基于应用系统权限管理系统的设计与实现
导言构建强大的权限管理系统,确保管理信息系统的安全性在管理信息系统十分主要的。权限管理系统是管理信息系统中可代码重用性最高的模块之一。任何多用户的系统都不可避免的涉及到相同的权限需求,都需求管理实体辨别、数据保密性、数据完整性、防抵赖和访问控制等安全服务。不相同的使用系统都需具有一套独立的权限管理系统。每套权限管理系统都为了本身系统的权限管理需求,不管在数据存储、权限访问和权限控制机制等方面都可能不相同。选用一致的安全管理设计思维,规范化设计和领先的技术架构系统,构建一个通用的、完善的、安全的、易于管理的、有杰出的可移植性和扩展性的权限管理系统,使得权限管理系统真实变成权限控制的核心,在保护系统安全方面发挥主要的效果,是十分必要的。这些年,基于人物的访问控制RBAC(RoleBaseAccess)作为访问控制模型的理想候选,这些年得到了广泛的研究,并以其灵活性、方便性和安全性在很多系统中得到遍及使用,在用户数量较小的状况下,基于人物的访问控制模型不光可以有效地管理信息的存取,并且简化了数据授权与保护的管理程序,提升了数据的安全性,但是,随着网络使用业务复杂度的添加和使用范围的继续扩展,用户和人物数量快速添加,联系变得十分复杂,给用户?人物指使管理提出了巨大挑战。一个有吸引力的管理方案是:基于规则自动指使用户的人物。这个自动指使进程应当基于用户已具有的属性进行。这篇文章谈谈一种基于人物的访问控制RBAC(Role-BasedpoliciesAcceS/SControl)模型的权限管理系统的设计和实现。系统选用基于J2EE架构技术实现。并以评论了使用系统如何进行权限的访问和控制。基于使用系统权限管理系统的设计与实现.doc
(In the introduction, it is very important to build a powerful authority management system to ensure the security of the management information system. Permission management system is one of the most reusable modules in management information system. Any multi-user system inevitably involves the same permission requirements, which require management of security services such as entity identification, data confidentiality, data integrity, non repudiation and access control. Different systems need to have an independent authority management system. Each permission management system is for its own system's permission management requirements, and may be different in terms of data storage, permission access and permission control mechanism. It is very necessary to select consistent security management design thinking, standardized design and leading technical architecture system to build a universal, complete, safe, easy to manage, transplantable and extensible rights management system, so that the rights management system can truly become the core of authority control and play a major role in protecting system security. In recent years, roleBaseAccess (RBAC), as an ideal candidate for the access control model, has been widely studied and widely used in many systems for its flexibility, convenience and security. With a small number of users, the roleBaseAccess model can not only effectively manage information access, but also simplify the management procedures for data authorization and protection, and improve the security of data, However, with the increase of network usage business complexity and the continuous expansion of the scope of use, the number of users and people has increased rapidly, and the contact has become very complex? Personage management poses great challenges. An attractive management solution is to automatically assign users' characters based on rules. This automatic command process should be based on the properties that the user already has. This article discusses the design and implementation of a rights management system based on Role Based Policies AcceS/SControl (RBAC) model. The system is implemented based on J2EE architecture technology. It also comments on how to use the system to access and control permissions.
Design and Implementation of Permission Management System Based on User System.doc)
页:
[1]