如何在 Hibernate 中限制数据库级别的用户访问 [英] How to limit user access at database level in Hibernate

问题描述

我需要实现一个可供不同用户使用的网络应用程序.每个用户对不同的表有不同的权限，例如

I need to implement a web app that will be used by different users. Each user has different privileges on various tables, e.g.

用户 A 可以从表中看到字段姓名"和地址"Student

用户 B 可以看到表格中的姓名"和电话号码"字段，但不能看到地址"字段Student

用户 C 可以查看和修改上面提到的所有字段

我将在 UI 级别使用某些内容来限制某些访问，例如为无权修改条目的用户隐藏编辑"按钮.但是，我认为我应该在较低级别(也许在数据库级别?)有一些东西只是为了确保数据安全.

I will have something at the UI level to limit certain access, e.g. hide the "edit" button for users that don't have permission to modify entries. However, I think I should have something at a lower level (at a database level maybe?) just to ensure data security.

我的应用程序使用 Hibernate、JBoss、DB2 和 Struts.我想我应该使用某种类型的 JBoss LoginModule，它根据用户/密码/角色的数据库对用户进行身份验证(但我可能错了(?)).我做了一些研究并提出了以下选项，但似乎没有一个适合我的情况.我认为这是多用户 Web 应用程序中非常常见的数据访问问题.有人可以指出我正确的方向吗?提前致谢！

I am using Hibernate, JBoss, DB2 and Struts for my app. I think I should use a JBoss LoginModule of some sort, which authenticates the user against a database with user/password/roles (but I may be wrong(?)). I have done some research and came up with the following options, but none seems to fit my case. I would think this is a very common data access problem in multi-user web apps. Could somebody please point me to the right direction? Thank you in advance!

1. 将 hibernate.cfg.xml 中的grant"标记与 JACC 事件侦听器一起使用.这可以为所有休眠实体设置插入"更新"读取"权限.但是，如果我需要更精细的控制怎么办?我需要为某些字段而不是整个对象设置权限.http://www.hibernate.org/hib_docs/v3/reference/en-US/html/objectstate-decl-security.html

1. Use the 'grant' tag in hibernate.cfg.xml with JACC event listeners. This can set "insert" "update" "read" permissions on all hibernate entities. However, what if I need finer controls? I need to set permissions on certain fields instead of the entire object. http://www.hibernate.org/hib_docs/v3/reference/en-US/html/objectstate-decl-security.html

限制每个 ejb 的 getter/setter 方法的权限.如果我理解正确，这需要为每个用户配置文件手动配置每个 bean，这对我来说似乎不现实.EJB 方法权限

Limit permissions on getter/setter method of each ejb. If I understood this correctly, this requires manual configuration of every single bean for every user profile, which seems unrealistic for me. EJB Method Permissions

编写 DAO 代码以检查用户权限.滚动我自己的实用程序函数，每次调用特定的 DAO 方法时都会检查一个巨大的权限表，以确定登录用户是否可以执行该操作.

Code the DAO's to check for user permissions. Roll my own utility function that checks a giant permission table everytime a particular DAO method is called to determine if the logged in user can perform the action or not.

在 Hibernate 中使用拦截器"和事件".为每个类定义特定的onLoad"、onSaveorUpdate"等事件和拦截器.在这种情况下，我可以为各个字段指定权限级别吗?http://www.hibernate.org/hib_docs/v3/reference/en-US/html/objectstate-events.html

Use 'interceptor' and 'events' in Hibernate. Define specific "onLoad", "onSaveorUpdate" etc. events and interceptors for each class. Can I specify permission level for individual fields in this case? http://www.hibernate.org/hib_docs/v3/reference/en-US/html/objectstate-events.html

我可能在错误的树上吠叫.以上所有似乎都是劳动密集型的，不是很聪明.上述选项都没有给我在运行时更改用户权限的编程方法，当管理员级别的用户想要在此应用程序中给予另一个用户更多控制时，这将非常有用.

I might be barking at the wrong tree. All of the above seem to be labour-intensive and not very intelligent. None of the above options give me programmatic ways to change user permissions at runtime, which would be useful when an admin-level user want to give another user more control in this app.

在这里进行数据访问控制的好方法是什么?

What is a good way of doing data-access control here?

推荐答案

1. 为您的实体添加一个安全密钥，创建一个权限表，并将用户与权限与实体类型以及安全密钥与角色相关联.通过这种方式，您可以这样说:Admin_role 可以访问 Student(实体类型)并执行读取(操作权限)和写入(操作)，而 Student_role 可以访问他/她自己的 Student_key 和 Read_permission.您可以通过将地址重构为实体并向其添加安全密钥来修复地址.

1. Add a security key to your entities, create a table for permissions and link user with permission with entitytype and also with security key with role. This way you can say things like: Admin_role can access Student (Entitiy type) and do read (Operation in Permission) and Write (Operation) while Student_role can access Student_key for him-/herself and Read_permission. You can fix the address by refactoring that into an entity and adding a security key to it.

1. 你的第四个可能有一个封闭世界的假设，并说除非你可以为用户的当前角色，将属性名称与字典中的标志(实体+属性)-哈希链接到标志，封闭世界假设默认情况下不允许读取.那么当然你不会获得任何写入权限等.

1. Your number four could have a closed-world assumption and say that unless you can for the current role of the user, link the property-name with a flag in a dictionary (entity+property)-hash to flag, the closed world-assumption being that reads are not allowed by default. Then of course you don't get any writes-permissions etc.

您可以在数据库中定义视图并使用数据库身份验证系统为其分配权限.如果您能够自己编写代码，这可能是最干净的方式，根据我们的角色选择调用哪个视图的方式.(我以前的 RDBMS 老师会喜欢我这么说的 ;)) 这也与 Hibernate 有所不同，并将您的东西更多地与数据库结合起来.我猜，这取决于您的代码需要有多可移动/可移植.

You can define views in your database and assign rights to them using the database authentication system. This is probably the most clean way if you are able to code yourself, the way of selecting which view to call depending on which role we are. (My former RDBMS-teacher would love me for saying this ;)) This also goes away a bit from Hibernate and couples your stuff more to the database. It depends on how movable/portable your code needs to be, I guess.

围绕您的通用 dao (IRepository) 使用一个方面，它根据您的权限重写查询；这当然意味着您在代码中拥有基于权限的安全性.

Use an aspect around your generic dao (IRepository) which rewrites the queries based on your permissions; this implies you have the permission-based security in code of course.

隐藏在 gui 中的编辑按钮实际上只有在您首先将权限移植到代码时才能完成，就像我的第 1 点一样.我建议您看看 Ayendes 博客，他是一个非常熟练的编码员.

The edit-button hiding in the gui can really only be done if you first port the permissions to code, like in my point 1. I suggest you have a look at Ayendes blog for an open-source implementation of this, he's a very skilled coder.

这篇关于如何在 Hibernate 中限制数据库级别的用户访问的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！