Home > Back-end >  Based on the control access url, back-end code logic is how control?
Based on the control access url, back-end code logic is how control?

Time:09-22

Consult, such as the users table, table, user role table,
The role of binding the role name in the table and can access the url of the subpaths,

In the back-end piece, how to through the user role is the url in the subpath to control user access to?

This should be quite common requirement=thank you,

CodePudding user response:

Also had better have recommended books, or the recommendation of a code package, thank you!

CodePudding user response:

Do it in the interceptor

CodePudding user response:

General url on the menu in the table, roles associated menu list, a user associated character table, front end each time a authentication interface, general return Boolean type, url passed as a parameter, user information generally use token in the request header, in business, need to find the menu to change user roles have permissions, the set of parameter url and roles have menu do contrast, again set returns true, not without permission, returns false, the difficulty is to iterate through out all the menus, use recursion can quickly implement

CodePudding user response:

Users - & gt; Role - & gt; Permissions (within each corresponding to a url path, can customize the url corresponding rules such as/user/* |/user/add - user. Do)

Use filter or interceptors, judging by the current access path and the current user permissions of the user roles corresponding to the url path matches the

This kind of thing with ready-made open source, such as shiro

CodePudding user response:

springaop

CodePudding user response:

The users table: save the background role user
Role table (also called a menu list) : save all directories, menus, method, in which each menu and method is a path
User role table: save the user assigned the role of the role of table

Operation principle: role of interceptor
All requests can be covered by it. GetRequestURL (), toString () to get the path of the request uri string, and then based on the user role table association role table query url list, whether the request uri path exists query url list, if any, said to have permission, without permission, conversely

All the three parties would do this plug-in, such as shiro, spring security

CodePudding user response:

shiro:https://www.guitu18.com/post/2019/07/26/43.html
  • Related