What is Rights Management

Rights Management is the security category of a system, requiring that a user must be legitimate to access the system (user authentication) and must have access to the resource to access the resource (authorization).

Authentication: Verification of the legal identity of the user, requires that the user must be legitimate to access the system.

Authorization: Access control, which must have access to the resource to access the resource.

Permission model: Standard permissions data model includes: User, role, permissions (including resources and permissions), user role relationships, role permissions relationships.

Permission assignment: The UI interface facilitates assigning permissions to the user, adding, deleting, changing, and checking the top permission model.

Permission control:

role-based permission control: Depending on the role to determine whether there are operational permissions, because the role of the change is high, if the role of changes need to modify the control code, the system is not strong scalability.

Resource-based permission control: Based on resource permissions to determine whether there are operational permissions, because the resource is more fixed, if the role modification or role in the rights modification does not need to modify the control code, use this method system maintainability is very strong. Recommended use.

Rights Management Solutions:

N for coarse granular rights management, it is recommended to solve the system architecture level, write system-level unified code (Basic code).

Coarse granular permissions: such as the system's URL, menu, JSP pages, page buttons, class methods for the rights management, that is, the resource types for rights management.

N for fine granular Rights management:

Coarse granular permissions: such as User ID 001 user Information (resource instances), type t01 commodity information (resource instances), the resource instance for the rights management, understanding of the data level of rights management.

Fine granular Rights Management is the business logic of the system, the business logic code is not convenient to extract the unified code, it is recommended to deal with the system business layer.

URL based Rights Management (mastery):

Enterprise development commonly used methods, using the Web application filter to achieve, user request URL, through the filter to intercept, judge whether the user identity is legal (user authentication), determine whether the requested address is the user's rights within the scope of the URL (authorization).

Shiro:

Shiro is a rights management framework, is an open source project under Apache. Spring security has a stronger dependency on spring than the springsecurity framework is simpler and more flexible. Shiro can implement web System, C/s, distributed and other system rights management.

Shiro certification process: (Master)

1, subject (main) request authentication, call Subject.login (token)

2, SecurityManager (Security Manager) Implementation certification

3, SecurityManager through the Modularrealmauthenticator certification.

4, Modularrealmauthenticator will token to Realm,realm according to the token user information from the database query user information (including identity and credentials)

5, realm If the query does not reach the user to Modularrealmauthenticator return null,modularrealmauthenticator throw an exception (user does not exist)

6, realm if the query to the user to Modularrealmauthenticator return AuthenticationInfo (authentication information)

7, Modularrealmauthenticator holding AuthenticationInfo (authentication information) to carry out vouchers (password) alignment. If consistent, the authentication passes if the exception is not thrown (credential error).

Subject: Main body

Authenticator: Authenticator (Shiro provided)

Realm (custom required): the equivalent of the data source, the authenticator needs to realm from the data source query user identity information and permissions information.