This article is participating in “Java Theme Month – Java Development in Action”, see the activity link for details
The opening
This is the fourth day of my participation in Gwen Challenge
In your daily work, you’ll encounter all kinds of demands, some of which are normal and reasonable, some of which are whimsical, and some of which are unheard of.
The product manager says, “Make me a feature that specifies a link page to share with a specific person.”
You ask him, “How do you want to do this? What’s your plan?”
“It’s up to you,” he said. If you can do it.”
PS: If I can’t do it, you can fire me…
Specify the link page to specify who to see
Prerequisite: The user must log in
Since the specified link needs to be specified to open, it is necessary to know who the current user is, that is, the website must require the user to log in, otherwise it cannot jump to the specified link or the blank page will be displayed after jumping.
Effect of illegal
- Unable to jump to the specified link
- Generally, the front-end route controls the connection. If the user accesses the link and does not log in, the system displays a message indicating that the link cannot be redirected. In this case, the browser URL remains the original URL
- A blank page is displayed after a jump
- If the current user is not obtained or is not the current user, the page is blank, and the browser URL is the jumped URL
Design elements
Since links are accessible only to designated users, this means that each link corresponds to one or more users. There will be a one-to-many/many-to-many relationship;
- One-to-many: A link corresponds to multiple accessible users, indicating that multiple users can have the same access link.
- One-to-one: A link can have only one accessible user, indicating that each user’s accessible link is different, but the final destination page is the same.
Way to implement
Stateful implementation
Saves the relationship between a link and a specified user in a data table, for example:
| Accessible link | The user id | The period of validity |
|---|---|---|
| www.baidu.com | 1001, 1002 | 1h |
| www.taobao.com | 1002 | 1h |
In this case, the front end must jump to the target URL, and then request the back-end service to determine whether the login user has access permission.
Advantages:
- Simple and direct, easy to maintain.
- Provides management operations for dynamic change.
Disadvantages:
- The front end needs to interact with the back end and depends on the back end data source.
- Occupies resources, such as network and disk I/O.
Stateless implementation
The methods can be: base interchange, obtruding encryption and decryption, token encryption and decryption, asymmetric encryption and decryption, etc. In short, it is to hide the real target URL by encrypting the target string
- Encrypted url:
Target url? Salt =salt&userId= user id, user ID...&The encryption algorithm= Specifies an encrypted link for the user - Decrypt the url:
Specify an encrypted link for the user&Decryption algorithm=Target url? Salt =salt&userId= user id, user ID...
At front end receives the encrypted url, and then USES the decryption algorithm can get the target url url, at the same time, with the user id can provide check basis after before the jump, jump, if there is no salt, some hackers users can analyze the target url and then add the user id to check the target page by page examination content, So add one more layer of access verification with a salt parameter just to be safe.
Advantages:
- Does not depend on storage services
- Less resource occupation; Can be shared
Disadvantages:
- Complex design and implementation
Stateful implementation + stateless implementation
Based on the above two ways to achieve:
- Stateful – Implementation to do management
- Stateless – implementation of sharing and verification.
The most important thing is to choose according to business and scene. In fact, this function can be made into a general function module. You can comment and leave a message on how to design it.
👍 ❤️ Don’t get lost
The article continues to update every week, you can search wechat “ten minutes to learn programming” the first time to read and urge more, if this article is not bad, feel something if you support and recognition, is the biggest power of my creation, we will see the next article!