CN118395418A - Shiro-based user permission security management method and device, electronic equipment and medium - Google Patents
Shiro-based user permission security management method and device, electronic equipment and medium Download PDFInfo
- Publication number
- CN118395418A CN118395418A CN202410841350.4A CN202410841350A CN118395418A CN 118395418 A CN118395418 A CN 118395418A CN 202410841350 A CN202410841350 A CN 202410841350A CN 118395418 A CN118395418 A CN 118395418A
- Authority
- CN
- China
- Prior art keywords
- information
- configuration information
- configuration
- user
- user information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000007726 management method Methods 0.000 title claims abstract description 32
- 230000004048 modification Effects 0.000 claims abstract description 40
- 238000012986 modification Methods 0.000 claims abstract description 40
- 238000000034 method Methods 0.000 claims abstract description 33
- 230000008520 organization Effects 0.000 claims abstract description 11
- 238000012216 screening Methods 0.000 claims description 9
- 238000004590 computer program Methods 0.000 claims description 6
- 238000012545 processing Methods 0.000 abstract description 8
- 230000008569 process Effects 0.000 description 8
- 239000000284 extract Substances 0.000 description 6
- 238000004891 communication Methods 0.000 description 5
- 238000010586 diagram Methods 0.000 description 4
- 230000006870 function Effects 0.000 description 4
- 230000008859 change Effects 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 230000002093 peripheral effect Effects 0.000 description 2
- 230000001360 synchronised effect Effects 0.000 description 2
- 230000009466 transformation Effects 0.000 description 2
- KLDZYURQCUYZBL-UHFFFAOYSA-N 2-[3-[(2-hydroxyphenyl)methylideneamino]propyliminomethyl]phenol Chemical compound OC1=CC=CC=C1C=NCCCN=CC1=CC=CC=C1O KLDZYURQCUYZBL-UHFFFAOYSA-N 0.000 description 1
- 241001310793 Podium Species 0.000 description 1
- 238000012550 audit Methods 0.000 description 1
- 238000012937 correction Methods 0.000 description 1
- 201000001098 delayed sleep phase syndrome Diseases 0.000 description 1
- 208000033921 delayed sleep phase type circadian rhythm sleep disease Diseases 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000000605 extraction Methods 0.000 description 1
- 238000001914 filtration Methods 0.000 description 1
- 230000037361 pathway Effects 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2113—Multi-level security, e.g. mandatory access control
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The application relates to the technical field of data processing, in particular to a shiro-based user authority security management method, a shiro-based user authority security management device, electronic equipment and a medium, wherein the method comprises the steps of obtaining login information; judging whether the login information has the authority of an administrator or not; if the login information has the administrator authority, acquiring new information to establish first user information; acquiring employee information and binding the employee information with the first user information; establishing role information, organization information and association with the first user information based on the employee information to perfect the first user information, and taking the perfect first user information as second user information; configuration modification information is acquired and the second user information is configured based on the configuration modification information. The application has the effect of reasonably defining the user authority.
Description
Technical Field
The present application relates to the field of data processing technologies, and in particular, to a shiro-based user permission security management method, device, electronic apparatus, and medium.
Background
With the development of technology, the demands of enterprise digital transformation are increasing. In the digital transformation process, user authority control of staff is involved, and the authority control is related to data security of enterprises. In the related art, the authority control of the staff is difficult to effectively control the authority of the staff, and the conditions of unauthorized access and unauthorized use are easy to occur.
Disclosure of Invention
In order to reasonably define user rights, the application provides a shiro-based user rights security management method, a shiro-based user rights security management device, electronic equipment and a medium.
The user authority security management method based on shiro provided by the application adopts the following technical scheme:
a user authority security management method based on shiro comprises the following steps:
Acquiring login information;
judging whether the login information has the authority of an administrator or not;
if the login information has the administrator authority, acquiring new information to establish first user information;
acquiring employee information and binding the employee information with the first user information;
establishing role information, organization information and association with the first user information based on the employee information to perfect the first user information, and taking the perfect first user information as second user information;
Configuration modification information is acquired and the second user information is configured based on the configuration modification information.
By adopting the technical scheme, whether the logged-in personnel has the authority of the administrator is judged, and if the logged-in personnel has the authority of the administrator, the personnel can establish a new user and configure the new user. After the electronic equipment acquires the establishment information, the first user information is established, then the electronic equipment acquires the employee information and binds the employee information with the first user information, namely the newly-built first user is used by the employee later. And then the electronic equipment establishes role information, organization architecture information and amateur first user information association based on the staff information, so that the process of perfecting the first user information is realized. And the electronic equipment acquires configuration modification information and configures the second user information based on the configuration modification information, namely acquires information such as modification rights and the like, and configures the second user information based on the acquired information such as modification rights and the like.
