假设我有两名员工有不同的信息,网址看起来像
Too few invocations for:
1 * mailService.sendMail({captured instanceof Closure }) (0 invocations)
...
Unmatched invocations (ordered by similarity):
1 * mailService.sendMail(com...CUTService$_theMethod_closure5@21a4c83b)
并使用empInfo.jsp页面。
当ID为1的员工登录系统时,他可以访问http://localhost:8080/springtest/1,但他无法访问http://localhost:8080/springtest/2,反之亦然
使用Spring实现这一目标的最佳做法是什么?员工的角色将是“用户”
答案 0 :(得分:0)
您可以创建具有角色的组。然后将用户添加到具有不同角色的不同组中。
角色:R 团体:G 用户:你 m2m:多对多关系
R m2m G
G m2m U
基本上,在角色之后再添加一层
答案 1 :(得分:0)
最好的方法是在java控制器中添加一些安全控件,我给你一个算法示例:
If the current user id equals to the parameter id
then redirect to the good page
else redirect to 403 Forbidden page or Another error page
答案 2 :(得分:0)
Spring Security为您提供了一种检索主体的方法,即当前登录的用户。
<?php
$mysql_db_hostname = "localhost";
$mysql_db_user = "root";
$mysql_db_password = "password";
$mysql_db_database = "dynamic";
$dbc = mysql_connect($mysql_db_hostname, $mysql_db_user,
$mysql_db_password) or die("Could not connect database");
mysql_select_db($mysql_db_database, $dbc) or die("Could not select database");
?>
<?
if (isset($_POST['add_account'])) {
if ($_POST['fields']) {
foreach( $_POST['fields'] as $key=>$fieldArray ) {
if (!empty($_FILES)) {
$uploaddir = 'upload/'; // Upload directory
if (!is_dir($uploaddir)) // Check if upload directory exist
{
mkdir($uploaddir); // If no upload directory exist, create it
}
$newname = time(); // Returns the current time measured in the number of seconds since the Unix Epoch (January 1 1970 00:00:00 GMT), to use it as part of the name
$random = rand(100,999); // Getting some random numbers to add in the file names, to avoid files with the same name
$name = $newname.'-'.$random.'-'.$_FILES['fields']['name'][$key]['file_uploaded'][0]; // File Name Construction
$tempFile = $_FILES['fields']['tmp_name'][$key]['file_uploaded'][0]; // Getting temporary file location and temporary name ( e.g. /tmp/random_string__here )
$uploadfile = $uploaddir . $name; // Concatenating upload dir name with the file name
if (move_uploaded_file($tempFile, $uploadfile)) { // If file moved from temp to upload location with the name we constructed above
echo 'File uploaded to '.$uploadfile.'.<br />';
} else {
echo 'File not uploaded!<br />';
}
}
$keys = array_keys($fieldArray);
$values = array_map("mysql_real_escape_string",$fieldArray);
$q = "INSERT INTO accounts (".implode(',',$keys).", file_uploaded) VALUES ('".implode('\',\'',$values)."', ".$uploadfile." )";
$r = mysql_query($q, $dbc );
}
}
echo "<i><h2><strong>" . count($_POST['fields']) . "</strong> Account(s) Added</h2></i>";
}
?>
<?php if (!isset($_POST['add_account'])) { ?>
<form method="post" action="" enctype="multipart/form-data">
<p id="add_field"><a class="btn btn-default" href="#">Add Rows</a></p>
<table id="myTable">
<thead>
<tr>
<th>#</th>
<th>First Name:</th>
<th>Last Name:</th>
<th>E-mail:</th>
<th>Upload file</th>
<th></th>
</tr>
</thead>
<tbody id="container">
</tbody>
</table>
<input class="btn btn-default" type="submit" name="add_account" value="Submit" />
</form>
<?php } ?>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js"></script>
<script type="text/javascript">
$(function(){
var counter = 0;
$('p#add_field').click(function(){
counter += 1;
$('#container').append(
'<tr><td>' + counter + '</td><td><input name="fields['+counter+'][first]" type="text" placeholder="First Name" required/></td><td><input name="fields['+counter+'][last]" type="text" placeholder="Last Name" required/></td><td><input name="fields['+counter+'][email]" type="email" placeholder="email" required/></td><td><input id="userfile" name="fields['+counter+'][file_uploaded][]" type="file" /></td><td><input type="button" value="Remove" onclick="delRow(this)"></td></tr>');
});
});
function delRow(currElement) {
var parentRowIndex = currElement.parentNode.parentNode.rowIndex;
document.getElementById("myTable").deleteRow(parentRowIndex);
}
</script>
现在,您可以根据用户相对于彼此的特征来执行所有安全检查。例如用户标识,或其他任何内容。
在您的情况下,您可以执行以下操作
User principal = (User)SecurityContextHolder.getContext().getAuthentication().getPrincipal();