【摘要】：在互聯(lián)網(wǎng)高速發(fā)展的今天,大量企業(yè)開始發(fā)展其信息化建設(shè),企業(yè)級Web系統(tǒng)的應(yīng)用日趨廣泛,而J2EE作為企業(yè)Web系統(tǒng)中使用最頻繁的技術(shù)之一,其安全問題自然受到高度關(guān)注。在Web系統(tǒng)的安全體系中,訪問控制起著舉足輕重的作用,故本文針對基于J2EE平臺的Web系統(tǒng)的訪問控制安全問題進行研究與實現(xiàn)。 本文首先分析了企業(yè)Web系統(tǒng)面臨的安全問題,指出對于內(nèi)網(wǎng)中的Web系統(tǒng),各類惡意攻擊可以忽略,故系統(tǒng)的權(quán)限管理成為安全研究的重點問題。然后結(jié)合作者研究生期間的J2EE Web開發(fā)經(jīng)驗,分析了J2EE的各主要組件及其安全機制,并重點研究了訪問控制模型,在大量研究國內(nèi)外的訪問控制模型的設(shè)計與實現(xiàn)方式的基礎(chǔ)上,分析了幾種模型間的聯(lián)系與區(qū)別,確定了以基于角色的訪問控制為主要研究方向進行本文的研究。接下來結(jié)合Spring框架,使用IOC技術(shù)為系統(tǒng)解耦,通過Spring Security內(nèi)置的訪問控制模塊,擴展J2EE的訪問控制功能,設(shè)計模型進行Web系統(tǒng)中用戶的訪問控制管理,使得Web系統(tǒng)具有針對多角色多用戶的訪問控制能力。 本文對作者在北京郵電大學ANM研究中心參與開發(fā)的前臺訪客智能服務(wù)管理系統(tǒng)的進行了基本介紹,并分析了其應(yīng)用訪問控制模型的場景,對已有系統(tǒng)框架及數(shù)據(jù)庫進行改進,在系統(tǒng)上設(shè)計實現(xiàn)了基于角色的訪問控制功能,完成了對系統(tǒng)的擴展升級,為J2EE Web系統(tǒng)訪問控制功能的二次開發(fā)提供了很好的經(jīng)驗借鑒。
[Abstract]:Today, with the rapid development of Internet, a large number of enterprises begin to develop their information construction, and the application of enterprise Web system is becoming more and more extensive. As one of the most frequently used technologies in enterprise Web system, the security problem of J2EE is naturally highly concerned. Access control plays an important role in the security system of Web system, so this paper studies and implements access control security of Web system based on J2EE platform. This paper first analyzes the security problems faced by enterprise Web systems, and points out that all kinds of malicious attacks can be ignored for Web systems in the intranet, so the privilege management of the system becomes a key issue in security research. Then, based on the J2EE Web development experience of the author's graduate students, the main components and their security mechanisms of J2EE are analyzed, and the access control model is studied emphatically, based on the research on the design and implementation of the access control model at home and abroad. The relationship and difference between several models are analyzed, and the role-based access control is chosen as the main research direction of this paper. Then combining with Spring framework, using IOC technology to decouple the system, extending the access control function of J2EE through the access control module built into Spring Security, and designing a model for user access control management in Web system. The Web system has the ability of access control for multi-role and multi-user. In this paper, the author introduces the intelligent service management system of front desk visitor in the ANM Research Center of Beijing University of posts and Telecommunications, analyzes the scene of its application access control model, and improves the existing system framework and database. The role-based access control function is designed and implemented on the system, and the extended upgrade of the system is completed, which provides a good experience for the secondary development of the J2EE Web system access control function.
【學位授予單位】：北京郵電大學
【學位級別】：碩士
【學位授予年份】：2014
【分類號】：TP393.08

【參考文獻】

相關(guān)期刊論文 前6條

1 陳繼明,宋順林;根據(jù)任務(wù)和角色進行Web訪問控制[J];江蘇大學學報(自然科學版);2003年04期

2 沈海波,洪帆;訪問控制模型研究綜述[J];計算機應(yīng)用研究;2005年06期

3 黃毅;李麗娟;;基于RBAC模型中角色繼承關(guān)系的改進[J];科學技術(shù)與工程;2010年04期

4 羅耀;;Acegi的應(yīng)用研究[J];科協(xié)論壇(下半月);2008年08期

5 景棟盛;楊季文;;一種基于任務(wù)和角色的訪問控制模型及其應(yīng)用[J];計算機技術(shù)與發(fā)展;2006年02期

6 趙秀鳳;郭淵博;;一種基于角色和任務(wù)的訪問控制模型[J];微計算機信息;2007年33期

，

本文編號：2229175