Optionally, before the acquiring the configuration modification information, the method further includes:
Acquiring a configuration information template;
screening the configuration information templates based on the second user information to obtain a first configuration information template;
The second user information is configured based on the first configuration information template.
By adopting the technical scheme, before the electronic equipment acquires the configuration modification information, the electronic equipment acquires the configuration information template, and the electronic equipment screens the configuration information template based on the second user information, so that the first configuration information template conforming to the second user information is screened out, and then the electronic equipment configures the second user information based on the first configuration information template, so that intelligent configuration is realized, the operation flow is simplified, and manual operation is reduced.
Optionally, the method includes:
acquiring history configuration information;
judging whether corresponding first configuration information exists in the history configuration information or not based on the second user information;
Screening the historical configuration information based on the second user information to obtain all the first configuration information if the first configuration information exists;
Acquiring a first quantity of the first configuration information;
if the first quantity is one, correcting a first configuration information template based on the first configuration information;
If the first quantity is larger than one, extracting the same configuration information in the first configuration information and taking the extracted configuration information as second configuration information;
And correcting the first configuration information template based on the second configuration information.
By adopting the technical scheme, the electronic equipment acquires the historical configuration information, then judges whether corresponding first configuration information exists in the historical configuration information summary based on the second user information, namely judges whether the configuration information for configuring the second user information exists in the historical configuration information, if the first configuration information exists, the electronic equipment screens all the first configuration information, then acquires the first quantity of the first configuration information, if the first quantity is one, the electronic equipment corrects the first configuration information template based on the first configuration information, if the first quantity is more than one, the same configuration information in the first configuration information is extracted, the extracted configuration information is used as the second configuration information, and the electronic equipment corrects the first configuration information template based on the second configuration information. And updating the first configuration information template in real time, so that the first configuration information template can be better adapted. And when the number of the first configuration information is greater than one, the same configuration information is screened out to correct the first configuration information template, so that the special cases in the first configuration information template can be removed to a certain extent, and the first configuration information template can have universality.
Optionally, after said modifying the first configuration information template based on the second configuration information, the method further includes:
Judging whether configuration updating information exists or not;
And if the configuration updating information exists, correcting the first configuration information template based on the configuration updating information.
By adopting the technical scheme, after the electronic equipment corrects the first configuration information template based on the second configuration information, the electronic equipment judges whether the configuration update information exists, namely the configuration information can be added or subtracted, and if the configuration update information exists, the electronic equipment corrects the first configuration information template based on the configuration update information, namely synchronously updates the first configuration information template, so that the operation steps can be reduced when the second user information is configured based on the first configuration information template.
Optionally, before said modifying the first configuration information template based on the second configuration information, the method further comprises:
Sorting the history configuration information according to a time sequence;
Extracting the history configuration information of the last time and taking the extracted history configuration information as third configuration information;
Judging whether the third configuration information has configuration information different from the second configuration information;
if the configuration information exists, extracting configuration information which is different from the third configuration information and the second configuration information, and taking the extracted configuration information as fourth configuration information;
Modifying the second configuration information based on the fourth configuration information.
By adopting the technical scheme, before the electronic device corrects the first configuration information template based on the second configuration information, the electronic device sorts the historical configuration information according to time sequence, extracts the last historical configuration information, takes the extracted historical configuration information as third configuration information, judges whether the third configuration information exists in the configuration information with different second configuration information or not, namely judges whether the last historical configuration information which is the latest time from the current configuration operation exists in the configuration information with different second configuration information or not, if the last historical configuration information exists in the configuration information with different second configuration information, extracts the configuration information with different third configuration information and takes the extracted configuration information as fourth configuration information, and corrects the second configuration information based on the fourth configuration information. In the latest configuration, new changes may exist, so different configuration information exists, and at this time, the second configuration information is modified based on the fourth configuration information, so that the second configuration information can be supplemented, and thus, the first configuration information template can be modified more perfectly.
Optionally, before said modifying the second configuration information based on the fourth configuration information, the method further comprises:
Obtaining peer configuration information;
judging whether the fourth configuration information comprises override configuration information or not based on the peer configuration information;
Wherein the peer configuration information is all the configuration information corresponding to the second user information, and the override configuration information is configuration information exceeding the peer configuration information;
and if the fourth configuration information comprises the override configuration information, deleting the override configuration information in the fourth configuration information.
