摘要:最近在寫登錄策略配置模塊����,現(xiàn)在通過分析登錄策略配置模塊來說明系統(tǒng)的層次結(jié)構(gòu)�����。這樣實(shí)現(xiàn)起來簡單明了����,不過由于是根據(jù)角色定義登錄限制策略,同一種角色只有一種登錄限制策略�����,對(duì)不同用戶暫時(shí)不能做到多樣性控制��,后期再修正。
最近在寫登錄策略配置LoginConfig模塊�����,現(xiàn)在通過分析登錄策略配置模塊來說明系統(tǒng)的層次結(jié)構(gòu)�����。系統(tǒng)后臺(tái)主要包括四層:
1. 數(shù)據(jù)庫層:包括表�、存儲(chǔ)過程、實(shí)體類
2. 數(shù)據(jù)訪問層:數(shù)據(jù)訪問對(duì)象(也就是Dao層)
3. 后端邏輯層:查詢與命令類
4. Rest接口層:資源類
數(shù)據(jù)庫層
登錄限制策略模塊包括一張login_configs表��,6個(gè)存儲(chǔ)過程(Insertloginconfigs�����,Updateloginconfigs�,Deleteloginconfigs,GetAllFromloginconfigs�,GetloginconfigsById和GetloginconfigsByName),以及一個(gè)LoginConfis的實(shí)體類
LoginConfigs表格只有6個(gè)字段�����,在create_tables.sql中創(chuàng)建表格
//create_tables.sql
CREATE TABLE login_configs (
loginconfig_id uuid NOT NULL,
role_name character varying(255) NOT NULL,
time_limit character varying(4000),
ip_limit character varying(4000),
mac_limit character varying(4000),
other character varying(4000)
);
存儲(chǔ)過程:比如增加Insertloginconfigs
CREATE OR REPLACE FUNCTION Insertloginconfigs(
v_loginconfig_id uuid,
v_role_name VARCHAR(255),
v_time_limit VARCHAR(4000),
v_ip_limit VARCHAR(4000),
v_mac_limit VARCHAR(4000),
v_other VARCHAR(4000)
)RETURNS VOID AS $PROCEDURE$
BEGIN
INSERT INTO login_configs (loginconfig_id,role_name,time_limit,ip_limit,mac_limit,other)
VALUES (v_loginconfig_id,v_role_name,pgp_sym_encrypt(v_time_limit,"engine"),pgp_sym_encrypt(v_ip_limit,"engine"),pgp_sym_encrypt(v_mac_limit,"engine"),pgp_sym_encrypt(v_other,"engine"));
END;$PROCEDURE$
LANGUAGE plpgsql;
實(shí)體類LoginConfig
public class LoginConfigs implements IVdcQueryable, BusinessEntity{
private static final long serialVersionUID = 3090608330047174149L;
//進(jìn)程Id
private Guid id;
@Override
public Guid getId() {
return id;
}
@Override
public void setId(Guid id) {
this.id = id;
}
//角色名
private String roleName;
public String getRoleName() {
return roleName;
}
public void setRoleName(String roleName) {
this.roleName = roleName;
}
//限制時(shí)間
private String timeLimit;
public String getTimeLimit() {
return timeLimit;
}
public void setTimeLimit(String timeLimit) {
this.timeLimit = timeLimit;
}
//限制IP
private String macLimit;
public String getMacLimit() {
return macLimit;
}
public void setMacLimit(String macLimit) {
this.macLimit = macLimit;
}
//限制IP
private String ipLimit;
public String getIpLimit() {
return ipLimit;
}
public void setIpLimit(String ipLimit) {
this.ipLimit = ipLimit;
}
//預(yù)留字段
private String other;
public String getOther() {
return other;
}
public void setOther(String other) {
this.other = other;
}
public LoginConfigs(){
id = Guid.Empty;
roleName = "";
timeLimit = "";
ipLimit = "";
other = "";
}
@Override
public Object getQueryableId() {
return getId();
}
@Override
public int hashCode() {
return Objects.hash(id,roleName,timeLimit,ipLimit,other);
}
@Override
public boolean equals(Object obj) {
if (this == obj) {
return true;
}
if (!(obj instanceof LoginConfigs)) {
return false;
}
LoginConfigs configs = (LoginConfigs) obj;
return Objects.equals(id, configs.id)
&& Objects.equals(roleName, configs.roleName)
&& Objects.equals(timeLimit, configs.timeLimit)
&& Objects.equals(ipLimit, configs.ipLimit)
&& Objects.equals(other, configs.other);
}
}
添加完LoginConfigs.java后配置在Common.gwt.xml中,否則 將不能被部分包所使用
數(shù)據(jù)訪問層
DbFacade:數(shù)據(jù)庫的外觀器
LoginConfigsDao:數(shù)據(jù)訪問對(duì)象接口層
//LoginConfigsDao.java
public interface LoginConfigsDao extends Dao,SearchDao{
