I am trying to create various services, such as:
UserService
UserPermissionService
AddressBookService
Which would access dao's such as:
UserDao
UserPermissionDao
AddressBookDao
CompanyDao
These will use Spring-Hibernate stack and be packaged in a backend jar for multiple webapps. I want the service functionality to be available depending on the permission of the calling user object. Also, Caller (user) object will have permissions of the calling user.
Query : Should I pass Caller to each Service method call and then check its permission? Or is there a better way using 'Spring/AOP' and/or 'Factory Pattern' where the Caller object can be available to the Service methods.
这种情况的一种模式是将安全性令牌存储在ThreadLocal中,并在服务方法中首先要求该令牌具有相应的权限。
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.