By adopting the technical scheme, before the electronic equipment modifies the second configuration information based on the fourth configuration information, the electronic equipment acquires the same-level configuration information, judges whether the fourth configuration information comprises the override configuration information based on the same-level configuration information, and if the fourth configuration information comprises the override configuration information, deletes the override configuration information in the fourth configuration information. The override configuration information does not have universality, so that the override configuration information needs to be deleted, and the second user information can be better adapted when the first configuration information template is corrected.
Optionally, after the acquiring the configuration modification information and configuring the second user information based on the configuration modification information, the method further includes:
Obtaining peer configuration information;
Judging whether the configured second user information comprises override configuration information or not;
Wherein the peer configuration information is all the configuration information corresponding to the second user information, and the override configuration information is configuration information exceeding the peer configuration information;
and if the override configuration information is included, synchronizing the second user information to the auditing user.
By adopting the technical scheme, after the second user information is configured, judging whether the second user information comprises override configuration information or not, and if so, synchronizing the second user information to an auditing user so as to enable the auditing user to audit the second user information.
In a second aspect, the present application provides a user authority security management device based on shiro, which adopts the following technical scheme:
The first acquisition module is used for acquiring login information;
the judging module is used for judging whether the login information has the authority of an administrator or not; if the login information has the administrator authority, transferring to an establishment module;
The building module is used for obtaining the new information to build the first user information;
The binding module is used for obtaining employee information and binding the employee information with the first user information;
The establishment perfecting module is used for establishing role information, organization information and association with the first user information based on the employee information so as to perfect the first user information, and taking the perfected first user information as second user information;
And the acquisition configuration module is used for acquiring configuration modification information and configuring the second user information based on the configuration modification information.
In a third aspect, the present application provides an electronic device, which adopts the following technical scheme:
an electronic device comprising a processor coupled with a memory; the processor is configured to execute a computer program stored in the memory to cause the electronic device to perform the method according to the first aspect.
In a fourth aspect, the present application provides a computer readable storage medium, which adopts the following technical scheme:
a computer readable storage medium comprising a computer program or instructions which, when run on a computer, cause the computer to perform the method of the first aspect.
Drawings
Fig. 1 is a flowchart of a user authority security management method based on shiro in the present embodiment.
Fig. 2 is a block diagram of a user right security management apparatus based on shiro in the present embodiment.
Fig. 3 is a block diagram of the electronic device of the present embodiment.
Detailed Description
The application is described in further detail below with reference to fig. 1-3.
The present embodiment is merely illustrative of the application and not intended to be limiting, and a person skilled in the art, after having read the present description, may make modifications to the embodiment without creative contribution as required, but is protected by patent laws within the scope of the claims of the present application.
For the purpose of making the objects, technical solutions and advantages of the embodiments of the present application more apparent, the technical solutions of the embodiments of the present application will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present application, and it is apparent that the described embodiments are some embodiments of the present application, but not all embodiments of the present application. All other embodiments, which can be made by a user of ordinary skill in the art without inventive effort, are within the scope of the present application based on the embodiments of the present application.
In addition, the term "and/or" herein is merely an association relationship describing an association object, and means that three relationships may exist, for example, a and/or B may mean: a exists alone, A and B exist together, and B exists alone. In this context, unless otherwise specified, the term "/" generally indicates that the associated object is an "or" relationship.
The embodiment of the application discloses a user authority security management method based on shiro. The shiro-based user rights security management method may be performed by an electronic device. The electronic device may be a server or a terminal device, where the server may be an independent physical server, or may be a server cluster or a distributed system formed by multiple physical servers, or may be a cloud server that provides cloud computing services. The terminal device may be, but is not limited to, a smart phone, a tablet computer, a desktop computer, etc.
The embodiment of the application discloses a user authority security management method based on shiro. Referring to fig. 1, a main flow of the user authority security management method based on shiro is described as follows (S100 to S600):
Step S100, obtaining login information;
Step S200, judging whether the login information has the authority of an administrator, and if the login information has the authority of the administrator, turning to step S300;
Step S300, acquiring new information to establish first user information;
step S400, staff information is obtained and bound with first user information;
Step S500, role information and organization information are established based on employee information and are associated with the first user information to perfect the first user information, and the perfect first user information is used as second user information;
s600, acquiring configuration modification information and configuring second user information based on the configuration modification information.
