如何在Hibernate中限制数据库级别的用户访问 [英] How to limit user access at database level in Hibernate

问题描述

我需要实现将被不同用户使用的网络应用程序。每个用户对各种表格具有不同的权限，例如

I need to implement a web app that will be used by different users. Each user has different privileges on various tables, e.g.

用户A可以从表格中查看字段'name'和'address'学生

用户B可以看到字段的名称和电话号码，但不能从表格中的地址学生

用户C可以查看和修改上述所有字段

我将在UI级别有一些东西限制某些访问，例如为没有权限修改条目的用户隐藏编辑按钮。但是，我想我应该在较低级别（数据库级别可能是）有一些东西，以确保数据安全。

I will have something at the UI level to limit certain access, e.g. hide the "edit" button for users that don't have permission to modify entries. However, I think I should have something at a lower level (at a database level maybe?) just to ensure data security.

我正在使用Hibernate，JBoss，我的应用程序的DB2和Struts我想我应该使用某种类型的JBoss LoginModule，它使用用户/密码/角色对数据库进行身份验证（但我可能是错误的（？））。我已经做了一些研究，并提出了以下选择，但没有一个似乎适合我的情况。我认为这是多用户网络应用程序中非常常见的数据访问问题。有人可以指出我正确的方向吗？

I am using Hibernate, JBoss, DB2 and Struts for my app. I think I should use a JBoss LoginModule of some sort, which authenticates the user against a database with user/password/roles (but I may be wrong(?)). I have done some research and came up with the following options, but none seems to fit my case. I would think this is a very common data access problem in multi-user web apps. Could somebody please point me to the right direction? Thank you in advance!

1. 在中使用'grant'标签hibernate.cfg.xml 与JACC事件侦听器。这可以为所有的hibernate实体设置插入更新读取权限。但是，如果我需要更精细的控制呢？我需要设置某些字段的权限，而不是整个对象。 http：//www.hibernate。 org / hib_docs / v3 / reference / en-US / html / objectstate-decl-security.html

1. Use the 'grant' tag in hibernate.cfg.xml with JACC event listeners. This can set "insert" "update" "read" permissions on all hibernate entities. However, what if I need finer controls? I need to set permissions on certain fields instead of the entire object. http://www.hibernate.org/hib_docs/v3/reference/en-US/html/objectstate-decl-security.html

限制getter / setter方法的权限的每个ejb。如果我正确理解这一点，这需要为每个用户配置文件手动配置每个单个的bean，这似乎对我来说是不现实的。
EJB方法权限

Limit permissions on getter/setter method of each ejb. If I understood this correctly, this requires manual configuration of every single bean for every user profile, which seems unrealistic for me. EJB Method Permissions

编写DAO以检查用户权限。滚动自己的效用函数，每次调用一个特定的DAO方法来检查一个巨大的权限表，以确定登录的用户是否可以执行该操作。

Code the DAO's to check for user permissions. Roll my own utility function that checks a giant permission table everytime a particular DAO method is called to determine if the logged in user can perform the action or not.

在Hibernate中使用拦截器和事件。为每个类定义特定的onLoad，onSaveorUpdate等事件和拦截器。在这种情况下，可以指定个别字段的权限级别吗？ http://www.hibernate.org/ hib_docs / v3 / reference / en-US / html / objectstate-events.html

Use 'interceptor' and 'events' in Hibernate. Define specific "onLoad", "onSaveorUpdate" etc. events and interceptors for each class. Can I specify permission level for individual fields in this case? http://www.hibernate.org/hib_docs/v3/reference/en-US/html/objectstate-events.html

我可能在错误的树上吠叫。以上所有似乎都是劳动密集型而不是很聪明。上述选项都没有提供我在运行时更改用户权限的程序化方式，当管理级用户想要给另一个用户更多的控制在这个应用程序时，这将是有用的。

I might be barking at the wrong tree. All of the above seem to be labour-intensive and not very intelligent. None of the above options give me programmatic ways to change user permissions at runtime, which would be useful when an admin-level user want to give another user more control in this app.

这里有什么好的数据访问控制方法？

What is a good way of doing data-access control here?

推荐答案

1. 向您的实体添加安全密钥，创建一个权限表，并将用户与entitytype的权限链接，并带有角色的安全密钥。这样，您可以这样说：Admin_role可以访问Student（Entitiy类型）并执行读取（操作权限）和写入（操作），而Student_role可以访问Student_key以进行他/她自己和Read_permission。您可以通过将该地址重构为实体并添加安全密钥来修复地址。

1. Add a security key to your entities, create a table for permissions and link user with permission with entitytype and also with security key with role. This way you can say things like: Admin_role can access Student (Entitiy type) and do read (Operation in Permission) and Write (Operation) while Student_role can access Student_key for him-/herself and Read_permission. You can fix the address by refactoring that into an entity and adding a security key to it.

1. 您的第四个可能有一个封闭世界的假设，并说，除非您可以为用户的当前角色，将属性名称与字典（实体+属性）标记中的标志链接到标志，封闭的世界假设为默认情况下不允许读取。那么当然你没有得到任何写入权限等。

1. Your number four could have a closed-world assumption and say that unless you can for the current role of the user, link the property-name with a flag in a dictionary (entity+property)-hash to flag, the closed world-assumption being that reads are not allowed by default. Then of course you don't get any writes-permissions etc.

您可以在数据库中定义视图，并使用数据库认证系统为其分配权限。这可能是最干净的方式，如果你能够自己编码，根据我们所在的角色来选择要查看哪个视图的方式。 （我以前的RDBMS老师会爱我说这个））这也从Hibernate中脱颖而出，并将你的东西更多的融入到数据库中。这取决于你的代码如何可移动/可移植，我想。

You can define views in your database and assign rights to them using the database authentication system. This is probably the most clean way if you are able to code yourself, the way of selecting which view to call depending on which role we are. (My former RDBMS-teacher would love me for saying this ;)) This also goes away a bit from Hibernate and couples your stuff more to the database. It depends on how movable/portable your code needs to be, I guess.

使用您的通用dao（IRepository）方面，根据您的权限重写查询;这意味着你当然有代码中的基于权限的安全性。

Use an aspect around your generic dao (IRepository) which rewrites the queries based on your permissions; this implies you have the permission-based security in code of course.

隐藏在gui中的编辑按钮真的只能在您首先将权限移植到代码中时完成，就像我的观点一样。我建议您看看 Ayendes博客为开源实现，他是一个非常熟练的编码器。

The edit-button hiding in the gui can really only be done if you first port the permissions to code, like in my point 1. I suggest you have a look at Ayendes blog for an open-source implementation of this, he's a very skilled coder.

这篇关于如何在Hibernate中限制数据库级别的用户访问的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！