void save(LoginConfigs loginConfigs);
void update(LoginConfigs loginConfigs);
void detele(Guid id);
LoginConfigs getById(Guid id);
LoginConfigs getByName(String roleName);
List getAll();
}
LoginConfigsDaoImpl:數(shù)據(jù)訪問對(duì)象實(shí)現(xiàn)類
public class LoginConfigsDaoImpl extends BaseDao implements LoginConfigsDao{
private RowMapper loginConfigsRowMapper = (rs ,rowNum) -> {
LoginConfigs entity = new LoginConfigs();
entity.setId(getGuidDefaultEmpty(rs,"loginconfig_id"));
entity.setRoleName(rs.getString("role_name"));
entity.setTimeLimit(rs.getString("time_limit"));
entity.setIpLimit(rs.getString("ip_limit"));
entity.setMacLimit(rs.getString("mac_limit"));
entity.setOther(rs.getString("other"));
return entity;
};
@Override
public List getAllWithQuery(String query) {
return null;
}
@Override
public void save(LoginConfigs loginConfigs) {
Guid id = loginConfigs.getId();
if(Guid.isNullOrEmpty(id)){
id = Guid.newGuid();
loginConfigs.setId(id);
}
getCallsHandler().executeModification("Insertloginconfigs",createFullParametersMapper(loginConfigs ));
}
@Override
public void update(LoginConfigs loginConfigs) {
getCallsHandler().executeModification("Updateloginconfigs", createFullParametersMapper(loginConfigs));
}
@Override
public void detele(Guid id) {
getCallsHandler().executeModification("Deleteloginconfigs", createIdParameterMapper(id));
}
@Override
public LoginConfigs getById(Guid id) {
return getCallsHandler().executeRead("GetloginconfigsById",loginConfigsRowMapper,createIdParameterMapper(id));
}
@Override
public LoginConfigs getByName(String roleName) {
MapSqlParameterSource parameterSource = getCustomMapSqlParameterSource().addValue("role_name", roleName);
return getCallsHandler().executeRead("GetloginconfigsByName", loginConfigsRowMapper, parameterSource);
}
@Override
public List getAll() {
return getCallsHandler().executeReadList("GetAllFromloginconfigs",loginConfigsRowMapper,getCustomMapSqlParameterSource());
}
private MapSqlParameterSource createIdParameterMapper(Guid id){
return getCustomMapSqlParameterSource().addValue("loginconfig_id", id);
}
private MapSqlParameterSource createFullParametersMapper(LoginConfigs entity) {
return createIdParameterMapper(entity.getId())
.addValue("ip_limit",entity.getIpLimit())
.addValue("mac_limit",entity.getMacLimit())
.addValue("time_limit",entity.getTimeLimit())
.addValue("role_name",entity.getRoleName())
.addValue("other",entity.getOther());
}
}
后端邏輯層
后端邏輯層是對(duì)操作命令化����,把每種操作請(qǐng)求都封裝成命令的形式
[參數(shù)]
1. LoginConfigsOperationParameters 模塊操作的基本參數(shù)類
2. AddLoginConfigsCommand 添加操作的參數(shù)類
3. RemoveLoginConfigsParameters 更新操作的參數(shù)類
4. UpdateLoginConfigsParameters 刪除操作的參數(shù)類
【查詢與命令】
1. GetAllLoginConfigsQuery 獲取所有登錄策略的查詢類
2. GetLoginConfigByIdQuery 根據(jù)id獲取指定的登錄策略的查詢類
3. GetLoginConfigByNameQuery 根據(jù)角色名獲取指定登錄策略的查詢類
4. AddLoginConfigsCommand 添加LoginConfigs的命令類
5. RemoveLoginConfigsCommand 刪除LoginConfigs的命令類
6. UpdateLoginConfigsCommand 更新LoginConfigs的命令類
【類型】
1. VdcActionType 動(dòng)作類型集合
2. VdcQueryType 查詢類型集合
3. VdcObjectType 對(duì)象類型集合
4. ActionGroup 動(dòng)作組集合
//LoginConfigsOperationParameters.java 是所有操作的參數(shù)類的父類
public class LoginConfigsOperationParameters extends VdcActionParametersBase{
private static final long serialVersionUID = 3991635679508928037L;
@Valid
private LoginConfigs loginConfigs;
public LoginConfigsOperationParameters(){