After the electronic equipment acquires the login information, judging whether the login information has the authority of an administrator, and if the login information has the authority of the administrator, indicating that a new user can be created and relevant setting can be carried out on the new user. After the electronic equipment acquires the newly built information, the first user information is built, then the employee information is acquired, the employee information is bound with the first user information, and the first user can be used by the employee later. And establishing role information, organization information and associating with the first user information based on the employee information, thereby perfecting the first user information and acting the perfected first user information as second user information. After the user information is perfected, the electronic equipment acquires configuration modification information, and configures second user information based on the configuration modification information, namely after the corresponding employee is determined, the authority of the employee needs to be modified so that the employee can exercise the corresponding processing authority, and therefore the second user information needs to be configured.
For example, the employee information may include the name, age, etc. of the employee, the employee will bear a certain job after entering the job, the job is role information of the employee, and the corresponding department structure and personnel structure of the job where the employee is located are organization information.
In this embodiment, the rights to the configuration user are implemented using a low code platform and in conjunction with shiro middleware. shiro has huge community support, has the characteristics of good performance, high flexibility and simple and convenient use, and can enable developers to quickly realize the authority management function of the platform by combining the two characteristics, so that the cost is saved.
As an optional implementation manner of the embodiment of the present application, before acquiring the configuration modification information, the method further includes: acquiring a configuration information template; screening the configuration information templates based on the second user information to obtain a first configuration information template; the second user information is configured based on the first configuration information template.
Before configuration modification information is obtained, the electronic equipment obtains a configuration information template, and then filters the configuration information template based on second user information, so that a first configuration information template is obtained, namely, the second user information is used as a filtering condition, the configuration information template suitable for a second user is screened out, the second user information is configured by using the suitable configuration information template, the operation of staff with manager authority can be simplified to a certain extent, and the staff is not required to complete configuration from blank.
As an optional implementation manner of the embodiment of the present application, history configuration information is obtained; judging whether corresponding first configuration information exists in the history configuration information or not based on the second user information; screening the historical configuration information based on the second user information to obtain all the first configuration information if the first configuration information exists; acquiring a first quantity of first configuration information; if the first quantity is one, correcting the first configuration information template based on the first configuration information; if the first quantity is greater than one, extracting the same configuration information in the first configuration information and taking the extracted configuration information as second configuration information; the first configuration information template is modified based on the second configuration information.
The electronic device acquires the historical configuration information, namely the electronic device acquires all the configuration information recorded before the current time, then judges whether corresponding first configuration information exists in the historical configuration information based on the second user information, namely whether the first configuration information applicable to the second user information exists or not, if the first configuration information exists, screens the historical configuration information based on the second user information to obtain all the first configuration information, then acquires the first quantity of the first configuration information, judges whether the first quantity is one, if the first quantity is one, the electronic device corrects the first configuration information template based on the first configuration information, the first configuration information template is not fixed but is follow-up, and because the authority, organization information and the like corresponding to the same role possibly change for a user, the template follow-up mode is adopted, so that the configuration can be better carried out, and the operation of staff with the manager authority is simplified. If the first number is greater than one, the electronic device extracts the same configuration information in the first configuration information, takes the extracted configuration information as second configuration information, corrects the first configuration information template based on the second configuration information, extracts common configuration information, corrects the first configuration information template based on the common part, and can basically determine that the configuration information is necessarily needed by the second user information, so that the corrected first configuration information template can be better adapted to the second user information.
The whole configuration process of a newly-built user information by a staff member with the authority of an administrator is one-time history configuration information. The historical configuration information of each time can comprise one piece of configuration information or a plurality of pieces of configuration information. One piece of user information may correspond to only one authority, and the historical configuration information only includes one piece of configuration information; one piece of user information may also correspond to a plurality of rights, and this time, the history configuration information includes a plurality of pieces of configuration information.
As an alternative implementation manner of the embodiment of the present application, after correcting the first configuration information template based on the second configuration information, the method further includes: judging whether configuration updating information exists or not; if the configuration updating information exists, the first configuration information template is modified based on the configuration updating information.
After correcting the first configuration information template based on the second configuration information, the electronic device determines whether there is configuration update information, that is, new configuration information may exist in the system, but has not been configured for the user before, so there is no configuration information in the history configuration information, and for this configuration information, it is also necessary to add in the present configuration process, so if there is configuration update information, the electronic device corrects the first configuration information template based on the configuration update information.
For example, the staff a is a common staff, and the corresponding rights originally include a rights, b rights and c rights, but since the company specifies the change, the rights of the common staff are required to be removed after the specified change, and at this time, the configuration information needs to be updated, that is, the electronic device obtains the configuration update information, so that the c rights are removed.
