如何在一个系统中设计权限控制机制(2)

类别:Java 点击:0 评论:0 推荐:

security.xml
<?xml version="1.0" encoding="GBK" standalone="no" ?>
<!DOCTYPE security SYSTEM "security.dtd">
<security>
<!--
初始化:
1.读入所有操作
2.读入所有角色连同角色的操作
3.读入所有用户连同用户的操作

判断一个用户的权限:
1.取action 的 id
2.取用户所属的角色
3.判断角色是否允许 action,安全起见,禁止的优先级高过允许
4.1 允许,判断用户是否有禁止该 action
4.2 禁止,判断用户是否有允许该 action

注:
1.disable:默认值为 false,这个属性不是必须的,表示操作是否被禁止
  例如用户limitguest,本来属于 role 4,有viewuser的权限,但是disable="true"就不能用了
-->
    <!--操作-->
    <actions>
        <action name="all" id="0" display="所有"/>
        <action name="signin" id="1" display="登录"/>
        <action name="signoff" id="2" display="注销"/>
       
        <action name="modifyselfpass" id="3" display="修改密码"/>
        <action name="modifyselfinfo" id="4" display="修改信息"/>
       
        <action name="newuser" id="5" display="新建用户"/>
        <action name="deluser" id="6" display="删除用户"/>
        <action name="modifyuser" id="7" display="修改用户信息"/>
        <action name="viewuser" id="8" display="查看用户信息"/>
    </actions>

    <!--角色-->
    <roles>
        <role name="admin" id="1" display="管理员">
            <role-action id="0"/>
        </role>
        <role name="manager" id="2" display="经理">
            <role-action id="1 2 3 4"/>
            <role-action id="5" disable="true"/>
        </role>
        <role name="employee" id="3" display="普通员工">
            <role-action id="1 2 3 4"/>
        </role>
        <role name="guest" id="4" display="来宾">
            <role-action id="8"/>
        </role>
    </roles>
   
    <!--用户-->
    <users>
        <user name="admin" id="1" password="admin" display="管理员" role="1 2"/>
        <user name="wuyou" id="2" password="wuyou" display="吴悠" role="2 3"/>
        <user name="limin" id="3" password="libo" display="李明" role="3"/>
        <user name="guest" id="4" display="来宾" role="4"/>
        <user name="limitguest" id="4" display="受限来宾" role="4">
            <user-action id="8" disable="true"/>
        </user>
    </users>
</security>

security.dtd
<?xml version="1.0" encoding="GBK" ?>
<!--声明一个实体-->
<!ENTITY % standardAttribute
    "id NMTOKEN #REQUIRED name NMTOKEN #REQUIRED display CDATA #REQUIRED"
>

<!ELEMENT security (actions,roles,users)>

<!ELEMENT actions (action+)>
<!ELEMENT roles (role+)>
<!ELEMENT users (user+)>

<!ELEMENT action EMPTY>
<!ELEMENT role (role-action*)>
<!ELEMENT user (user-action*)>

<!ELEMENT role-action EMPTY>
<!ELEMENT user-action EMPTY>

<!ATTLIST action %standardAttribute;>
<!ATTLIST role %standardAttribute;>
<!ATTLIST user
 %standardAttribute;
 password NMTOKEN #IMPLIED
 role NMTOKENS #REQUIRED
>
<!ATTLIST role-action
    id NMTOKENS #REQUIRED
    disable (true | false) "false"
>
<!ATTLIST user-action
    id NMTOKENS #REQUIRED
    disable (true | false) "false"
>

本文地址:http://com.8s8s.com/it/it15144.htm