堆栈内存溢出
  简体   繁体   English

如何设计我的 Spring 程序,以便当用户登录时,我可以判断他们是教职员工、学生还是教职员工?

[英]How can I design my Spring program so that when a user logs in I can tell if they are a Staff member, student or faculty member?

 原文  2020-08-08 18:28:21       java/ authentication/ spring-security/ database-design/ authorization

问题描述

A little more detail.再详细一点。 Like I said I'm building this University Management System and it will have user authentication.就像我说的那样,我正在构建这个大学管理系统,它将具有用户身份验证。 It will also user authorization for some parts of the web layer, for example only a Student will be able to access the Student web portal to add/drop classes and only a Faculty will be able to use the faculty portal to grade students and see their list of course.它还将对 web 层的某些部分进行用户授权,例如,只有学生能够访问学生 web 门户以添加/删除课程,并且只有教职员工能够使用教师门户对学生进行评分并查看他们的当然名单。

Here is the problem: When someone logs in (This is all using Spring Security and Spring MVC btw) I need to be able to tell if this a student, faculty or staff ideally from the login info itself.这是问题:当有人登录时(这都是使用 Spring 安全和 Spring MVC 顺便说一句)我需要能够从登录信息本身判断这是否是学生、教职员工。 And querying each table until I find a match seems like TERRIBLE design.并且查询每个表直到我找到匹配项似乎是可怕的设计。 Each Entity inherits from a common abstract class Person but the interface that they share is very basic, they have getters and setters for the ID, first name, last name ect.每个实体都继承自一个通用抽象 class 人员,但它们共享的接口非常基本,它们具有用于 ID、名字、姓氏等的 getter 和 setter。 I could store the Authorization role in the abstract class and that would tell me if this Person instance is a Staff, Student or Faculty and then check the role to figure what specific subclass I am using but that seems contrived as well.我可以将授权角色存储在抽象 class 中,这会告诉我这个 Person 实例是员工、学生还是教职员工,然后检查角色以确定我正在使用的特定子类,但这似乎也是人为的。 Is there a intuitive and common sense way to approach this problem?有没有一种直观和常识性的方法来解决这个问题?

1 个解决方案

解决方案1
 0  2020-08-08 18:50:35

I think you could create an enum field in the entity class called userType, and then create a filter class that determine the access to the functions located in the api layer, based on the userType of the user.我认为您可以在名为 userType 的实体 class 中创建一个枚举字段,然后创建一个过滤器 class 来确定对位于 api 层中的函数的访问,基于 userType。 You can get the userType efficiently by requesting it from the DB and store it in a data structure (like HashMap) on the server after the user logged in.您可以通过从数据库中请求它来有效地获取 userType,并在用户登录后将其存储在服务器上的数据结构(如 HashMap)中。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 我如何知道在内部(成员)类上使用哪个构造函数? - How can I tell which constructor to use on an inner (member) class? 如何在运行时告知Java 1.4类型或成员已弃用? - How can I tell at runtime that a Java 1.4 type or member is deprecated? 打印所有学生记录时,如何使我的程序恢复正常? - How can I get my program back on track when printing out all student records? Java中的学生,教职员工目录 - Student, Faculty, Staff Directory in Java 如何检查用户是否是电报组的成员? - How can I check whether a user is a member of a Telegram group? 如何检测会员在 JDA 中是否更改了其他会员的昵称? - How can I detect if a member changed the nickname of a other member in JDA? 我怎么能告诉玻璃鱼我春季依赖注射? - how i can tell glassfish about my spring dependancy injection? 如何创建一个 ImmutableList 作为成员变量? - How can I create an ImmutableList as a member variable? 如何获得我的学生成绩计算器程序中类似成绩字母的总数 - how can i get the total number of similar grade letters in my student grade calculator program 如何检查该点是否是Set的成员? - How can I check if the point is a member on the Set?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM