My project has dozens of user roles, each of which has different permissions, so the design of permissions also takes a lot of effort, finally, the permission is configured in the action configuration file of webwork (webwork used in our project. Then, use ant to generate a database script for permissions and generate permission data in the database.
The permission configuration for an action in the action configuration file is as follows:
<Action name = "showcountylist" class = "accountsearchcontroller" method = "donothing">
<! -- @ Label (show county list) -->
<! -- @ Roles (Admin, analyst, associate_csr, associate_program_specialist, document_clerk, RSM: Manager, managers_supervisors, manager_staff) -->
<! -- @ Description (show county list by state code.) -->
<Result name = "success" type = "freemarker">
// WEB-INF/FTL/account/countylist.html
</Result>
</Action>
As shown above, this is an action in our project. @ roles () in the configuration file identifies which role has the permission to call this action. The permission denied page is displayed when users outside the role call this action.
During development, developers configure permission information for each action based on the permission information provided by use case.
Each time you deploy the system, the configuration Administrator executes an ant target to generate a database file with permissions. The ant target is as follows:
<Target name = "generatepermissionfiles" depends = "commonreplacelogging" Description = "generate permission SQL files from configuration data.">
<Echo message = "generate action Access Permissions"/>
<! -- Delete old permission and role permission -->
<Delete failonerror = "false">
<Fileset dir = "./Gen-Src" includes = "**/* permission. SQL"/>
</Delete>
<Foreach list = "$ {web. Modules}" Param = "modulename" target = "copyconfigfiles"/>
<Java classname = "com. Psi. Vida. Portal. webwork. util. configurationparserrunner" fork = "true">
<Arg value = "build/webroot/WEB-INF/classes/xwork. xml"/>
<Classpath>
<Path refID = "test. classpath"/>
</Classpath>
<Jvmarg value = "-dlog4j. Configuration =$ {basedir}/Gen-src/log4j. properties"/>
</Java>
<Copy tofile = "../resource/database/Schema/permission_data/permissions. SQL" Overwrite = "true">
<Fileset dir = "./Gen-Src" includes = "**/permission. SQL"/>
</Copy>
<Copy tofile = "../resource/database/Schema/permission_data/role_permissions. SQL" Overwrite = "true">
<Fileset dir = "./Gen-Src" includes = "**/role_permission. SQL"/>
</Copy>
</Target>
As shown above, when you execute this ant target, ant will execute a tool class configurationparserrunner to read the permission configuration in the xwork configuration file, and then generate permission. SQL and role_permission. SQL. Each action is a permission and saved in the permission table. Each permission corresponds to a role that is role_permission and saved in the role_permission table.
ClickCodeIs the main code for configuring read permissions:
nodelist actionnodes = pkgel. getelementsbytagname ("action");
If (actionnodes! = NULL & actionnodes. getlength ()> 0) {
for (INT I = 0; I element actionel = (element) actionnodes. item (I);
actionconfig = parseaction (actionel);
pkgconfig. addactionconfig (actionconfig);
If (actionconfig. getuserroles () = NULL | actionconfig. getuserroles (). Size () = 0 &&! Actionconfig. isignore ()){
This. printerror ("no roles for" + this. currentpackage. getnamespace () + "/" + actionconfig. getname ());
}
This. Actions. Put (actionconfig. getname (), actionconfig );
}
}
The above Code reads the configuration of each action and obtains the User Role of each action. Matching is performed according to the following pattern. If there are too many codes, no additional code will be pasted.
Final Static pattern role_pattern = pattern. Compile (". * @ roles/S * // (. + )//).*");
The above is the implementation of permission configuration.
When a user enters an action, the system first determines whether the role of the user has the permission for this action. If not, the system then redirects to the permission denied page.