这是检查用户对数据层的访问权限的良好设计吗?
我有一个数据访问 API,其内容类似于:
public interface IDataAccess {
void save(Doc doc);
Doc retrieve(DocId id);
void delete(Doc doc);
}
我需要限制用户可以根据其权限对文档执行的操作。我必须这样做的想法是创建另一个 API,它镜像数据访问操作,但也在执行操作之前接收用户凭据来验证它们:
public interface IAuthDataAccess {
// User is a previously authenticated user
void save(Doc doc, User user) throws SecurityException;
...
}
public class AuthDataAccess implements IAuthDataAccess {
IAuth auth = ...
IDataAccess dataAccess = ...
public void save(Doc doc, User user) throws SecurityException {
if (auth.saveAllowed(doc, user)) {
dataAccess.save(doc);
} else {
throw new SecurityException("access denied");
}
}
...
}
IAuthDataAccess API 将用于访问数据层。有没有更好的方法将授权/身份验证与数据访问层结合在一起?
I have a data access API that say looks something like:
public interface IDataAccess {
void save(Doc doc);
Doc retrieve(DocId id);
void delete(Doc doc);
}
I need to restrict the operations a user can perform on a document based upon their permissions. The idea I had to do this was to create another API that mirrored the data access operations but also took in the user credential to validate them before performing the operations:
public interface IAuthDataAccess {
// User is a previously authenticated user
void save(Doc doc, User user) throws SecurityException;
...
}
public class AuthDataAccess implements IAuthDataAccess {
IAuth auth = ...
IDataAccess dataAccess = ...
public void save(Doc doc, User user) throws SecurityException {
if (auth.saveAllowed(doc, user)) {
dataAccess.save(doc);
} else {
throw new SecurityException("access denied");
}
}
...
}
The IAuthDataAccess API would be used to access the data layer. Is there a better way to tie the authorization/authentication together with the data access layer?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
更好的设计是将方面编程合并到您的代码中。这可以通过使用注解来实现。
示例:
显然,您必须创建其他代码来进行真正的检查。
A better design would be incorporating aspect programming on your code. This can be achieved by using Annotation.
Example:
Obviously, you have to create other code to do the real check.
您的方法使接口毫无意义,因为您实际上并未实现这些方法 - 它所做的只是混淆。让授权访问者实际实现该接口怎么样?例如类似 -
所以你可以写
Your approach makes the interface pointless, as you're not actually implementing the methods - all it does is confuse. What about having the authorized accessor actually implement the interface? e.g. something like -
so you could write