??xml version="1.0" encoding="utf-8" standalone="yes"?>成人av一区二区三区,欧美日韩在线精品,日本乱码一区二区三区不卡http://www.aygfsteel.com/xiaofeng/archive/2008/03/22/187891.html傅晓?/dc:creator>傅晓?/author>Sat, 22 Mar 2008 06:15:00 GMThttp://www.aygfsteel.com/xiaofeng/archive/2008/03/22/187891.htmlhttp://www.aygfsteel.com/xiaofeng/comments/187891.htmlhttp://www.aygfsteel.com/xiaofeng/archive/2008/03/22/187891.html#Feedback0http://www.aygfsteel.com/xiaofeng/comments/commentRss/187891.htmlhttp://www.aygfsteel.com/xiaofeng/services/trackbacks/187891.html8421-权限理pȝ

8421权限

前几天看所以到论坛上的朋友问关于权限管理的问题Q勾起了我前些日子做的一?br /> 权限pȝ目的回忆,早就想ؓq个目写点什么了Q一直苦于没有时_今天
偷闲Q上来写点东ѝ由于水qx限,可能我对权限理的设计和理解q存在问
题,原创q篇文章Q也只是起到个抛砖引玉的作用Q大家一h探讨?/p>

在整个权限系l中Q可以分?个概c它们分别是Q组Q角Ԍ成员Q资源,权限
q?个概忉|成了整个权限理pȝQ其中权限是整个pȝ中的最单位?br /> 首先我D个例子帮助大家理解这5个概念,譬如说你公司里一个项目组Q我们可以把
q整个项目组理解成一个组的概念,而项目组里面有不同的角色Q项目经理,目l?br /> 长,技术经理,E序员,每个角色׃同的成员来充当,而其中每个成员又有着不同
的Q务,目l理?#8220;需求分?#8221;q个资源Q程序员?#8220;代码开?#8221;q个资源Q而程序员
q个角色对于“代码开?#8221;q块资源的权限拥有情况又不一P可能有的E序员拥有代
码开发的权限而没有对其他模块代码修改的权限,所以综上所q这几个概念可以L
一张E-R图,但是׃我还没学会脓图,有心无力了。?/p>

在我做这个系l的时候,我首先从角色入手Q由于不同的pȝ对于自己的组Q成员定
义不同,所以如果这套权限系l应用到其他pȝ上去的时候,可能l和成员的管理会
被重新开发,但是基本的角Ԍ资源Q权限的关系是可以应用到每一个部分的?br /> 所以我先完成了角色->资源->权限部分Q由于篇q有限,所以我只说这一重要模块
了?/p>

角色和资源之间属于多对多的关p,卌色可以拥有多个资源,一个资源也可以被多
个角色所拥有。,而每个资源拥有不同的权限Q大多web开发中Q资源的权限都可?br /> 分成5U,dQ删除,修改Q查询,使用Q我们可以首先创Z个基cL定q?U?br /> 权限的唯一标识Q?br /> public class GenericPrivilegeBase
{
       //当判断权限时Q按二进制位与,?则有权限Qؓ0则没权限
       public final static int NO_PRIVILEGE = 0; //0:无权?br />        public final static int QUERY_OR_USE_PRIVILEGE = 1; //1:查看或?br />        public final static int CREATE_PRIVILEGE = 2; //2:创徏
       public final static int DELETE_PRIVILEGE = 4; //4:删除
       public final static int UPDATE_PRIVILEGE = 8; //8:修改
       public final static int ALL_PRIVILEGE = QUERY_OR_USE_PRIVILEGE | CREATE_PRIVILEGE | DELETE_PRIVILEGE | UPDATE_PRIVILEGE;
       //判断是否有权?br />        public static boolean isValidPrivilege(int privilege)
       {
           if ( (privilege & QUERY_OR_USE_PRIVILEGE) != 0)
           {
                   return true;
           }

           if ( (privilege & CREATE_PRIVILEGE) != 0)
           {
                   return true;
           }

           if ( (privilege & DELETE_PRIVILEGE) != 0)
           {
                   return true;
           }

           if ( (privilege & UPDATE_PRIVILEGE) != 0)
           {
                   return true;
           }

           return false;
       }
       //判断是否有查询权?br />        public static boolean checkQueryPrivilege(int privilege)
       {
           if ( (privilege & QUERY_OR_USE_PRIVILEGE) != 0)
           {
                   return true;
           }
           else
           {
                   return false;
           }
       }

       //判断是否有创建权?br />        public static boolean checkCreatePrivilege(int privilege)
       {
           if ( (privilege & CREATE_PRIVILEGE) != 0)
           {
                   return true;
           }
           else
           {
                   return false;
           }
       }

       ......