As an alternative implementation manner of the embodiment of the present application, before correcting the first configuration information template based on the second configuration information, the method further includes: sorting the history configuration information according to a time sequence; extracting the history configuration information of the last time and taking the extracted history configuration information as third configuration information; judging whether the third configuration information has configuration information different from the second configuration information; if the configuration information exists, extracting configuration information which is different from the third configuration information and the second configuration information, and taking the extracted configuration information as fourth configuration information; the second configuration information is modified based on the fourth configuration information.
Before correcting the first configuration information template based on the second configuration information, the electronic device sorts the history configuration information according to time sequence, extracts the history configuration information of the last time, takes the extracted history configuration information as third configuration information, judges whether the third configuration information has configuration information different from the second configuration information, if so, the electronic device extracts the configuration information different from the second configuration information, takes the extracted configuration information as fourth configuration information, and then modifies the second configuration information based on the fourth configuration information. The second configuration information accords with the same configuration information in the configuration information of the second user information, and modification possibly exists, so that the configuration information of the previous configuration information cannot be obtained, the last historical configuration information needs to be extracted, and then the configuration information after modification is obtained through comparison, and the second configuration information is modified based on the configuration information.
As an alternative implementation of the embodiment of the present application, before modifying the second configuration information based on the fourth configuration information, the method further includes: obtaining peer configuration information; judging whether the fourth configuration information comprises override configuration information or not based on the peer configuration information; the peer configuration information is all configuration information corresponding to the second user information, and the override configuration information is configuration information exceeding the peer configuration information; and if the fourth configuration information comprises the override configuration information, deleting the override configuration information in the fourth configuration information.
Before the electronic device modifies the second configuration information based on the fourth configuration information, the electronic device acquires peer configuration information, then judges whether the third configuration information comprises override configuration information based on the peer configuration information, and if the fourth configuration information comprises override configuration information, deletes the override configuration information in the fourth configuration information.
For example, the peer configuration information may be the authority that the general staff of the a department should have, and the override configuration information may be the authority of the management layer of the a department, or may be the authority that the general staff of the B department should have, that is, the override configuration information is a part exceeding the authority that the staff should have.
Based on the above description, it is known that, before the second configuration information is modified based on the fourth configuration information, if the override configuration information exists, the override configuration information in the fourth configuration information is deleted. Since the former person has a certain authority for the configuration operation of the former person, there is override configuration information, but it is not common for other persons, so that it is necessary to delete override configuration information, thereby reducing the operation steps of the administrator at the time of operation.
As an optional implementation manner of the embodiment of the present application, after acquiring the configuration modification information and configuring the second user information based on the configuration modification information, the method further includes: obtaining peer configuration information; judging whether the configured second user information comprises override configuration information or not; the peer configuration information is all configuration information corresponding to the second user information, and the override configuration information is configuration information exceeding the peer configuration information; and if the override configuration information is included, synchronizing the second user information to the auditing user.
After the configuration modification information is obtained and the second user information is configured based on the configuration modification information, the electronic device obtains the peer configuration information, then judges whether the configured second user information comprises the override configuration information, namely judges whether the second user information comprises a part exceeding the personnel's own weight, if the second user information comprises the override configuration information, the second user information is synchronized to the auditing user, and the second user information needs to be synchronized to the auditing user for auditing due to the existence of the override configuration information.
Fig. 2 is a block diagram of a user right security management device 700 based on shiro according to an embodiment of the present application, as shown in fig. 2, the user right security management device 700 based on shiro includes:
a first obtaining module 701, configured to obtain login information;
A judging module 702, configured to judge whether the login information has administrator rights; if the login information has the authority of the administrator, the process proceeds to the building module 703;
A building module 703, configured to obtain new information to build first user information;
An acquire binding module 704, configured to acquire employee information and bind the employee information with the first user information;
The establishment perfecting module 705 is configured to establish role information, organize organization information and associate with the first user information based on employee information to perfect the first user information, and take the finished first user information as second user information;
the acquiring configuration module 706 is configured to acquire configuration modification information and configure the second user information based on the configuration modification information.
In this alternative embodiment, shiro-based user rights security management device 700 further includes:
the first acquisition sub-module is used for acquiring a configuration information template before acquiring configuration modification information;
the first screening submodule is used for screening the configuration information template based on the second user information to obtain a first configuration information template;
the first configuration sub-module is used for configuring the second user information based on the first configuration information template.
