Demand
For the internal business system, the most basic function is Department management, user management, role management, rights Management, login function. But the company's internal system in general, not just one (if it is a Big Mac, it is faced with the split, will also encounter the problems we will discuss later). So many systems, in the face of the above features, we need to develop multiple sets. This is a question worth thinking about. demand Analysis and Solutions
In the face of the above requirements, for programmers, just a set of code copied around, so you can solve the problem. If the above requirements add a bit more, that is, you want users to login to a system, but also access to the second system, how to solve it. That's a single sign-on. What about the user's privileges? Each system manages its own permissions, or centralized authorization. The second is a little bit simpler. For example, the simplest is the new employees, open accounts, open permissions, to find the relevant staff of various departments. This is a very troublesome thing. Single Sign-on
I will not introduce this, my blog related articles have been introduced. Centralized Authorization
First of all, I would like to define the central authority I understand, so as to avoid ambiguity later in the article. Centralized authorization, that is, to give users permission to enter more than one system, just use a rights management system. The embodiment of centralized authorization is the right management system that manages multiple system permissions at the same time. It needs to complete all requirements except for landing. In this way we complete the unified management of Department, user, role and authority. How to integrate
After the construction of our business system, how to integrate with the rights management system and the single sign-on system. The general practice is to put the menu of business systems, buttons and so on as the resources, through the form of a menu to enter the Rights management system (I call it a hanging menu). Each business system integrates single sign-on, which provides the authorization of successful users through the Authority management system, that is, the integration of the whole system is completed. Landing
Jeesite is an open source backend management system that provides a lot of functionality. In this case, it only requires the Rights Management Section, the SYS part, which I take out as a system, which provides functions such as department, user, role, permission, Resource management (Hang menu), etc. The Dubbo service is provided to the business system to complete the loading of user rights. Single Sign-on uses CAs. Business system Rights Management uses Shiro framework, single-point login integrated with CAS, user authentication successfully access through Dubbo service. Specifically, refer to my GitHub project Jeesite-ex this project.