stackoom
  简体   繁体   中英

spring-hibernate service/dao security design query

 原文  2011-05-13 21:08:28       java/ hibernate/ spring/ design-patterns

Question

I am trying to create various services, such as: 

UserService
UserPermissionService
AddressBookService

Which would access dao's such as: 

UserDao
UserPermissionDao
AddressBookDao
CompanyDao

These will use Spring-Hibernate stack and be packaged in a backend jar for multiple webapps. I want the service functionality to be available depending on the permission of the calling user object. Also, Caller (user) object will have permissions of the calling user.

Query : Should I pass Caller to each Service method call and then check its permission? Or is there a better way using 'Spring/AOP' and/or 'Factory Pattern' where the Caller object can be available to the Service methods.

1 answers

solution1
 2 ACCPTED  2011-05-13 21:20:07

这种情况的一种模式是将安全性令牌存储在ThreadLocal中,并在服务方法中首先要求该令牌具有相应的权限。

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Spring-Hibernate DAO naming convention? Spring-Hibernate, Many to Many relationship query Design pattern for Generic Dao, service layer in Spring without use of Hibernate Spring-hibernate debug Spring-Hibernate Spring-Hibernate @Transactional service methods do not automatically commit Spring-Hibernate can not autowire DAO Layer. [No Qualifying bean … at least …] Spring-hibernate mapping problem Spring-Hibernate Integration Framework Test spring hibernate dao and service layers
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM