独立于数据库行级安全解决方案 [英] Database independent row level security solution
问题描述
是否有人知道的Java / C#数据库独立的授权库。这个库应该支持读,写,删除,插入跨越公司组织结构的动作。
does anybody knows about Java/C# database independent authorization library. This library should support read, write, delete, insert actions across company organizational structure.
事情是这样的:结果
- 用户可以查看所有文档结果
- 用户可以输入分配给他的单位:新文件
- 用户可以改变分配给他的单位和各下属单位的所有文档结果。
- 用户可以删除分配给他的文件
Something like this:
- user can see all documents
- user can enter new document assigned to his unit
- user can change all documents assigned to his unit and all subordinate units.
- user can delete documents that are assigned to him
我也应该能够创建自定义的操作(除了读,写,...)将它们连接到某一类并分配安全令牌,以用户(例如document.expire)。
如果没有任何免费或商业库,有一本书,能够在实现该功能是有用的?
I should also be able to create custom actions (besides read, write,...) connect them to certain class and assign that "security token" to user (e.g. document.expire). If there aren't any either free or commercial libraries, is there a book that could be useful in implementing this functionality?
感谢。
推荐答案
我也一样,我的是缺少安全框架的惊讶。
I, too, am surprised at the lack of security frameworks.
有
There is Rhino Security. Ayende has a handful of blog posts about it.
Another blog has a couple of articles on it, too.
有可能用<一个使用它href=\"http://devlicio.us/blogs/billy_mccafferty/archive/2009/04/30/adding-rhino-security-support-to-s-arp-projects.aspx\"相对=nofollow>取值#命令arp架构为好。
不能说我已经实现了它在一个项目中,只是读上去就可以了,而回。这是它的那种唯一实现,我能找到。
Can't say I've implemented it in a project, just read up on it a while back. It was the only implementation of its sort that I could find.
这篇关于独立于数据库行级安全解决方案的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
