Simple permission management for J2EE systems

At present, the system is coming to an end and the main functions have been developed. The user proposes to add the permission management function. In itself, system permissions are relatively simple. You only need to differentiate the permissions that a page has on a logon user (read-only, edit/save/delete data ). Add a more comprehensive permission management module, which is a bit cool. Therefore, we decided to develop a simple permission management system to meet system needs. The idea is to call the java code embedded in jsp when a user accesses a specific function page to determine whether the user has the permission to modify and edit the page, if you do not have this permission, call the js method to set the page to read-only.
The advantage is that the development is fast and convenient, and it takes two hours before and after development. You do not need to modify the java code of the Form on the intermediate layer. You only need to introduce a few code in jsp (up to 50 lines in total ). The process and Code are as follows:

1. database tables
Add a Page table to save the url of each function Page. In this way, you can determine which Page is used when you log on to the Page.
Part of the Page table structure: id, page_id, url, module_name, page_name
Add a permission table to save the permissions of different pages owned by different userids.
Authority table structure: id, operator_id, page_id

2. Each jsp function page
On each jsp page, introduce the authority. jsp page. Call the setPageAuthority method in the page initialization js method. Put this method in authority. jsp;
[Javascript]
<% @ Include file = "/include/authority. jsp" %>
Function pageInit (){
...
// Determine whether the permission is read-only
SetPageAuthority ();
...
}
3. authority. jsp
In this jsp page, you need to embed java code to determine the userid of the current user and find the corresponding permissions in the database based on the url of the current page. If you have the permission to edit, save, and delete data on this page, setReadOnly is not called. js method. This js Code can set the entire page to read-only (add the div layer and set the value to transparent ). If you do not have permission for this page, call the js method and set the page to read-only.
[Javascript]
<%
Int operatorId = UserContext. getCurrentUser (). getId ();
String url = request. getRequestURI ();
Boolean hasRight = hasPageRights (operatorId, url );

If (! HasRight ){
%>
<Script>
// If you do not have the page editing permission, set the page to read-only mode.
Function setPageAuthority (){
Var readOnlyDiv = document. createElement ("div ");
ReadOnlyDiv. style. width = document. body. clientWidth; // you can specify the layer width.
ReadOnlyDiv. style. height = document. body. scrollHeight; // you can specify the height of a layer.
ReadOnlyDiv. style. filter = "alpha (opacity = 1)"; // The setting layer is transparent.
ReadOnlyDiv. style. backgroundColor = "white ";

ReadOnlyDiv. style. position = "absolute"; // you can specify the position of the layer.
ReadOnlyDiv. style. left = "0 ";
ReadOnlyDiv. style. top = "0 ";
ReadOnlyDiv. style. zIndex = "1000 ";
Document. body. appendChild (readOnlyDiv );
}
</Script>
<%
} Else {
// You have the page editing permission. The method is empty and the div layer is not set.
%>
<Script>
Function setPageAuthority (){}
</Script>
<%
}