}
public LoginConfigsOperationParameters(Guid id){
this.setId(id);
loginConfigs.setId(id);
}
public LoginConfigsOperationParameters(LoginConfigs _loginConfigs){
loginConfigs = _loginConfigs;
}
public Guid getId(){
return loginConfigs == null ? null : loginConfigs.getId();
}
public void setId(Guid id){
if(loginConfigs == null){
loginConfigs = new LoginConfigs();
}
loginConfigs.setId(id);
}
public String getName(){
return loginConfigs == null ? null : loginConfigs.getRoleName();
}
public void setName(String name){
if(loginConfigs == null){
loginConfigs = new LoginConfigs();
}else {
loginConfigs.setRoleName(name);
}
}
public LoginConfigs getLoginConfigs(){
return loginConfigs;
}
public void setLoginConfigs(LoginConfigs loginConfigs){
this.loginConfigs = loginConfigs;
}
}
添加操作的參數(shù)類
public class AddLoginConfigsParameters extends LoginConfigsOperationParameters{
private static final long serialVersionUID = -7832310521101821905L;
public AddLoginConfigsParameters(LoginConfigs loginConfigs){
super(loginConfigs);
}
}
獲取所有登錄策略的查詢類
public class GetAllLoginConfigsQuery extends QueriesCommandBase
{
public GetAllLoginConfigsQuery(P parameters) {
super(parameters);
}
@Override
protected void executeQueryCommand() {
getQueryReturnValue().setReturnValue(getDbFacade().getLoginConfigsDao().getAll());
}
}
添加登錄限制策略的命令類
public class AddLoginConfigsCommand extends AbstractCommand {
public AddLoginConfigsCommand(T parameters, CommandContext cmdContext) {
super(parameters, cmdContext);
}
public AddLoginConfigsCommand(Guid commandId) {
super(commandId);
}
@Override
protected void executeCommand() {
DbFacade dbFacade = DbFacade.getInstance();
getParameters().setId(Guid.newGuid());
DbUser user = getCurrentUser();
LoginConfigs configs = getParameters().getLoginConfigs();
if (configs == null) {
setSucceeded(false);
return;
}
String roleName = configs.getRoleName() == null ? "" : configs.getRoleName();
if (user != null) {
if (user.getLoginName().equals("systemAdmin")) {
setSucceeded(false);
} else if (user.getLoginName().equals("securityAdmin")) {
//保密員配置普通用戶角色的登錄策略
if (roleName.contains("SystemAdmin") || roleName.contains("AuditAdmin")|| roleName.contains("UserRole")) {
dbFacade.getLoginConfigsDao().save(configs);
setSucceeded(true);
}
} else if (user.getLoginName().equals("auditAdmin")) {
if (roleName.contains("SecurityAdmin")) {
dbFacade.getLoginConfigsDao().save(configs);
setSucceeded(true);
}
}
} else {
setSucceeded(false);
}
}
//檢測(cè)權(quán)限
@Override
public List getPermissionCheckSubjects() {
return Collections.singletonList(new PermissionSubject(Guid.SYSTEM,
VdcObjectType.System, ActionGroup.LOGIN_CONFIG));
}
//記錄日志
@Override
public AuditLogType getAuditLogTypeValue() {
return getSucceeded() ? AuditLogType.ADD_LOGIN_CONFIGS
: AuditLogType.ADD_LOGIN_CONFIGS_ERROR;
}
}
VdcQueryType.java 對(duì)新增的查詢類添加對(duì)應(yīng)的枚舉類
GetAllLoginConfigs(RoleType.USER),
GetLoginConfigById(RoleType.USER),
GetLoginConfigByName(RoleType.USER),
VdcActionType 對(duì)新增的命令類添加對(duì)應(yīng)的枚舉類
AddLoginConfigs(8004,ActionGroup.LOGIN_CONFIG,false,QuotaDependency.NONE),
UpdateLoginConfigs(8005,ActionGroup.LOGIN_CONFIG,false,QuotaDependency.NONE),
RemoveLoginConfigs(8006,ActionGroup.LOGIN_CONFIG,false,QuotaDependency.NONE),
ActionGroup 與角色權(quán)限有關(guān)
LOGIN_CONFIG(1701,RoleType.USER, false),
Rest接口層
BackendLoginConfigsResource 主資源實(shí)現(xiàn)類
BackendLoginConfigResource 子資源實(shí)現(xiàn)類