In this alternative embodiment, shiro-based user rights security management device 700 further includes:
the second acquisition sub-module is used for acquiring history configuration information;
The first judging sub-module is used for judging whether corresponding first configuration information exists in the historical configuration information or not based on the second user information; screening the historical configuration information based on the second user information to obtain all the first configuration information if the first configuration information exists;
A third obtaining sub-module, configured to obtain a first number of first configuration information; if the first quantity is one, correcting the first configuration information template based on the first configuration information; if the first quantity is greater than one, extracting the same configuration information in the first configuration information and taking the extracted configuration information as second configuration information;
And the first correction sub-module is used for correcting the first configuration information template based on the second configuration information.
In this alternative embodiment, shiro-based user rights security management device 700 further includes:
A second judging sub-module for judging whether the configuration update information exists after the first configuration information template is modified based on the second configuration information; if the configuration updating information exists, the first configuration information template is modified based on the configuration updating information.
In this alternative embodiment, shiro-based user rights security management device 700 further includes:
A sorting sub-module for sorting the historical configuration information in time order before modifying the first configuration information template based on the second configuration information;
The extraction sub-module is used for extracting the history configuration information of the last time and taking the extracted history configuration information as third configuration information;
a third judging sub-module, configured to judge whether the third configuration information has configuration information different from the second configuration information; if the configuration information exists, extracting configuration information which is different from the third configuration information and the second configuration information, and taking the extracted configuration information as fourth configuration information;
the first modification submodule is used for modifying the second configuration information based on the fourth configuration information.
In this alternative embodiment, shiro-based user rights security management device 700 further includes:
A fourth obtaining sub-module for obtaining peer configuration information before modifying the second configuration information based on the fourth configuration information;
A fourth judging sub-module, configured to judge whether the fourth configuration information includes override configuration information based on the peer configuration information; the peer configuration information is all configuration information corresponding to the second user information, and the override configuration information is configuration information exceeding the peer configuration information; and if the fourth configuration information comprises the override configuration information, deleting the override configuration information in the fourth configuration information.
In this alternative embodiment, shiro-based user rights security management device 700 further includes:
a fifth obtaining sub-module for obtaining peer configuration information after obtaining the configuration modification information and configuring the second user information based on the configuration modification information;
A fifth judging sub-module, configured to judge whether the configured second user information includes override configuration information; the peer configuration information is all configuration information corresponding to the second user information, and the override configuration information is configuration information exceeding the peer configuration information; and if the override configuration information is included, synchronizing the second user information to the auditing user.
Fig. 3 is a block diagram of an electronic device 800 according to an embodiment of the present application. The electronic device 800 may be a mobile phone, tablet computer, PC, server, etc. As shown in fig. 3, the electronic device 800 includes a memory 801, a processor 802, and a communication bus 802; the memory 801 and the processor 802 are connected by a communication bus 802. The memory 801 has stored thereon a computer program capable of being loaded by the processor 802 and executing the shiro-based user rights security management method as provided by the above-described embodiment.
The memory 801 may be used to store instructions, programs, code sets, or instruction sets. The memory 801 may include a storage program area and a storage managed data area, wherein the storage program area may store instructions for implementing an operating system, instructions for at least one function, instructions for implementing the shiro-based user rights security management method provided in the above embodiment, and the like; the store host data area may store host data and the like involved in the shiro-based user rights security management method provided in the above embodiment.
The processor 802 may include one or more processing cores. The processor 802 performs various functions of the present application and processes the managed data by executing or executing instructions, programs, code sets, or instruction sets stored in the memory 801, invoking the managed data stored in the memory 801. The Processor 802 may be at least one of an Application SPECIFIC INTEGRATED Circuit (ASIC), a digital signal Processor (DIGITAL SIGNAL Processor, DSP), a digital signal processing device (DIGITAL SIGNAL Processing Device, DSPD), a programmable logic device (Programmable Logic Device, PLD), a field programmable gate array (Field Programmable GATE ARRAY, FPGA), a central processing unit (Central Processing Unit, CPU), a controller, a microcontroller, and a microprocessor. It will be appreciated that the electronics for implementing the functions of the processor 802 described above may be other for different devices, and embodiments of the present application are not particularly limited.
Communication bus 802 may include a pathway to transfer information between the aforementioned components. The communication bus 802 may be a PCI (PERIPHERAL COMPONENT INTERCONNECT, peripheral component interconnect standard) bus or an EISA (Extended Industry Standard Architecture ) bus, or the like. Communication bus 802 may be classified as an address bus, a managed data bus, a control bus, or the like. For ease of illustration, only one double arrow is shown in FIG. 3, but not only one bus or one type of bus.
