is currently ready to develop 8.0.0-LA2-SNAPSHOT. Authorization is not the shiro used, but the authorization method developed based on the three models of participant, resource and authorization.

About the author: Xu Fangjie, a senior software engineer at Puyuan, was responsible for the core module development, operation and maintenance of the project at Huawei, was good at Web, operation and maintenance, and participated in the construction and implementation of Puyuan EOS 8 Micro Service platform Application Infrastructure (Coframe).

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.