| With the rapid development of network and information technology, it gets manyimportantproblemsinmanagementandinformationsecurity.Thisthesispresentssomeresearch results in the implementation of role-based access control (RBAC) with J2EEplatform. Role-based access control can reduce the complexity and cost ofauthorization managements compared with traditional access control method, and theroles can be consistent with the personnel structure in a organization or corporation.Firstly with the basic knowledge of network security architecture, a access controlsystem should be composed of two modules: authentication module and access controlmodule. Then the RBAC model and the characteristics of J2EE platform is furtheranalyzed, and the paper provides a common and standardized method to apply RBACaccess policy. In the method, use Relational Database to describe the information ofusers, roles, user-role assignment relation and so on. Meanwhile it makes use of theFilter component to realize the function of access control. The technology of XMLisusing as security strategy document. In addition, utilize SHA-1 message digestarithmetic to realize the login password encryption, enforce the arithmetic byintroducing a random number, in order to protect password from packet sniffer.UseJSP/Servlet/JavaScript+Tomcat+MSSQL to design the architecture; the characteristicsof J2EE SecurityModels that is Declarative and Programmatic are integrated together.Theadvantageofthisschemais:easytounderstand,highlystandardized,flexible,easyand ready to extend, task uniformity, independence from OS platform. It is a valuablereference of improving other implementing methods of RBAC. At the end some newresearchdirectionsarepointedout. |
PDF Full Text Request