      //Ҏpȝ名不同而取不同的权限管理表
      public String getResourceTableName()
      {
           return m_system_name + "Resource";
      }

      public String getPrivilegeTableName()
      {
           return m_system_name + "Privilege";
      }

      ......

}
定义完这个权限判别基cdQ我们后台管理类QDAOQ就可以通过l承该类来获得各U?br /> 权限理表,对他q行操作。此Ӟ在页面上Q我们需要对用户资源q行qoQ在web
开发中Q我们通常url看成一U资源。而url对应的页里的各种增删Ҏ操作看成是权
限,所以我们现在所要做的第一步就是进行url的过滤,当一个用L录时Q我们首先要
判定他有哪些资源Q从而断定他是否可以讉K该url。这里,我们可以通过一个过滤器
filter来过滤。下面给资源qo器的部分代码?br />        public void doFilter(ServletRequest request, ServletResponse response,
                            FilterChain filterChain) throws IOException,
           ServletException
       {
           /**@todo Implement this javax.servlet.Filter method*/
           httprequest = (HttpServletRequest) request;
           httpresponse = (HttpServletResponse) response;
           session = httprequest.getSession();
           //获得用户IDQ登录时存取在sessionQ?br />            String user_id = (String) session.getAttribute("UserID");
           if (user_id == null)
               user_id = "0";
//如果在设计数据库时资源表没有设计对应的url字段Q可以将资源对应url关系写到xml?br /> //         XMLAnalyze xml_analyze = new XMLAnalyze(this.resource_path);
//         String res_id = xml_analyze.XMLResourceReader(httprequest.
//               getServletPath());

           Connection conn = DataSourcePool.getDS().getConnection();
           GenericPrivilegeBase user_manager = new GenericPrivilegeBase(conn,
               system_name);

           String sql = "select Privilege,Url from " + user_manager.getRoleMemberTableName();
           sql += " as r ," + user_manager.getPrivilegeTableName() +
               " as p, "+user_manager.getResourceTableName()+" as u where r.MemberID='" + Integer.parseInt(user_id) + "'";
           sql += " and r.RoleID = p.RoleID and p.ResID = u.ResID";

           boolean flag = false;
           String request_url = httprequest.getServletPath();
           if (request_url.indexOf("Action.do") != -1)
           {
               request_url = request_url.replaceAll("Action.do", ".jsp");
               request_url = request_url.toLowerCase();
           }

           try
           {
               Statement stmt = conn.createStatement();
               ResultSet rs = stmt.executeQuery(sql);
               while (rs.next())
               {
                   int privilege = rs.getInt(1);
                   String url_list = rs.getString(2);
                   if(url_list != null)
                   {
                       String[] url = url_list.split(",");
                       for (int i = 0; i < url.length; i++)
                       {
                       //如果权限不ؓ0且请求url包含该用h拥有的资源对应的url
                           if (privilege != 0 && request_url.indexOf(url) !=-1)
                           {
                               flag = true;
                               break;
                           }
                           if (flag)
                               break;
                       }
                   }
               }
               rs.close();
               stmt.close();
               conn.close();
           }
           catch (SQLException ex)
           {
               System.out.println(ex.getMessage());
               if (conn != null)
               {
                   try
                   {
                       conn.close();
                   }
                   catch (Exception e)
                   {}
               }
           }

