Implement RBAC permission model from 0

Explain RBAC in detail

Role-based access control (Role-based access control) refers to authorizing relevant permissions through the user's role (Role), which realizes more flexible access control. Compared with directly granting user permissions, it is simpler, more efficient, and more efficient. Scalable.

When using RBAC, by analyzing the actual situation of system users, assign them different roles based on common responsibilities and needs. You can grant a user one or more roles, and each role has one or more permissions. This relationship between users-roles and roles-permissions allows us to no longer manage individual users separately. The user can be assigned from the granted role. Inherit the required permissions.

Taking a simple scenario (Gitlab's permission system) as an example, there are three roles in the user system: Admin, Maintainer, and Operator. These three roles have different permissions. For example, only Admin has the permissions to create code repositories and delete code repositories. , other roles are not available.

We grant a user the role of "Admin", and he has the two permissions of "Create Code Repository" and "Delete Code Repository".

The user authorization policy is not directly given for the sake of future scalability. For example, if there are multiple users with the same authority, you must specify the same authority for these users when assigning, and modify the authority of these users one by one when modifying. After we have a role, we only need to set permissions for the role and assign different roles to different users. Afterwards, we only need to modify the permissions of the role to automatically modify the permissions of all users in the role.

For example, if we prepare a code review role that only allows viewing of code, then we only need to add a role "code review" and give it permission to view code, which is very convenient.

To implement the RBAC model, the following entities are generally required:

user

User

The base unit, where all users are stored

Role

Role

Configure the corresponding role for the corresponding user, which is a many-to-many relationship with the user

permission

Permission

Permissions belong to the minimum control judgment basis, and the corresponding permissions are configured for the corresponding roles, so that users with this permission can access the corresponding resources, and there is a many-to-many relationship with roles.

Entity Relationship Description

A many-to-many relationship requires an intermediate table to maintain the relationship. The intermediate tables User-Role, Role and Permission of User and Role require an intermediate table Role-Permission

Scenario example

Let's analyze two specific application scenarios:

There is an existing management system, which is simply divided into two roles: administrator and ordinary user. The administrator has some management rights, but no specific business rights.

Add role

At this time, a new role needs to be added. The main job is to view all the feedback from users, which is similar to the role of customer service. At this time, we only need to add a new role and assign this role to a certain user.

Add permission

For business needs, you can implement the freeze account operation for a user. At this time, you can directly add a permission and configure it to the administrator.

online experience

Using the method of branching, it shows the specific process of completing a SpringBoot RBAC authentication service in vscode, which can be used as the basic template of some background systems, and can be tried step by step in order with branch code.

online documentation

online experience

Back- end source keywords: spring-boot jpa gradle

Front-end source code keywords: vue3 composition vite pinia eslint lint-staged commitlint

Specific process

1- Development environment preparation

1. jdk instructions and installation
2. gradle instructions and installation configuration
3. vscode plugin recommendation

2- Initialize SpringBoot

1. Initialize the spring-boot project, start
2. Open debug mode in vscode to view debugging information

3-Web

1. Add web dependencies, start
2. Add root route interface, start, browser access

4-Detailed explanation of RBAC

1. Analyze the data structure of RBAC
2. Analyze detailed usage

5-JPA and Mysql

1. Create a local database
2. Add JPA and MySQL dependencies and start successfully
3. Design specific Entity
4. Start, view the database

6-API Design

1. Design Restful API interface
2. Interface specification related

7-API Implementation

1. Implement the Controller layer
2. Add API documentation

8-Repo and Service

1. JpaRepository
2. Service
3. Controller for roles and users

9-Security

1. Add Security, access interface
2. login, access interface
3. Complete login authorization authentication
4. login interface
5. Add jjwt dependency

10-Security Authentication and Processing

1. Add latest Security configuration
2. login process
3. Certification process
4. Interface authorization authentication process
5. Add test user data
6. Login and test interface permissions

11 - Many-to-many relationship

1. lazy query
2. Solve circular reference problems
3. With front-end joint debugging

12 - Deployment

1. Create app and database on heroku
2. Deploy the application
3. Deploy the front end in vercel
4. online access