The Research Of Plug-in Access Control Filter

Information security becomes more and more important with the popularity of Electronic Commerce, E-government and network, at the same time, because of the universality and the ease-of-use of Web, the Web-based applications are the most representative aspect of Web Network Applications. It is vital to supply security services for Web-based applications.For existing web applications, the system did not consider access control function at the beginning of the developments, or the applications under development need to add or improve the access control function. It will have many problems to add or improve the needed function of access control if we realize it by modifying the web applications.This thesis studies plug-in access control filter, uses the plug-in feature of filter, separates the access control function from Web applications, and makes access control filter supply an independent plug-in service for Web applications.This thesis firstly discusses the web applications,which are based on different development technologies or are deployed on different servers,can use this filter mechanisms such as ISAPI,NSAPI,Servlet Filter,AOP. Secondly it analyses the characteristic of combining the filter mechanism and access control, brings forwards the project of access control filter based on Servlet Filter, adds the content of user session information to expediently implement authorization for any user's access request, supplies transparent and plug-in access control service by combining the Servlet filter and access control service. Then this thesis studies and develops the access control systems based on ISAPI, emphasizes the study of the technique that the filter implements access control function in the process of user's continuance access requests, brings forward a special method through the independent process to create, update session information, uses filter to realize transferring Session ID with Cookie and URL rewriting, combines independent authority service, establishes a integrated access control system. This system not only meets the need of Web applications, and access control service is independent and extendible, and its code maintainability and reusability has been improved greatly. Further more, the thesis also studies the access control filter based on NSAPI, in reference to ISAPI access control systems through an independent process to maintenance user session information, combines the NSAPI characteristics and supplies access control service for the Web applications deployed on Netscape Server.This thesis starts at web applications and theirs application environment, utilizes the filter mechanisms characteristic of different platforms, combines the filters and access control to construct an independent and plug-in access control filters. It can supply an independent,plug-in,extendible service for Web applications without modifying existing applications.