An embodiment of the present application provides a computer storage medium storing a computer program capable of being loaded by a processor and executing the user right security management method based on shiro as provided in the above embodiment.
In this embodiment, the computer storage medium may be a tangible device that holds and stores instructions for use by the instruction execution apparatus. The computer storage medium may be, but is not limited to, an electronic storage device, a magnetic storage device, an optical storage device, an electromagnetic storage device, a semiconductor storage device, or any combination of the preceding. In particular, the computer storage medium may be a portable computer diskette, hard disk, U disk, random Access Memory (RAM), read-only memory (ROM), erasable programmable read-only memory (EPROM or flash memory), podium random access memory (SRAM), portable compact disc read-only memory (CD-ROM), digital Versatile Disk (DVD), memory stick, floppy disk, optical disk, magnetic disk, mechanical coding device, and any combination of the foregoing.
The terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus.
Claims (10)
1. A shiro-based user rights security management method, comprising:
Acquiring login information;
judging whether the login information has the authority of an administrator or not;
if the login information has the administrator authority, acquiring new information to establish first user information;
acquiring employee information and binding the employee information with the first user information;
establishing role information, organization information and association with the first user information based on the employee information to perfect the first user information, and taking the perfect first user information as second user information;
Configuration modification information is acquired and the second user information is configured based on the configuration modification information.
2. The method of claim 1, further comprising, prior to the obtaining the configuration modification information:
Acquiring a configuration information template;
screening the configuration information templates based on the second user information to obtain a first configuration information template;
The second user information is configured based on the first configuration information template.
3. The method according to claim 2, characterized in that the method comprises:
acquiring history configuration information;
judging whether corresponding first configuration information exists in the history configuration information or not based on the second user information;
Screening the historical configuration information based on the second user information to obtain all the first configuration information if the first configuration information exists;
Acquiring a first quantity of the first configuration information;
if the first quantity is one, correcting a first configuration information template based on the first configuration information;
If the first quantity is larger than one, extracting the same configuration information in the first configuration information and taking the extracted configuration information as second configuration information;
And correcting the first configuration information template based on the second configuration information.
4. The method of claim 3, further comprising, after said modifying said first configuration information template based on said second configuration information:
Judging whether configuration updating information exists or not;
And if the configuration updating information exists, correcting the first configuration information template based on the configuration updating information.
5. The method of claim 3, further comprising, prior to said modifying said first configuration information template based on said second configuration information:
Sorting the history configuration information according to a time sequence;
Extracting the history configuration information of the last time and taking the extracted history configuration information as third configuration information;
Judging whether the third configuration information has configuration information different from the second configuration information;
if the configuration information exists, extracting configuration information which is different from the third configuration information and the second configuration information, and taking the extracted configuration information as fourth configuration information;
Modifying the second configuration information based on the fourth configuration information.
6. The method of claim 5, further comprising, prior to said modifying said second configuration information based on said fourth configuration information:
Obtaining peer configuration information;
judging whether the fourth configuration information comprises override configuration information or not based on the peer configuration information;
Wherein the peer configuration information is all the configuration information corresponding to the second user information, and the override configuration information is configuration information exceeding the peer configuration information;
and if the fourth configuration information comprises the override configuration information, deleting the override configuration information in the fourth configuration information.
7. The method according to claim 1 or 5, further comprising, after said obtaining configuration modification information and configuring said second user information based on said configuration modification information:
Obtaining peer configuration information;
Judging whether the configured second user information comprises override configuration information or not;
Wherein the peer configuration information is all the configuration information corresponding to the second user information, and the override configuration information is configuration information exceeding the peer configuration information;
and if the override configuration information is included, synchronizing the second user information to the auditing user.
8. A shiro-based user rights security management apparatus, comprising:
the first acquisition module is used for acquiring login information;
the judging module is used for judging whether the login information has the authority of an administrator or not; if the login information has the administrator authority, transferring to an establishment module;
The building module is used for obtaining the new information to build the first user information;
The binding module is used for obtaining employee information and binding the employee information with the first user information;
The establishment perfecting module is used for establishing role information, organization information and association with the first user information based on the employee information so as to perfect the first user information, and taking the perfected first user information as second user information;
And the acquisition configuration module is used for acquiring configuration modification information and configuring the second user information based on the configuration modification information.
9. An electronic device comprising a processor coupled to a memory; the processor is configured to execute a computer program stored in the memory to cause the electronic device to perform the method of any one of claims 1 to 7.