           boolean find = false;
           //除去不需要进行资源过滤的urlQ如login.jsp{?br />            if (this.special != null)
           {
               String[] except_page = this.special.split(",");
               if (except_page.length >= 0)
               {
                   for (int i = 0; i < except_page.length; i++)
                   {
                       if (request_url.indexOf(except_page) >= 0)
                       {
                           find = true;
                           break;
                       }
                   }
               }
           }
           if (!find)
           {
               if (!flag || user_id == null || user_id.trim().length() <= 0)
               {
                   httprequest.getRequestDispatcher(this.error_page).forward(httprequest,httpresponse);
               }
               else
               {
                   filterChain.doFilter(httprequest, httpresponse);
               }
           }
           else
           {
               filterChain.doFilter(httprequest, httpresponse);
           }
       }
通过q个qo器,我们完成了资源的qoQ从此我们不必再d心用戯否访问某?br /> urlQ资源)Q接下来的我们需要解决的问题是是如何在页面里面有效的控制增加
Q删除等q些权限Q这可以通过两个办法来控制?br /> W一个办法,是在用L录的时?br /> 我们该用户所有的资源都取出来攑օ一个容器内Q每ơ遇到需要权限判定的地方将
q个容器里的内容循环Q看看是否有该权限?br /> W二个办法是通过一个自定义的标{来控制。只要向自定义的标签内传入用户id和系l?br /> 名就可以了,q种标签自然是应该成对的Q包括有此权限的标签和无此权限的标签Q类
?lt;logic:present>?lt;logic:notPresent>标签Q具体的自定义标{我书写如下Q?br /> <page:privilege beanName="InitBean" scope="session" operation="UPDATE">
         <html:link href="modifyRoleAction.do" paramId="roleid" paramName="role" paramProperty="m_role_id">修改</html:link>
</page:privilege>
q段标签的意思是Q如果取InitBeanq个javabean中的属性字Duserid为当前用P?br /> 用户在本urlQ本url是一个资源)Q如果有UPDATE权限Q那执行标{ֆbody部分?br /> 链接代码Qhtml:linkQ?br /> 与此标签对应的标{֦下:
<page:notPrivilege beanName="InitBean" scope="session" operation="UPDATE">
         <html:link href="modifyRoleAction.do" paramId="roleid" paramName="role" paramProperty="m_role_id">修改</html:link>
</page:notPrivilege>
我给Z部分该标{代码Q?br />        public int doStartTag() throws JspTagException
       {
           int userID = 0;
           String systemName = "";
           if (scope == null || scope.equals(""))
               return SKIP_BODY;
           else
           {
               if (scope.equalsIgnoreCase("session"))
               {
                   HttpSession session = pageContext.getSession();
                   LoginForm init_bean = (LoginForm)session.getAttribute("InitBean");
                   if (init_bean == null)
                       return SKIP_BODY;
                   String user_id = init_bean.getUserid();//得到用户id
                   systemName = init_bean.getSystem_name();
                   try
                   {
                       userID = Integer.parseInt(user_id);
                   }
                   catch (NumberFormatException ex1)
                   {
                   }
               }
               else
               if (scope.equalsIgnoreCase("request"))
               {
                   HttpServletRequest request = (HttpServletRequest)pageContext.getRequest();
                   LoginForm init_bean = (LoginForm)request.getAttribute("InitBean");
                   if (init_bean == null)
                       return SKIP_BODY;
                   String user_id = init_bean.getUserid();
                   systemName = init_bean.getSystem_name();
                   try
                   {
                       userID = Integer.parseInt(user_id);
                   }
                   catch (NumberFormatException ex1)
                   {
                   }
               }
           }

           Connection conn = DataSourcePool.getDS().getConnection();
           if (conn == null || systemName == null || operation == null)
               return SKIP_BODY;
           GenericPrivilegeBase user_manager = new GenericPrivilegeBase(conn,
               systemName);
           HttpServletRequest request = (HttpServletRequest)pageContext.getRequest();
           String resource_path = request.getServletPath();//得到本页资源url

