在这种情况下,ACL 可能有点过分了。
检查授权时,Spring EL 应该足够了,例如:
@PreAuthorize("hasRole('ROLE_School-owner') or hasRole('ROLE_School-manager')")
如果角色是分层的,那么一旦您对角色进行分组,通过使用多一层间接性,事情就会变得更加容易:
组“学校所有者”:角色 ROLE_School-owner + ROLE_School- manager + ROLE_Instructor
组“School manager”:角色 ROLE_School-manager + ROLE_Instructor
然后,如果您需要检查学校经理授权,则只需检查该角色:
@PreAuthorize("hasRole('ROLE_School-manager')")
这也会向“School Owner”组的用户授予权限,因为该组还分配了学校经理的角色。
ACL may be overkill in this situation.
When checking for authorization, Spring EL should be enough, e.g.:
If the roles are hierarchical, then things get even easier once you group roles, by using one more level of indirection:
Group "School owner": roles ROLE_School-owner + ROLE_School-manager + ROLE_Instructor
Group "School manager": roles ROLE_School-manager + ROLE_Instructor
Then, if you need to check for school manager authorization, you only need to check for that role:
This will also give permission to a user of group "School owner", since that group also has assigned the role of school manager.
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
暂无简介
文章 0 评论 0
接受
发布评论
评论(1)
在这种情况下,ACL 可能有点过分了。
检查授权时,Spring EL 应该足够了,例如:
如果角色是分层的,那么一旦您对角色进行分组,通过使用多一层间接性,事情就会变得更加容易:
组“学校所有者”:角色 ROLE_School-owner + ROLE_School- manager + ROLE_Instructor
组“School manager”:角色 ROLE_School-manager + ROLE_Instructor
然后,如果您需要检查学校经理授权,则只需检查该角色:
这也会向“School Owner”组的用户授予权限,因为该组还分配了学校经理的角色。
ACL may be overkill in this situation.
When checking for authorization, Spring EL should be enough, e.g.:
If the roles are hierarchical, then things get even easier once you group roles, by using one more level of indirection:
Group "School owner": roles ROLE_School-owner + ROLE_School-manager + ROLE_Instructor
Group "School manager": roles ROLE_School-manager + ROLE_Instructor
Then, if you need to check for school manager authorization, you only need to check for that role:
This will also give permission to a user of group "School owner", since that group also has assigned the role of school manager.