Spring安全性或渗透性配置中的ACL [英] ACL in spring security or permision configuration
问题描述
我的要求如下:我们有一个使用角色的应用程序(ADMIN/USER/GUEST),取决于他们可以访问应用程序不同部分的角色.但是,在特定的部分中,其中一些可以看到一些操作/选项/按钮/选项卡,这意味着对于两个ADMIN用户,屏幕的配置和可用选项可能会有所不同.
My requirement is the following: We have an application that uses roles lets said (ADMIN/USER/GUEST), depending on the role they can access to different sections on the application. However in an specific section, some of them can see some actions/options/buttons/tabs, it means for two ADMIN users, the configuration of the screen and available option could be different.
我正在阅读有关 DomainACL 在春季安全性和春季安全性权限中,我相信使用DomainACL并不是我需要满足的要求,因为我不需要具有对象粒度的安全性.
I was reading about DomainACL in spring security and spring-security permissions, I believe use DomainACL is not what I need to cover this requirement as I don't need to have object granular security.
我的问题是,考虑到我需要在jsp中添加一些Java标记以删除按钮/,我有一个特定的即开即用的spring-security功能可以解决我不知道的这一要求.用户界面中的控件. 另一个问题是:没有DomainACL的权限就足以解决此要求,或者我遗漏了一些东西.
My question is there is specific out-of-the box feature of spring-security that can solve this requirement that I don't know, taking in consideration that I need to add some java tags in the jsp to remove buttons/controls from the UI. Other question is : permissions without DomainACL will be enough to solve this requirement or I am missing something.
基本上,我需要保存可以对某些用户执行的操作以及这些用户的角色,可以说我想在数据库中存储权限为"EXECUTE SEARCH","VIEW_USER_TAB".
Basically I need to save actions that can be executed for some users + the role of the users, lets said that I want to store in the database the permissions as "EXECUTE SEARCH", "VIEW_USER_TAB".
- ADMIN/彼得/执行搜索","VIEW_USER_TAB"
- 管理员/莎拉/执行搜索"
- USER/john/"VIEW_USER_TAB"
我将spring-security3.2和jsp页面用作视图技术.
I'm using spring-security3.2 and jsp pages as my view technology.
推荐答案
我在我的应用程序中做了ROLES和OPERATION. 看看这个答案,它对我有帮助: Spring Security中角色和GrantedAuthority之间的区别
I did ROLES and OPERATION in my Application. Look at this answer, it helped me: Difference between Role and GrantedAuthority in Spring Security
基本上,本文所说的角色和权限之间没有区别,两者都被授予了权限,需要放置在安全性上下文中才能管理对不同资源的访问.使用hasRole或hasPermission仅用于指定对开发人员而言更易读的内容,但两者都将分析授予的授权域.
Basically what the article said is there is no difference between roles and permissions both are granted authorities and need to be placed in top of the security context to be able to manage the access to the different resources. Use hasRole or hasPermission is just only about specify something that is more readable for the developer, but both operates analyzing the granted authorities domain.
这篇关于Spring安全性或渗透性配置中的ACL的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
