| With the popularization of Internet, the information security problem, which arises from the resource share, becomes more and more serious. How to judge the validity of login user and how to provide corresponding access control mechanism which confines users' behaviors or actions are primary problems. It is credible to associate authentication technologies with access control technologies in the security of information system.The background of this thesis is a project of cooperative design and management system for a design institute. This paper proposes a project, which supports mutiple authentication mechanism and RBAC for Web application—Pluggable Web Authentication and Authorization System.The paper first introduces some corresponding techologies, includeing access control technologies, authenticator technologies, PAM (Pluggable Authentication Modules) and J2EE platform. Then the function demand is described in the paper, and based on that, a pluggable Web authentication and authorization scheme is desi-gnned, which uses modular design and pluggability to implement authentication systems. This enables us to add a new or replace the existing module without changing any of existing application program. RBAC/Web Access Control model is referred to implement Web application system's authorization , which supports the changes of users'permission dynamically to implement users'duty separation.J2EE components including JAAS, JSP, Servlets, EJB etc. are used in the paper, then the architecture design of JAAS-based Identity Authentication Server is implemented, which includes session manager, safety authenticator etc and the latter is key to implement PAM framework.Besides, authorization module in Web application system is implemented, which includes access controller class, .user manager class, role manager class, permission manager class, block manager class.
|
PDF Full Text Request