java web权限管理

之前项目采用spring4+security3做的权限管理，采用通用的 用户-角色，角色-资源来管理权限。但是太依赖角色，同时是粗粒度的，决定采用二进制权限管理，自己构建 
   1 依然采用组织概念，但是同时保留用户 
   2 资源可以赋权给组织，也可以赋权给用户，权限区分读写 
   3 用户可以在多个组织 
   4 用户权限覆盖组织权限 
   下面列出2进制权限算法演示 
  

Java代码 <EMBED type=application/x-shockwave-flash pluginspage=http://www.macromedia.com/go/getflashplayer height=15 width=14 src=http://lovelzy.iteye.com/javascripts/syntaxhighlighter/clipboard_new.swf allowscriptaccess="always" quality="high" flashvars="clipboard=%20%20%20%2F%2F%E8%B5%84%E6%BA%90%E9%87%87%E7%94%A8url%E8%A1%A8%E7%A4%BA%0A%20%20%20%E6%8A%8A%E6%89%80%E6%9C%89%E6%8B%A5%E6%9C%89%E7%8B%AC%E7%AB%8B%E6%9D%83%E9%99%90%E7%9A%84%E8%B5%84%E6%BA%90(url)%E5%86%99%E5%85%A5%E6%95%B0%E6%8D%AE%E6%96%87%E4%BB%B6%E4%BE%8B%E5%A6%82mysql%0A%20%20%201%E3%80%81%E6%9D%83%E9%99%90%E5%80%BC%E7%9A%84%E8%AE%BE%E5%AE%9A%0A%20%20%E7%94%A8%E4%BA%8C%E8%BF%9B%E5%88%B6%E6%9D%A5%E8%A1%A8%E7%A4%BA%E6%9D%83%E9%99%90%E5%80%BC%E5%BA%94%E8%AF%A5%E6%98%AF%E6%8C%89%E4%BD%8D%E6%9D%A5%E8%AE%BE%E7%BD%AE%EF%BC%8C%E6%AF%8F%E4%B8%AA%E4%BD%8D%E5%8D%A0%E4%B8%80%E4%B8%AA%EF%BC%8C%E8%A1%A8%E7%A4%BA%E4%B8%80%E7%A7%8D%E6%9D%83%E9%99%90%EF%BC%8C%E5%A6%82%EF%BC%9A%0A%0A%20%20%20%2000000001%E8%A1%A8%E7%A4%BA%E5%8D%81%E8%BF%9B%E5%88%B61%EF%BC%8C%0A%20%20%20%2000000010%E8%A1%A8%E7%A4%BA%E5%8D%81%E8%BF%9B%E5%88%B62%EF%BC%8C%0A%20%20%20%2000000100%E8%A1%A8%E7%A4%BA%E5%8D%81%E8%BF%9B%E5%88%B64%EF%BC%8C%0A%20%20%20%2000001000%E8%A1%A8%E7%A4%BA%E5%8D%81%E8%BF%9B%E5%88%B68%EF%BC%9B%0A%0A%20%20%E4%BE%9D%E6%AC%A1%E7%B1%BB%E6%8E%A8%EF%BC%8C%E6%89%8D%E8%83%BD%E6%B8%85%E6%99%B0%E6%AD%A3%E7%A1%AE%E7%9A%84%E6%A0%87%E8%AF%86%EF%BC%8C%E5%A4%9A%E7%A7%8D%E6%9D%83%E9%99%90%E7%9A%84%E8%B5%8B%E4%BA%88%E5%88%99%E4%BD%BF%E7%94%A8%E2%80%9C%E6%88%96%E8%BF%90%E7%AE%97%E2%80%9D%EF%BC%8C%E6%AD%A4%E6%97%B6%E5%90%84%E4%BD%8D%E6%AF%94%E8%BE%83%E6%B7%B7%E4%B9%B1%EF%BC%8C%E5%A6%8200000011%E8%A1%A8%E7%A4%BA%E5%8D%81%E8%BF%9B%E5%88%B63%EF%BC%8C%E6%AD%A4%E6%97%B6%E5%AE%83%E6%84%8F%E5%91%B3%E7%9D%80%E6%8B%A5%E6%9C%89%E4%B8%A4%E7%A7%8D%E6%9D%83%E9%99%90%E3%80%82%0A%0ALong%20userrolevalue%20%3B%2F%2F%E7%94%A8%E6%88%B7%E7%9A%84%E6%9D%83%E9%99%90%E5%80%BC%EF%BC%8C%E6%A0%B9%E6%8D%AE%E4%BB%96%E5%B1%9E%E4%BA%8E%E7%9A%84%E6%9D%83%E9%99%90%E7%BB%84%EF%BC%8C%E8%BF%99%E4%B8%AA%E5%80%BC%E4%BC%9A%E4%B8%8D%E5%90%8C%0ALong%20oprolevalue%20%20%20%3B%2F%2F%E4%B8%80%E4%B8%AA%E6%93%8D%E4%BD%9C%E7%9A%84%E6%9D%83%E9%99%90%E5%80%BC%EF%BC%8C%E6%A0%B9%E6%8D%AE%E4%BB%96%E5%B1%9E%E4%BA%8E%E7%9A%84%E6%9D%83%E9%99%90%E7%BB%84%EF%BC%8C%E8%BF%99%E4%B8%AA%E5%80%BC%E4%BC%9A%E4%B8%8D%E5%90%8C%0A%0A2%E3%80%81%E6%9D%83%E9%99%90%E7%9A%84%E8%B5%8B%E4%BA%88(%E6%88%96%E8%BF%90%E7%AE%97)%0Auserrolevalue%20%3D%20userrolevalue%20%7C%20oprolevalue%0A%E5%81%87%E8%AE%BE%E4%B8%80%E4%B8%AA%E7%94%A8%E6%88%B7u1%EF%BC%8C%E4%BB%96%E7%9A%84%E5%88%9D%E5%A7%8B%E6%9D%83%E9%99%90%E5%80%BC%E4%B8%BA0(00000000)%E3%80%82%E5%A6%82%E6%9E%9C%E8%A6%81%E6%8C%87%E5%AE%9A%E4%BB%96%E6%9C%89%E7%BB%8F%E7%90%86%E7%9A%84%E6%9D%83%E9%99%90%EF%BC%8C%E7%BB%8F%E7%90%86%E7%9A%84%E6%9D%83%E9%99%90%E5%80%BC%E4%B8%BA4(00000100)%2C%E5%9C%A8%E7%AC%AC%E4%B8%89%E4%B8%AA%E4%BA%8C%E8%BF%9B%E5%88%B6%E4%BD%8D%E4%B8%BA1%E3%80%82%0A%E5%BE%88%E6%98%BE%E7%84%B6%EF%BC%8Cuserrolevalue%20%3D%20%200%20%7C%204%20%2C%E5%80%BC%E4%B8%BA4%EF%BC%8C%E5%A6%82%E6%9E%9Cu1%E8%A6%81%E5%90%8C%E6%97%B6%E5%85%B7%E6%9C%89%E6%96%87%E5%91%98%E3%80%81%E4%B8%BB%E7%AE%A1%E3%80%81%E7%BB%8F%E7%90%86%E7%9A%84%E6%9D%83%E9%99%90%E5%91%A2%EF%BC%8C%0Auserrolevalue%20%3D%200%20%7C%201%20%20%2000000000%20%7C%2000000001%20%20%3D%2000000001%0Auserrolevalue%20%3D%201%20%7C%202%20%20%2000000001%20%7C%2000000010%20%20%3D%2000000011%0Auserrolevalue%20%3D%203%20%7C%204%20%20%2000000011%20%7C%2000000100%20%20%3D%2000000111%0A%E8%BF%99%E6%A0%B7%EF%BC%8C%E7%AC%AC1%E3%80%812%E3%80%813%E4%BD%8D%E9%83%BD%E6%98%AF1%E4%BA%86%EF%BC%8C%E7%94%A8%20%E2%80%9C%E6%88%96%E2%80%9D%E7%9A%84%E5%A5%BD%E5%A4%84%E5%B0%B1%E6%98%AF%E5%8F%AA%E6%94%B9%E5%8F%98%E6%8C%87%E5%AE%9A%E4%BD%8D%E7%9A%84%E5%80%BC%EF%BC%8C%E5%A6%82%E6%9E%9C%E7%94%A8%E6%88%B7%E5%B7%B2%E7%BB%8F%E6%9C%89%E4%BA%86%E8%AF%A5%E6%9D%83%E9%99%90%EF%BC%8C%E7%9B%B4%E6%8E%A5%E7%AE%80%E5%8D%95%E7%9A%84%E7%94%A8%E5%8A%A0%E6%B3%95%E6%9D%A5%E5%81%9A%E4%BC%9A%E5%87%BA%E9%94%99%2C%E8%80%8C%E7%94%A8%22%E6%88%96%22%E5%86%8D%E8%B5%8B%E4%BA%88%E4%B8%80%E6%AC%A1%EF%BC%8C%E4%B9%9F%E4%B8%8D%E4%BC%9A%E5%87%BA%E9%94%99%EF%BC%8C%E5%A6%82%E4%B8%8B%EF%BC%9A%0Auserrolevalue%20%3D%207%20%7C%204%20%20%2000000111%20%7C%2000000100%20%20%3D%2000000111%0A%0A3%E3%80%81%E6%9D%83%E9%99%90%E7%9A%84%E9%99%A4%E5%8E%BB(%E6%B1%82%E8%A1%A5%E3%80%81%E4%B8%8E%E8%BF%90%E7%AE%97)%0Auserrolevalue%20%3D%20userrolevalue%20%26%20(~oprolevalue)%0A%E5%81%87%E8%AE%BE%E4%B8%80%E4%B8%AA%E7%94%A8%E6%88%B7u1%2C%E4%BB%96%E7%9A%84%E5%88%9D%E5%A7%8B%E6%9D%83%E9%99%90%E5%80%BC%E4%B8%BA7(00000111)%2C%E8%AF%B4%E6%98%8E%E4%BB%96%E8%83%BD%E5%81%9A%E6%96%87%E5%91%98%E3%80%81%E4%B8%BB%E7%AE%A1%E3%80%81%E7%BB%8F%E7%90%86%E6%9D%83%E9%99%90%E7%BB%84%E6%89%80%E8%83%BD%E4%BD%9C%E7%9A%84%E6%89%80%E6%9C%89%E6%93%8D%E4%BD%9C%E3%80%82%E5%A6%82%E6%9E%9C%E4%B8%8D%E6%83%B3%E8%AE%A9%E4%BB%96%E6%9C%89%E4%B8%BB%E7%AE%A1%E6%9D%83%E9%99%90%E7%BB%84%E8%83%BD%E4%BD%9C%E7%9A%84%E6%93%8D%E4%BD%9C%E5%91%A2%EF%BC%8C%E9%82%A3%E4%B9%88%EF%BC%8C%E5%B0%B1%E8%A6%81%E6%8A%8A%E4%BB%96%E7%9A%84%E6%9D%83%E9%99%90%E5%80%BC%E5%8F%98%E4%B8%BA00000101%EF%BC%8C%E8%80%8C%E4%B8%BB%E7%AE%A1%E6%9D%83%E9%99%90%E7%BB%84%E7%9A%84%E6%9D%83%E9%99%90%E5%80%BC%E6%98%AF00000010%EF%BC%8C%E6%98%BE%E7%84%B6%E7%AE%80%E5%8D%95%E7%9A%84%E7%94%A8%E5%87%8F%E6%B3%95%EF%BC%8C%E8%82%AF%E5%AE%9A%E4%B9%9F%E6%98%AF%E4%B8%8D%E8%A1%8C%E7%9A%84%EF%BC%8C%E4%BD%86%E6%98%AF%E5%85%88%E5%AF%B900000010%E4%BD%9C%E8%A1%A5%E8%BF%90%E7%AE%97%EF%BC%8C%E5%8F%AF%E4%BB%A5%E5%BE%97%E5%88%B011111101%EF%BC%8C%E5%86%8D%E5%90%8C00000111%E4%BD%9C%E4%B8%8E%E8%BF%90%E7%AE%97%EF%BC%8C%E5%B0%B1%E5%BE%97%E5%88%B0%E4%BA%8600000101%EF%BC%8C%E8%BF%99%E6%A0%B7%E5%B0%B1%E5%8F%AA%E5%AF%B9%E7%AC%AC%E4%BA%8C%E4%BD%8D%E4%BD%9C%E4%BA%86%E6%94%B9%E5%8F%98%EF%BC%8C%E4%B8%8D%E4%BC%9A%E5%BD%B1%E5%93%8D%E5%88%B0%E5%85%B6%E5%AE%83%E4%BD%8D%EF%BC%8C%E6%88%91%E4%BB%AC%E7%9A%84%E7%9B%AE%E7%9A%84%E4%B9%9F%E5%B0%B1%E8%BE%BE%E5%88%B0%E4%BA%86%E3%80%82%0A%0A%E5%AF%B9%E4%BA%8E%E4%B8%80%E4%B8%AA%E6%93%8D%E4%BD%9C%EF%BC%8C%E5%93%AA%E4%BA%9B%E6%9D%83%E9%99%90%E7%BB%84%E8%83%BD%E6%93%8D%E4%BD%9C%E5%AE%83%EF%BC%8C%E4%B9%9F%E5%8F%AF%E4%BB%A5%E7%94%A8%E4%B8%8E%E8%BF%90%E7%AE%97%E6%9D%A5%E5%81%9A%EF%BC%8C%E4%B8%8D%E8%AE%A9%E6%9F%90%E4%BA%9B%E6%9D%83%E9%99%90%E7%BB%84%E6%9C%89%E4%BA%9B%E6%93%8D%E4%BD%9C%E7%9A%84%E6%9D%83%E9%99%90%EF%BC%8C%E4%B9%9F%E5%8F%AF%E4%BB%A5%E5%85%88%E6%B1%82%E8%A1%A5%EF%BC%8C%E5%86%8D%E4%BD%9C%E4%B8%8E%E8%BF%90%E7%AE%97%E6%9D%A5%E8%A7%A3%E5%86%B3%E3%80%82%0A%0A4%E3%80%81%E6%9D%83%E9%99%90%E7%9A%84%E9%AA%8C%E8%AF%81(%E4%B8%8E%E8%BF%90%E7%AE%97)%0A(userrolevalue%20%26%20oprolevalue)%20!%3D%200%E8%A1%A8%E7%A4%BA%E6%8B%A5%E6%9C%89oprolevalue%E6%89%80%E8%A1%A8%E7%A4%BA%E6%9D%83%E9%99%90%0A%0A%E3%80%80%E4%BE%8B%E5%A6%82%EF%BC%9A%E7%8E%B0%E6%9C%89%E4%B8%80%E4%B8%AA%E7%94%A8%E6%88%B7User%E7%9A%84%E6%9D%83%E9%99%90%E4%B8%BA6(00000110)%EF%BC%8C%E9%80%9A%E8%BF%87%26(%E4%B8%8E)%E8%BF%90%E7%AE%97%EF%BC%8C%E4%BD%BF%E7%94%A8%E5%85%AC%E5%BC%8F%20%22(User%E7%9A%84%E6%9D%83%E9%99%90%20%26%20%E6%9D%83%E9%99%90%E5%80%BC)%20!%3D%200%22%20%E5%8D%B3%E5%8F%AF%E5%88%A4%E6%96%AD%E6%8B%A5%E6%9C%89%E6%9F%90%E4%B8%AA%E6%9D%83%E9%99%90%E5%80%BC%E8%A1%A8%E7%A4%BA%E7%9A%84%E6%9D%83%E9%99%90----6%20%26%202%20%3D%3D%202%20(00000110%20%26%2000000010%20%3D%3D%2000000010)%EF%BC%8C%E8%A1%A8%E7%A4%BAUser%E6%8B%A5%E6%9C%89%E4%B8%BB%E7%AE%A1%E6%9D%83%E9%99%90%EF%BC%9B6%20%EF%BC%86%204%20!%3D0%20(00000110%20%26%2000000100%20%3D%3D%2000000100)%20%EF%BC%8C%E8%A1%A8%E7%A4%BAUser%E6%8B%A5%E6%9C%89%E7%BB%8F%E7%90%86%E6%9D%83%E9%99%90%EF%BC%9B6%20%26%201%20%3D%3D%200(00000110%20%26%2000000001%20%3D%3D%2000000000)%EF%BC%8C%E8%A1%A8%E7%A4%BAUser%E6%97%A0%E6%96%87%E5%91%98%E6%9D%83%E9%99%90%EF%BC%9B%E3%80%80%E3%80%80%0A%0A%0A%0A%0A%0A" wmode="transparent"> 