           String sql = "select Privilege,Url from " + user_manager.getRoleMemberTableName();
           sql += " as r ," + user_manager.getPrivilegeTableName() +
               " as p, "+user_manager.getResourceTableName()+" as u where r.MemberID='" + userID + "'";
           sql += " and r.RoleID = p.RoleID and p.ResID = u.ResID";
           int privilege = 0;
           try
           {
               Statement stmt = conn.createStatement();
               ResultSet rs = stmt.executeQuery(sql);
               while (rs.next())
               {
                   privilege = rs.getInt(1);
                   String url_list = rs.getString(2);
                   if(url_list != null)
                   {
                       String[] url = url_list.split(",");
                       for (int i = 0; i < url.length; i++)
                       {
                       //如果权限不ؓ0且请求url包含该用h拥有的资源对应的url
                           if (privilege != 0 && request_url.indexOf(url) !=-1)
                           {
                               flag = true;
                               break;
                           }
                           if (flag)
                               break;
                       }
                   }
               }
               rs.close();
               stmt.close();
               conn.close();
           }
           catch (SQLException ex)
           {
               System.out.println(ex.getMessage());
               if (conn != null)
               {
                   try
                   {
                       conn.close();
                   }
                   catch (Exception e)
                   {}
               }
               return SKIP_BODY;
           }
           if (operation.equals("NONE"))
               return EVAL_BODY_TAG;
           if (operation.equals("QUERY"))//如果需要判定是否具有查?br />                if (user_manager.checkQueryPrivilege(privilege))//如果h查询权限
                   return EVAL_BODY_TAG;
           if (operation.equals("CREATE"))
               if (user_manager.checkCreatePrivilege(privilege))
                   return EVAL_BODY_TAG;
           if (operation.equals("DELETE"))
               if (user_manager.checkDeletePrivilege(privilege))
                   return EVAL_BODY_TAG;
           if (operation.equals("UPDATE"))
               if (user_manager.checkUpdatePrivilege(privilege))
                   return EVAL_BODY_TAG;
           if (operation.equals("USE"))
               if (user_manager.checkUsePrivilege(privilege))
                   return EVAL_BODY_TAG;
           return SKIP_BODY;
       }
通过q两个标{ְ可以判定面上的所有权限了?/p>

在以上的说明和代码里面,我们Ҏ限的控制主要是通过4个二q制位与来获得,他们
分别?Q?Q?Q?Q这四位二进制位分别代表?U权限,我们在工E的开始就他?br /> 写入一个基c,q样后面判定权限的时候都引用了这个基c里面的判定函数?br />



]]>mysql的like问题Q解x?/title><link /><dc:creator>傅晓?/dc:creator><author>傅晓?/author><pubDate>Fri, 18 Jan 2008 07:41:00 GMT</pubDate><guid /><wfw:comment>http://www.aygfsteel.com/xiaofeng/comments/176252.html</wfw:comment><comments>#Feedback</comments><slash:comments>0</slash:comments><wfw:commentRss>http://www.aygfsteel.com/xiaofeng/comments/commentRss/176252.html</wfw:commentRss><trackback:ping>http://www.aygfsteel.com/xiaofeng/services/trackbacks/176252.html</trackback:ping><description><![CDATA[<a target='_blank' >[阅读全文]</a><br><a target='_blank'>[和讯博客]</a><img src ="http://www.aygfsteel.com/xiaofeng/aggbug/176252.html" width = "1" height = "1" /><br><br><div align=right><a style="text-decoration:none;" href="http://www.aygfsteel.com/xiaofeng/" target="_blank">傅晓?/a> 2008-01-18 15:41 <a href="#Feedback" target="_blank" style="text-decoration:none;">发表评论</a></div>]]></description></item><item><title>ERWin单教E(一Q?/title><link /><dc:creator>傅晓?/dc:creator><author>傅晓?/author><pubDate>Fri, 18 Jan 2008 07:41:00 GMT</pubDate><guid /><wfw:comment>http://www.aygfsteel.com/xiaofeng/comments/176251.html</wfw:comment><comments>#Feedback</comments><slash:comments>0</slash:comments><wfw:commentRss>http://www.aygfsteel.com/xiaofeng/comments/commentRss/176251.html</wfw:commentRss><trackback:ping>http://www.aygfsteel.com/xiaofeng/services/trackbacks/176251.html</trackback:ping><description><![CDATA[<a target='_blank' >[阅读全文]</a><br><a target='_blank'>[和讯博客]</a><img src ="http://www.aygfsteel.com/xiaofeng/aggbug/176251.html" width = "1" height = "1" /><br><br><div align=right><a style="text-decoration:none;" href="http://www.aygfsteel.com/xiaofeng/" target="_blank">傅晓?/a> 2008-01-18 15:41 <a href="#Feedback" target="_blank" style="text-decoration:none;">发表评论</a></div>]]></description></item><item><title>Iframe随内定w变换高度以及iframe透明傅晓?/dc:creator>傅晓?/author>Fri, 18 Jan 2008 07:41:00 GMThttp://www.aygfsteel.com/xiaofeng/comments/176250.html#Feedback0http://www.aygfsteel.com/xiaofeng/comments/commentRss/176250.htmlhttp://www.aygfsteel.com/xiaofeng/services/trackbacks/176250.html[阅读全文]
[和讯博客]

