| Access Control is used to make a restricting to the resource in a software system, so that these resources can only be accessed by the user who has the corresponding privilege. This paper is to develop a well general access control system, independent of any platforms.This paper chooses and realizes the privilege system role-based based on the further research between discretionary access control, mandatory access control and role-based access control. The application is developed with java language, with its interface encapsulated using Web Service. Having the virtue of Web Service, the application has a well general and independence characteristic.Role-based access control (RBAC) introduces the role into access control, the privilege is assigned to role, then access control can be managed easily by define the role of the user and the inheritance of roles. Although the RBAC model is well accepted, it turns out to have some problems in practice. The paper puts forward two points: first, the resolvent of the user grouped: it is not mentioned on how to organize users instead of including more notations on the controling of resources in RBAC specification, but in actual applications, the duties of all employees are possibly same in a department. Considering this, if we assign the same roles to all employees one by one, the operation of authorization would be fussy. The paper puts forword the thinking of authorization to the user group, which simplifies authorization management. Second, the flexible requirement of authorization to the user in actual applications: in actual applications, one user possibly owns more one privilege than that of another group, so if creating a role alone for the user, when more situations appear, the role would be excessively overflow, and authorization management would be rough-and-tumble. As a result, this paper depends on the role authorization, and assists with direct authorization, which resolves the problem well in actual applications.This paper discusses access control, RBAC, Web Service etc in detail, and develops the privilege management system on the central television station athletics center comprehensive business, after analyzing the business of theapplication's subsystems that have the user management, privilege management, privilege management interface, privilege application system, completes the total design of the system. On the foundation that analysis, research and technology argumentation to each subsystem, this paper completes the need analysis (including description of usercase and the specification explanation of the user interface design), database design, the synoptic design( including the sequence diagram), detailed design(including the class diagram) of each subsystem and coding.Finally, this paper summarizes the research, and puts forward further research work. |
PDF Full Text Request