1.    //资源采用url表示  

2.    把所有拥有独立权限的资源(url)写入数据文件例如mysql  

3.    1、权限值的设定  

4.   用二进制来表示权限值应该是按位来设置，每个位占一个，表示一种权限，如：  

5.   

6.     00000001表示十进制1，  

7.     00000010表示十进制2，  

8.     00000100表示十进制4，  

9.     00001000表示十进制8；  

10.   

11.   依次类推，才能清晰正确的标识，多种权限的赋予则使用“或运算”，此时各位比较混乱，如00000011表示十进制3，此时它意味着拥有两种权限。  

12.   

13. Long userrolevalue ;//用户的权限值，根据他属于的权限组，这个值会不同  

14. Long oprolevalue   ;//一个操作的权限值，根据他属于的权限组，这个值会不同  

15.   

16. 2、权限的赋予(或运算)  

17. userrolevalue = userrolevalue | oprolevalue  

18. 假设一个用户u1，他的初始权限值为0(00000000)。如果要指定他有经理的权限，经理的权限值为4(00000100),在第三个二进制位为1。  

19. 很显然，userrolevalue =  0 | 4 ,值为4，如果u1要同时具有文员、主管、经理的权限呢，  

20. userrolevalue = 0 | 1   00000000 | 00000001  = 00000001  

21. userrolevalue = 1 | 2   00000001 | 00000010  = 00000011  

22. userrolevalue = 3 | 4   00000011 | 00000100  = 00000111  

23. 这样，第1、2、3位都是1了，用 “或”的好处就是只改变指定位的值，如果用户已经有了该权限，直接简单的用加法来做会出错,而用"或"再赋予一次，也不会出错，如下：  

24. userrolevalue = 7 | 4   00000111 | 00000100  = 00000111  

25.   

26. 3、权限的除去(求补、与运算)  

27. userrolevalue = userrolevalue & (~oprolevalue)  

28. 假设一个用户u1,他的初始权限值为7(00000111),说明他能做文员、主管、经理权限组所能作的所有操作。如果不想让他有主管权限组能作的操作呢，那么，就要把他的权限值变为00000101，而主管权限组的权限值是00000010，显然简单的用减法，肯定也是不行的，但是先对00000010作补运算，可以得到11111101，再同00000111作与运算，就得到了00000101，这样就只对第二位作了改变，不会影响到其它位，我们的目的也就达到了。  

29.   

30. 对于一个操作，哪些权限组能操作它，也可以用与运算来做，不让某些权限组有些操作的权限，也可以先求补，再作与运算来解决。  

31.   

32. 4、权限的验证(与运算)  

33. (userrolevalue & oprolevalue) != 0表示拥有oprolevalue所表示权限  

34.   

35. 　例如：现有一个用户User的权限为6(00000110)，通过&(与)运算，使用公式 "(User的权限 & 权限值) != 0" 即可判断拥有某个权限值表示的权限----6 & 2 == 2 (00000110 & 00000010 == 00000010)，表示User拥有主管权限；6 ＆ 4 !=0 (00000110 & 00000100 == 00000100) ，表示User拥有经理权限；6 & 1 == 0(00000110 & 00000001 == 00000000)，表示User无文员权限；　　  

获取【下载地址】