堆栈内存溢出
  简体   繁体   English

在基于Spring的Web应用程序中,在运行时控制对服务/屏幕访问的访问的最佳实践

[英]Best Practice to control access to service/screen access during run time in Spring based web application

 原文  2011-12-02 10:30:26       java/ spring/ servlets/ servlet-filters

问题描述

I manage few spring based web applications. 我管理一些基于Spring的Web应用程序。 for example if my client is a flex application, with many modules/screens. 例如,如果我的客户是一个Flex应用程序,具有许多模块/屏幕。 Access to the screen or page or even a spring service is controlled by spring security based on the user role. 弹簧安全性基于用户角色来控制对屏幕或页面甚至是弹簧服务的访问。

At certain time we may want to block access to that screen or service completely irrespective of the access granted by role. 在某些时候,我们可能希望完全阻止对该屏幕或服务的访问,而不考虑角色授予的访问权限。 May be we want to take down a specific page/screen or a service for maintenance. 可能是我们想要删除特定的页面/屏幕或维护服务。 and enable it after certain time. 并在一定时间后启用它。 What is the best practice to achieve it. 什么是实现它的最佳实践。 I do not want to restart the application. 我不想重新启动应用程序。

I think of using some filter, so every request will pass through the filter and this filter will have the logic to check , if the current operation or view is allowed or disabled. 我考虑使用某些过滤器,因此每个请求都将通过该过滤器,并且此过滤器将具有检查的逻辑,以了解是否允许或禁用当前操作或视图。 Is this the better way to handle it. 这是处理它的更好方法。 or Is there any other solution. 或还有其他解决方案。 What is the best practice. 最佳做法是什么?

2 个解决方案

解决方案1
 0 已采纳  2011-12-02 10:36:47

Servlet filtler is a good choice if you want to block pages known by URL. 如果要阻止URL已知的页面,则Servlet过滤器是一个不错的选择。 This solution is simple and pretty straightforward. 这个解决方案很简单,也很简单。

Spring aspect will be better if you want to block services. 如果要阻止服务,Spring方面会更好。 Just wrap classes you would like to block and perform a check prior to calling it. 只需包装您要阻止的类并在调用它之前执行检查。 Throw a specific exception that you can handle in the presentation layer. 引发您可以在表示层中处理的特定异常。

We implemented a similar feature once in REST-based application. 我们曾经在基于REST的应用程序中实现了类似的功能。 A global filter/aspect blocks all non-GET methods effectively switching an application to read-only mode. 全局过滤器/方面阻止所有非GET方法,从而有效地将应用程序切换到只读模式。

解决方案2
 0  2011-12-02 13:30:31

You can always front your application with an apache httpd (or some other reverse-proxy web-front) and control access to individual URL-patterns there. 您始终可以使用apache httpd(或其他一些反向代理的web-front)在您的应用程序前面进行操作,并在那里控制对单个URL模式的访问。 That also gives you the added benefit that you can actually have a nice maitenance-page up while you take down the entire application. 这还给您带来了额外的好处,即您可以在删除整个应用程序的同时进行漂亮的维护。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 什么是访问数据库的最佳基于Web的应用程序 - What is the best web based application to access a database 在服务层访问HttpServletrequest是最佳实践? - Access HttpServletrequest at service layer, which is the best practice? 春季基于权限的访问控制 - Permission based access control in spring 在Spring Boot应用程序中组织服务,服务实现和存储库的最佳实践 - Best practice to organize service,service implementation and repository in a spring boot application 获取在线Web服务应用程序的应用程序模块的最佳实践 - Best practice to get Application Module for Online Web Service application 最佳实践是在保存数据时阻止对应用程序的访问? - Best practice to block access to application while saving data? 在基于Spring jersey的应用程序中无法访问Cookie - Can not access cookies in spring jersey based application 检票口和数据库访问的最佳实践 - best practice for wicket and db access Java Access Modifier最佳实践 - Java Access Modifier Best Practice iPad应用程序-访问基于Java的Web服务器 - Ipad application - Access a java based web server
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM