j2ee web应用程序中的用户访问管理
我正在处理 jsp/servlet 项目,我必须完成对我的 jsp 的访问管理模块,因为我有多个具有不同配置文件的用户。
我在数据库中定义了一个表,该表恢复允许的配置文件和 url,如下所示:
id_profil :1
url : http://localhost/...xyz.jsp
id page 1
现在我尝试让菜单根据登录用户的 id_profile 进行适当修改。
因此,一个配置文件中允许存在一些页面,但必须对其他人隐藏。 从现在起我不知道如何实现这一点。
I am working with jsp/servlet project and I have to complete the module of access management to my jsps since I have more than one user with different profile.
I defined a table in my database which resume the profil and the url permitted like that:
id_profil :1
url : http://localhost/...xyz.jsp
id page 1
Now I am trying to let the menu modified appropriately to the id_profil of the logged user.
So there are pages allowed in one profile but must be hidden to others.
I have no idea since now how to realize this.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
这是一个模糊的解释,但您可以在 jsp 中使用 if 来隐藏基于 id_profil 的菜单选项,如下所示:
It's kinda a vague exaplanation but you could use an if in your jsp to hide the menu options based on id_profil, something like this:
请记住,通过更改菜单显示的值,您并不会阻止用户直接访问页面——即使用户无法通过下拉菜单项访问 xyz.jsp,他们仍然可以输入xyz.jsp 进入浏览器的地址栏。因此,您必须以其他方式阻止访问。
如果您有使用 Spring 的经验,或者正在考虑实现它,请查看 Spring Security< /a>.它可用于限制用户对应用程序不同部分的访问权限。如果您已经熟悉 Spring,那么实现起来并不难。
预计到达时间:对于一些不涉及 Spring Security 的基础知识,请查看 web.xml 中的安全性:http://java.sun.com/javaee/5/docs/tutorial/doc/bncbe.html#bncbj
Keep in mind that by changing the values shown by a menu, you aren't preventing a user from accessing a page directly -- even if the user can't get to xyz.jsp by dropping down a menu item, they can still enter xyz.jsp into the address bar of their browser. So you'll have to block the access in another way.
If you have any experience with Spring, or are considering implementing it, take a look at Spring Security. It can be used to limit user access rights to different parts of your application. It isn't terribly hard to implement if you are already familiar with Spring.
ETA: For some basics that don't involve Spring Security, check out security in web.xml: http://java.sun.com/javaee/5/docs/tutorial/doc/bncbe.html#bncbj