BackendApiResource 后臺(tái)應(yīng)用類���,用于分發(fā)請(qǐng)求
LoginConfigsResource 主資源接口類
LoginConfigResource 子資源接口類
SystemResource
LoginConfigsResource 主資源
@Produces(ApiMediaType.APPLICATION_JSON)
public interface LoginConfigsResource {
@POST
@Consumes(ApiMediaType.APPLICATION_JSON)
default Response add(LoginConfigs loginConfigs) {
throw new UnsupportedOperationException();
}
@GET
default List list() {
throw new UnsupportedOperationException();
}
@POST
@Consumes(ApiMediaType.APPLICATION_JSON)
@Path("getByname")
default LoginConfigs getByName (LoginConfigs loginConfigs) {
throw new UnsupportedOperationException();
}
@Path("{id}")
LoginConfigResource getLoginConfigResource(@PathParam("id") String id);
}
LoginConfigResource 子資源
@Produces({ApiMediaType.APPLICATION_XML, ApiMediaType.APPLICATION_JSON})
public interface LoginConfigResource {
@DELETE
default Response remove() {
throw new UnsupportedOperationException();
}
@GET
default LoginConfigs get() {
throw new UnsupportedOperationException();
}
@PUT
@Consumes(ApiMediaType.APPLICATION_JSON)
default LoginConfigs update(LoginConfigs loginConfigs) {
throw new UnsupportedOperationException();
}
}
BackendLoginConfigsResource 主資源實(shí)現(xiàn)類
public class BackendLoginConfigsResource extends BackendResource implements LoginConfigsResource {
@Override
public Response add(LoginConfigs loginConfigs) {
return performAction(VdcActionType.AddLoginConfigs,new AddLoginConfigsParameters(loginConfigs));
}
@Override
public List list() {
VdcQueryReturnValue returnValue = runQuery(VdcQueryType.GetAllLoginConfigs, new VdcQueryParametersBase());
return returnValue.getReturnValue();
}
@Override
public LoginConfigs getByName(LoginConfigs loginConfigs) {
String roleName = loginConfigs.getRoleName();
VdcQueryReturnValue returnValue = runQuery(VdcQueryType.GetLoginConfigByName, sessionize(new NameQueryParameters(roleName)));
return returnValue.getReturnValue();
}
@Override
public LoginConfigResource getLoginConfigResource(String id) {
return inject(new BackendLoginConfigResource(id));
}
}
BackendLoginConfigsResource 子資源實(shí)現(xiàn)類
public class BackendLoginConfigResource extends BackendResource implements LoginConfigResource{
protected Guid id;
public BackendLoginConfigResource(String id){
this.id = asGuid(id);
}
@Override
public Response remove(){
return performAction(VdcActionType.RemoveLoginConfigs,new RemoveLoginConfigsParameters(id));
}
@Override
public LoginConfigs get(){
VdcQueryReturnValue returnValue = runQuery(VdcQueryType.GetLoginConfigById, sessionize(new IdQueryParameters(id)));
return returnValue.getReturnValue();
}
@Override
public LoginConfigs update(LoginConfigs loginConfigs) {
loginConfigs.setId(this.id);
Response response = performAction(VdcActionType.UpdateLoginConfigs,new UpdateLoginConfigsParameters(loginConfigs));
if (response.getStatus() == 200) {
return runQuery(VdcQueryType.GetLoginConfigById, sessionize(new IdQueryParameters(id))).getReturnValue();
}
return null;
}
}
systemResource
@Path("/")
@Produces(MediaType.APPLICATION_JSON)
public interface SystemResource {
@Path("loginConfigs")
LoginConfigsResource getLoginConfigsResource();
....
}
至此登錄限制策略的后臺(tái)接口已完成,可通過loginconfigs接口對(duì)登錄策略進(jìn)行增刪改查�����。這樣實(shí)現(xiàn)起來簡單明了�����,不過由于是根據(jù)角色定義登錄限制策略���,同一種角色只有一種登錄限制策略,對(duì)不同用戶暫時(shí)不能做到多樣性控制�����,后期再修正�。還有就是有多條限制策略時(shí)都存在同一張表的同一個(gè)字段中,前臺(tái)需做一些處理���。
