时间戳

首页 > 解决方案 > 基于用户权限的休眠会话

java - 基于用户权限的休眠会话

问题描述

我是 Hibernate 的新手,并完成了一些小项目。

目前我想在 Hibernate 中创建基于用户权限的会话,以便用户可以访问他/她有权访问的数据。

我的数据库是 pgadmin 9.1。

Hibernate 版本是 4.3.0 Final。

我将它与 Spring Framework MVC 一起使用。

标签: javadatabasehibernatespring-mvc

解决方案

您可以使用 Spring 安全性来管理会话。

您可以在三个级别上管理访问权限:

  1. 爪哇
  2. 视图(JSP、HTML 等)
  3. XML (安全上下文.xml)

这是 security-context.xml 的示例:

<beans:beans xmlns="http://www.springframework.org/schema/security"
    xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans
                    http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
                    http://www.springframework.org/schema/security
                    http://www.springframework.org/schema/security/spring-security-3.1.xsd">

    <!-- We will be defining all security related configurations in this file -->
<!--     <http auto-config="true"></http>  -->
<http pattern="/resources/**" security="none" />
<http pattern="/passWordRec" security="none"  />
<http pattern="/PassRec" security="none"  />
<http pattern="/passWordRecSuccFail" security="none"  />
<http pattern="/login" security="none" />
<!-- <http pattern="/downloadUsersPDF" security="none" /> -->


    <http use-expressions="true" disable-url-rewriting="true" auto-config="false">
        <intercept-url pattern="/downloadUsersPDF" access="hasRole('ROLE_ADMIN')" />
        <intercept-url pattern="/downloadInformationUserPdf" access="hasRole('ROLE_ADMIN')" />
        <intercept-url pattern="/downloadWatchPdf" access="hasRole('ROLE_ADMIN')" />
        <intercept-url pattern="/downloadPatientWatchPdf" access="hasRole('ROLE_ADMIN')" />
        <intercept-url pattern="/downloadSupervisorPdf" access="hasRole('ROLE_ADMIN')" />

        <intercept-url pattern="/**" access="isAuthenticated()" /><!-- this means all URL in this app will be checked if user is authenticated -->
        <form-login login-page="/login" default-target-url="/index-2"
            authentication-failure-url="/login?error"  always-use-default-target="true"/> <!-- We will just use the built-in form login page in Spring -->
        <logout logout-url="/logout" logout-success-url="/login?logout" />
<!--         <logout delete-cookies="JSESSIONID" /> the logout url we will use in JSP -->
         <remember-me key="uniqueAndSecret"/>
    </http>


    <authentication-manager>
        <authentication-provider user-service-ref="customUserDetailsService" >

           <password-encoder hash="sha-256">
            <salt-source user-property="username"/>
            </password-encoder>

        </authentication-provider>
    </authentication-manager>

</beans:beans>

有关更多详细信息,您可以查看此项目

推荐阅读