10. A computer readable storage medium comprising a computer program or instructions which, when run on a computer, cause the computer to perform the method of any of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410841350.4A CN118395418A (en) | 2024-06-27 | 2024-06-27 | Shiro-based user permission security management method and device, electronic equipment and medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410841350.4A CN118395418A (en) | 2024-06-27 | 2024-06-27 | Shiro-based user permission security management method and device, electronic equipment and medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN118395418A true CN118395418A (en) | 2024-07-26 |
Family
ID=92007977
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202410841350.4A Pending CN118395418A (en) | 2024-06-27 | 2024-06-27 | Shiro-based user permission security management method and device, electronic equipment and medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN118395418A (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109104412A (en) * | 2018-07-13 | 2018-12-28 | 万翼科技有限公司 | Account right management method, management system and computer readable storage medium |
| CN112491987A (en) * | 2020-11-16 | 2021-03-12 | 珠海格力电器股份有限公司 | User permission configuration method, device, server and configuration system |
| US20210224412A1 (en) * | 2017-08-17 | 2021-07-22 | Ping An Technology (Shenzhen) Co., Ltd. | User permission data query method and apparatus, electronic device and medium |
| CN116300634A (en) * | 2023-03-27 | 2023-06-23 | 广东物宇智联科技有限公司 | Building energy-saving control method, device, equipment and storage medium |
| CN117176415A (en) * | 2023-09-01 | 2023-12-05 | 中国联合网络通信集团有限公司 | Cluster access method and device, electronic equipment and storage medium |
-
2024
- 2024-06-27 CN CN202410841350.4A patent/CN118395418A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20210224412A1 (en) * | 2017-08-17 | 2021-07-22 | Ping An Technology (Shenzhen) Co., Ltd. | User permission data query method and apparatus, electronic device and medium |
| CN109104412A (en) * | 2018-07-13 | 2018-12-28 | 万翼科技有限公司 | Account right management method, management system and computer readable storage medium |
| CN112491987A (en) * | 2020-11-16 | 2021-03-12 | 珠海格力电器股份有限公司 | User permission configuration method, device, server and configuration system |
| CN116300634A (en) * | 2023-03-27 | 2023-06-23 | 广东物宇智联科技有限公司 | Building energy-saving control method, device, equipment and storage medium |
| CN117176415A (en) * | 2023-09-01 | 2023-12-05 | 中国联合网络通信集团有限公司 | Cluster access method and device, electronic equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107465692B (en) | Unified user identity authentication method, system and storage medium | |
| CN110659053A (en) | Program updating method, device, storage medium and electronic equipment | |
| CN112217902B (en) | Firewall data synchronization method and device | |
| US20170177316A1 (en) | Mobile application deployment for distributed computing environments | |
| CN110213290A (en) | Data capture method, API gateway and storage medium | |
| US10162619B1 (en) | Fleet-wide management of software packages | |
| CN112947986A (en) | Multi-version code sign-in control method and device, client and storage medium | |
| CN111274204B (en) | Terminal identification method, method for generating mobile equipment identification combined code and device thereof | |
| CN110737458A (en) | code updating method and related device | |
| CN113821249A (en) | Project development configuration method and device, electronic equipment and readable storage medium | |
| CN118395418A (en) | Shiro-based user permission security management method and device, electronic equipment and medium | |
| CN105430115A (en) | Method and apparatus for optimizing IP (Internet Protocol) library and computing device | |
| CN111324373B (en) | Method and device for sub-coding warehouse on multiple engineering files and computing equipment | |
| CN116743762A (en) | Service registration cluster flow switching method, flow switching device and storage medium | |
| CN108595924B (en) | Business authority management method and device, computer equipment and storage medium | |
| CN110659281B (en) | Hive-based data processing method, hive-based data processing device, computer equipment and storage medium | |
| CN114564211A (en) | Cluster deployment method, cluster deployment device, equipment and medium | |
| CN114115933A (en) | Method, system, device, electronic equipment and medium for software upgrading | |
| CA3021992C (en) | Configuration data as code | |
| US11050621B2 (en) | Client, server and differential upgrade method | |
| CN111124467B (en) | Authority role display method, system, computer equipment and readable storage medium | |
| CN111723007A (en) | Test case merging method, system, equipment and medium | |
| CN112039683A (en) | Service hosting method, system and storage medium | |
| CN116680277B (en) | Information verification method, device, equipment and storage medium | |
| CN116050375B (en) | Policy file similarity comparison method, device and system and electronic equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |