使用枚举访问授权框架的JSP页面中的Scriptlet [英] Scriptlets in a JSP Page to Access an Authorization Framework Using Enums
问题描述
有些背景首先,
我开发了一个简单的内部授权框架来控制基于Java / J2EE的应用程序中的访问和行为,其中可以在任何模型,视图或控制器层使用框架。
当用户登录时,将根据其分配的角色将用户权限对象传递给用户。 (默认总是拒绝)。权限由主题(枚举)以及可选权限列表(创建,读取,更新,删除...)组成。
在某些地方,这用于控制屏幕元素的显示,其他则与策略模式相结合,以根据用户角色控制系统行为。
在JSP层中,我通过Scriptlets访问它,因为代码完成选项确保用户没有输入框架中未定义的值。
代码示例:
<%if(user.can(Permission.somePermission,Subject。 subjectOfPermission)){%>
< td>
...显示内容如果用户可以访问主题
< / td>
<%}%>
<%if(user.cannot(Permission.somePermission,Subject.subjectOfPermission)){%>
...如果用户无法访问主题,则显示某些内容
<%}%>
我很好奇找到是否有更好的方法来做到这一点?我听说过这个口头禅,你不应该使用scriptlet,一切都应该用JSTL和Custom Tags完成。
然而,在我看来,通过使用自定义标签,我放弃了使用代码完成以及执行框架的合同的优势。对我来说,将字符串传递给自定义标签只会增加一个抽象层(抽象框架),并增加了错误的机会,因为我们现在正在使用简单的字符串。
/ p>
有没有办法创建自定义标签,它将使用枚举作为参数或替代解决方案? >你可以使用EL这个。执行此操作的方法是首先导入核心标签库,将其放在jsp视图的头上。
;%@ taglib prefix =c
uri =http://java.sun.com/jsp/jstl/core%>
将该用户的主题+权限放在hashmap中,并创建一个函数hasPermission,这将返回用户是否有权限。
class User {
private HashMap< String,List&String ;> permissionMap;
public boolean hasPermission(String subject,String action){
return permissionMap.getValue(subject).contains(action);
}
}
在你的servlet中,你必须把用户对象在请求的属性中,使用
request.setAttribute(user,userObject);
之后,您可以在此视图中访问它们。
< c:choose>
< c:when test =$ {user.hasPermission('Record','create')}>
//访问授权时的代码
< / c:when>
< c:否则>
//访问被拒绝时的代码
< / c:否则>
< / c:choose>
So I'm basically looking for advise on how I could improve on a solution.
Some Background First,
I developed an simple in-house authorization framework to control access and behavior in a Java/J2EE based application where the framwork could my used in any the Model, View or Controller layers.
When the user logs in they are passed a User Permission object based on their assigned role. (Default is always deny). The permissions consist of a Subject (enum) as well as a list of optional permissions (Create, Read, Update, Delete...).
In some places this is used to control the display of screen elements, in others it's combined with Strategy patterns to control system behavior based on the User's role.
In the JSP layer I access it via Scriptlets because the Code Complete option makes sure that a user doesn't enter a value that's not defined in the framework.
Code Example:
<% if (user.can(Permission.somePermission, Subject.subjectOfPermission)) { %>
<td >
...display something if the User can Access the Subject
</td>
<% } %>
<% if (user.cannot(Permission.somePermission, Subject.subjectOfPermission)) { %>
...display something if the User cannot Access the Subject
<% } %>
What I'm curious to find is if there is a better way to do this? I've heard the mantra, "You shouldn't use scriptlets. Everything should be done with JSTL and Custom Tags".
However, it seems to me that by using Custom Tags I loose the advantage of using Code Complete as well as enforcing the framework's contract. To me, passing Strings to a Custom Tag only adds an extra layer of abstraction (to an abstract framework) and increases the chance of a mistake since we're now working with simple Strings.
Is there a way to create custom tag that would take Enum's as parameters or an alternate solution avoiding this altogether?
You could use EL for this. The way to do this is by first importing the core tag library, by putting this in the head of your jsp view.
<%@ taglib prefix="c"
uri="http://java.sun.com/jsp/jstl/core" %>
Put your subject + permission(s) for that user in a hashmap, and make a function hasPermission, that returns whether or not the user has the permission.
class User {
private HashMap<String, List<String>> permissionMap;
public boolean hasPermission(String subject, String action) {
return permissionMap.getValue(subject).contains(action);
}
}
In your servlet, you have to put the user object in an attribute of the request by using
request.setAttribute("user", userObject);
Afterwards, you can access them like this in your view.
<c:choose>
<c:when test="${user.hasPermission('Record', 'create')}">
// Code when access granted
</c:when>
<c:otherwise>
// Code when access denied
</c:otherwise>
</c:choose>
这篇关于使用枚举访问授权框架的JSP页面中的Scriptlet的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