]]>tomcat整合web server(apache)傅晓?/dc:creator>傅晓?/author>Fri, 18 Jan 2008 07:41:00 GMThttp://www.aygfsteel.com/xiaofeng/comments/176249.html#Feedback0http://www.aygfsteel.com/xiaofeng/comments/commentRss/176249.htmlhttp://www.aygfsteel.com/xiaofeng/services/trackbacks/176249.html[阅读全文]
[和讯博客]

]]>什么叫|关的精?经?DNS,以及DHCP协议的解?/title><link /><dc:creator>傅晓?/dc:creator><author>傅晓?/author><pubDate>Fri, 18 Jan 2008 07:41:00 GMT</pubDate><guid /><wfw:comment>http://www.aygfsteel.com/xiaofeng/comments/176248.html</wfw:comment><comments>#Feedback</comments><slash:comments>0</slash:comments><wfw:commentRss>http://www.aygfsteel.com/xiaofeng/comments/commentRss/176248.html</wfw:commentRss><trackback:ping>http://www.aygfsteel.com/xiaofeng/services/trackbacks/176248.html</trackback:ping><description><![CDATA[<a target='_blank' >[阅读全文]</a><br><a target='_blank'>[和讯博客]</a><img src ="http://www.aygfsteel.com/xiaofeng/aggbug/176248.html" width = "1" height = "1" /><br><br><div align=right><a style="text-decoration:none;" href="http://www.aygfsteel.com/xiaofeng/" target="_blank">傅晓?/a> 2008-01-18 15:41 <a href="#Feedback" target="_blank" style="text-decoration:none;">发表评论</a></div>]]></description></item><item><title>抛弃IIS傅晓?/dc:creator>傅晓?/author>Fri, 18 Jan 2008 07:41:00 GMThttp://www.aygfsteel.com/xiaofeng/comments/176247.html#Feedback0http://www.aygfsteel.com/xiaofeng/comments/commentRss/176247.htmlhttp://www.aygfsteel.com/xiaofeng/services/trackbacks/176247.html[阅读全文]
[和讯博客]

]]>抛弃IISl集傅晓?/dc:creator>傅晓?/author>Fri, 18 Jan 2008 07:41:00 GMThttp://www.aygfsteel.com/xiaofeng/comments/176246.html#Feedback0http://www.aygfsteel.com/xiaofeng/comments/commentRss/176246.htmlhttp://www.aygfsteel.com/xiaofeng/services/trackbacks/176246.html[阅读全文]
[和讯博客]

