Our's is a product specific to a domain.Here are some of the typical security use cases,
我们的是一个特定于域的产品。这里有一些典型的安全用例,
- A normal User can edit only his profile data or anybody data based on permission
- A user can see only data that belongs to his department while another user can data from all departments
普通用户只能根据权限编辑他的个人资料数据或任何人数据
用户只能看到属于他所在部门的数据,而另一个用户可以看到来自所有部门的数据
These requirements changes from customer to customer so we can not just hard code the filtering logic in our application code or maintain multiple versions of the application.
这些要求因客户而异,因此我们不仅可以在应用程序代码中对过滤逻辑进行硬编码,也可以维护应用程序的多个版本。
We use Hibernate criteria based filtering and like to add additional Restrictions based on some expressions associated with a Permission. An expression for use case 1, mentioned above, may look like this, 'userId=user.userId' where 'user' is a keyword and represents current authenticated user and 'userId' is a property of the object for which criteria is created.
我们使用基于Hibernate标准的过滤,并喜欢根据与Permission相关的一些表达式添加其他限制。上面提到的用例1的表达式可能如下所示,'userId = user.userId'其中'user'是关键字并表示当前经过身份验证的用户,'userId'是为其创建条件的对象的属性。
We want to define a dsl using which we can derive criteria restriction as well as 'where' clause for sql.
我们想要定义一个dsl,使用它可以导出条件限制以及sql的'where'子句。
Are there any existing frameworks which will enable us to do it, without going for dsl? Based on the use cases mentioned above, do you think it can be achieved in different way?
是否有任何现有的框架可以让我们这样做,而无需使用dsl?基于上述用例,您认为可以通过不同的方式实现吗?
Additional Info: We define only domain objects with some meta information to generate UI. Persistence, security etc are taken care by our core framework.
附加信息:我们仅定义具有一些元信息的域对象以生成UI。我们的核心框架负责持久性,安全性等。
2 个解决方案
#1
2
Have you tested Hibernate filters? They are great mechanism for record level filtering, you can define multiple filters (for example two filters for your case) on each entity and enable or disable them according to current user. Shall mention that filters can accept parameters (for example your current user id).
你测试过Hibernate过滤器了吗?它们是记录级别过滤的绝佳机制,您可以在每个实体上定义多个过滤器(例如,针对您的案例使用两个过滤器),并根据当前用户启用或禁用它们。应该提到过滤器可以接受参数(例如您当前的用户ID)。
We have used this great feature of Hibernate 3 on a large project, which had a hierarchical organization unit and that worked fine.
我们在一个大型项目中使用了Hibernate 3的这个强大功能,该项目具有分层组织单元并且工作正常。
By the way if you use Oracle as your database, consider Oracle's virtual private database feature.
顺便说一句,如果您使用Oracle作为数据库,请考虑Oracle的虚拟专用数据库功能。
#2
1
We decided to go with our own dsl using antlr
我们决定使用antlr使用我们自己的dsl
#1
2
Have you tested Hibernate filters? They are great mechanism for record level filtering, you can define multiple filters (for example two filters for your case) on each entity and enable or disable them according to current user. Shall mention that filters can accept parameters (for example your current user id).
你测试过Hibernate过滤器了吗?它们是记录级别过滤的绝佳机制,您可以在每个实体上定义多个过滤器(例如,针对您的案例使用两个过滤器),并根据当前用户启用或禁用它们。应该提到过滤器可以接受参数(例如您当前的用户ID)。
We have used this great feature of Hibernate 3 on a large project, which had a hierarchical organization unit and that worked fine.
我们在一个大型项目中使用了Hibernate 3的这个强大功能,该项目具有分层组织单元并且工作正常。
By the way if you use Oracle as your database, consider Oracle's virtual private database feature.
顺便说一句,如果您使用Oracle作为数据库,请考虑Oracle的虚拟专用数据库功能。
#2
1
We decided to go with our own dsl using antlr
我们决定使用antlr使用我们自己的dsl