The Web (web) has been widely applied in application systems of various organizations, such as a government and an enterprise. In these web application systems, it is a very important function that different users are controlled to have different access rights for different resources.
In the prior art, generally there are the following several methods for controlling access right of a user:
1. On a web page, a right element such as a button or a hyperlink can be displayed, and all users can see the right element and initiate an operation. After receiving a request sent by a user, a web server performs right determining according to a URL (uniform resource locator); if the user has no right, the web server intercepts access and returns error information to the user.
In this solution, only after performing an operation, the user can know whether the user has a right, and in the solution, various operation links of a system are exposed to a user who has no right, which may lead to a potential security risk of the system.
In addition, all processing in the solution is completed on the server, which increases processing pressure on the server.
2. An active web technology is used, such as JSP (Java server pages) or ASP (Active Server Page, active server page); on a web page, a segment of code is implanted into each right element, such as a button or a hyperlink; whether these right elements are displayed is controlled by using the implanted code. By implanting the code, a relevant right element is not displayed to a user who has no right.
This solution is relatively complex during implementation and requires a large amount of code to be implanted, and a server is also under too much processing pressure.