]]>mysql的like问题Q解x?/title><link /><dc:creator>傅晓?/dc:creator><author>傅晓?/author><pubDate>Fri, 18 Jan 2008 07:39:00 GMT</pubDate><guid /><wfw:comment>http://www.aygfsteel.com/xiaofeng/comments/176242.html</wfw:comment><comments>#Feedback</comments><slash:comments>0</slash:comments><wfw:commentRss>http://www.aygfsteel.com/xiaofeng/comments/commentRss/176242.html</wfw:commentRss><trackback:ping>http://www.aygfsteel.com/xiaofeng/services/trackbacks/176242.html</trackback:ping><description><![CDATA[<a target='_blank' >[阅读全文]</a><br><a target='_blank'>[和讯博客]</a><img src ="http://www.aygfsteel.com/xiaofeng/aggbug/176242.html" width = "1" height = "1" /><br><br><div align=right><a style="text-decoration:none;" href="http://www.aygfsteel.com/xiaofeng/" target="_blank">傅晓?/a> 2008-01-18 15:39 <a href="#Feedback" target="_blank" style="text-decoration:none;">发表评论</a></div>]]></description></item><item><title>ERWin单教E(一Q?/title><link /><dc:creator>傅晓?/dc:creator><author>傅晓?/author><pubDate>Fri, 18 Jan 2008 07:39:00 GMT</pubDate><guid /><wfw:comment>http://www.aygfsteel.com/xiaofeng/comments/176241.html</wfw:comment><comments>#Feedback</comments><slash:comments>0</slash:comments><wfw:commentRss>http://www.aygfsteel.com/xiaofeng/comments/commentRss/176241.html</wfw:commentRss><trackback:ping>http://www.aygfsteel.com/xiaofeng/services/trackbacks/176241.html</trackback:ping><description><![CDATA[<a target='_blank' >[阅读全文]</a><br><a target='_blank'>[和讯博客]</a><img src ="http://www.aygfsteel.com/xiaofeng/aggbug/176241.html" width = "1" height = "1" /><br><br><div align=right><a style="text-decoration:none;" href="http://www.aygfsteel.com/xiaofeng/" target="_blank">傅晓?/a> 2008-01-18 15:39 <a href="#Feedback" target="_blank" style="text-decoration:none;">发表评论</a></div>]]></description></item></channel></rss> <footer> <div class="friendship-link"> <a href="http://www.aygfsteel.com/" title="狠狠久久亚洲欧美专区_中文字幕亚洲综合久久202_国产精品亚洲第五区在线_日本免费网站视频">狠狠久久亚洲欧美专区_中文字幕亚洲综合久久202_国产精品亚洲第五区在线_日本免费网站视频</a> </div> </footer> վ֩ģ壺 <a href="http://" target="_blank">Ƽ</a>| <a href="http://" target="_blank">½</a>| <a href="http://" target="_blank"></a>| <a href="http://" target="_blank"></a>| <a href="http://" target="_blank">ϲ</a>| <a href="http://" target="_blank"></a>| <a href="http://" target="_blank">ɽ</a>| <a href="http://" target="_blank"></a>| <a href="http://" target="_blank">½</a>| <a href="http://" target="_blank"></a>| <a href="http://" target="_blank"></a>| <a href="http://" target="_blank"></a>| <a href="http://" target="_blank"></a>| <a href="http://" target="_blank">˳</a>| <a href="http://" target="_blank">«</a>| <a href="http://" target="_blank">ƽ</a>| <a href="http://" target="_blank">֥</a>| <a href="http://" target="_blank"></a>| <a href="http://" target="_blank">׿</a>| <a href="http://" target="_blank"></a>| <a href="http://" target="_blank"></a>| <a href="http://" target="_blank">ɽ</a>| <a href="http://" target="_blank"></a>| <a href="http://" target="_blank"></a>| <a href="http://" target="_blank"></a>| <a href="http://" target="_blank"></a>| <a href="http://" target="_blank">ͤ</a>| <a href="http://" target="_blank"></a>| <a href="http://" target="_blank"></a>| <a href="http://" target="_blank"></a>| <a href="http://" target="_blank">ɳ</a>| <a href="http://" target="_blank">ػʵ</a>| <a href="http://" target="_blank"></a>| <a href="http://" target="_blank">Դ</a>| <a href="http://" target="_blank">կ</a>| <a href="http://" target="_blank"></a>| <a href="http://" target="_blank"></a>| <a href="http://" target="_blank">Ͻ</a>| <a href="http://" target="_blank">߱</a>| <a href="http://" target="_blank"></a>| <a href="http://" target="_blank">̩</a>| <script> (function(){ var bp = document.createElement('script'); var curProtocol = window.location.protocol.split(':')[0]; if (curProtocol === 'https') { bp.src = 'https://zz.bdstatic.com/linksubmit/push.js'; } else { bp.src = 'http://push.zhanzhang.baidu.com/push.js'; } var s = document.getElementsByTagName("script")[0]; s.parentNode.insertBefore(bp, s); })(); </script> </body>