1.Spring Security
1.1 Core domain concepts
- Authentication: Authentication is the process of establishing a principal.
- The subject usually refers to the user, device, or other system performing the operation in the application
- Authorization: or access-control
- Authorization refers to deciding whether to allow operations in the application
1.2 Role-based rights management
- An entity representing a series of actions or responsibilities
- Limit what can and cannot be done
- Usually user accounts are associated with roles
- RBAC: role-based access control (Pole-Based Access Control)
- Implicit access control
if (user.hasRole("Project Manager")){
//显示报表按钮
}else{
//不显示报表按钮
}
- Explicit access control
if (user.isPermitted("projectReport:view:123456")){
//显示报表按钮
}else{
//不显示报表按钮
}
-
solution
-
Apache Shiro
-
Spring Security
-
1.3 Core functions
