作为JSF / JPA Web应用程序项目的一部分,我需要实现一个完整的用户授权模块。我正在使用Apache Shiro进行身份验证,如果它符合要求,也可以将其用于授权。但是,现在我正在设计数据库模式模型,并提出了下表。我不确定这是否是最佳方法,需要一些反馈。
要求
根据用户的角色和群组成员身份授权用户。可以将角色分配给组或单个用户。数据分散在多个表中,但在这里我只举一个存储项目详细信息的表的示例。
授权表格列表
Table:APP_USER : This table will store the user details along with hashed password
Columns: ID/Username/Password
Table:APP_ROLES : This table stores the roles definitions
Columns:ID/Rolename/Desc
Table: APP_PRIVILEGES : This table stores the actual privileges that are assigned to roles
Columns: ID/Privilege Name/Privilege Type/Role ID
Table: APP_GROUPS: This table stores the group definitions
Columns: ID/GroupName/
Table: APP_USER_GROUPS_MAPPING: This table stores mapping of users to groups and has references to APP_USERS & APP_Groups tables
Columns: USER_ID/Group ID
Table: APP_GROUP_ROLES_MAPPING: This table stores the mapping of groups to roles and has references to APP_ROLES and APP_GROUPS
Columns: Group_ID/Role_ID
Table: APP_USER_ROLE_MAPPING: This table stores the mapping of users to roles in case the role is directly assigned to users and has references to APP_USERS and APP_ROLES tables
Columns: USER_ID/ROLE_ID
Table: APP_PROJECTS_DETAILS: This is one of the many tables that store the data. This specific table holds project details
Columns: ID/PROJECT_NAME/DESC etc
Table: APP_GROUP_PROJECTS_MAPPING: This table stores the permission mapping of which groups has access to which projects.
授权示例:用户尝试删除项目Test1
我个人认为这有点复杂但不确定如何改进
答案 0 :(得分:0)
听起来像是一个好的设计,除非你可能重新发明轮子。 Java EE already provides both declarative and programmatic security facilities与您尝试实施的内容类似。
答案 1 :(得分:0)
## Prepare your database relation like this ##
用户----
@OneToMany(mappedBy = "User")
@XmlTransient
private List<GroupPermissions> groupPermissionsList;
@ManyToOne
@JoinColumn(name = "roleId", referencedColumnName = "id", insertable = false, updatable = false)
@XmlTransient
private Role role;
private static final long serialVersionUID = 5667633010066722654L;
GroupPermissions
private int userId;
private int groupId;
@ManyToOne
@JoinColumn(name = "userId", referencedColumnName = "id", insertable = false, updatable = false)
@XmlTransient
private User user;
@ManyToOne
@JoinColumn(name = "groupId", referencedColumnName = "id", insertable = false, updatable = false)
@XmlTransient
private ProjectGroup group;
ProjectGroup权限
private int groupId;
private int projectId;
@ManyToOne
@JoinColumn(name = "groupId", referencedColumnName = "id", insertable = false, updatable = false)
@XmlTransient
private ProjectGroup projectGroup;
@ManyToOne
@JoinColumn(name = "projectId", referencedColumnName = "id", insertable = false, updatable = false)
@XmlTransient
private Project project;
作用
Define your filed in rile table
执行以下步骤
在加载方法中检查项目页面
1如果有角色,则返回用户分配角色ex(删除,修改,查看)(步骤1) 比检查第二步其他明智的重定向未授权访问 2首先审核用户分配组---&gt;项目