| With the popularization of Internet, the information security problem, which arises from the resource share, becomes more and more serious. How to judge the validity of login user and how to provide corresponding access control mechanism which confines users' behaviors or actions are primary problems. It is credible to associate authentication technologies with access control technologies in the security of information system.The paper studied the application of multi-authentication and RBAC in the Web security deeply.Firstly, the paper introduced some corresponding technologies,including access control technologies,authentication technologies,encryption and J2EE.Then the function demands of security management system is described in the paper, and based on that, the paper designed system architecture,authentication module and authorization module detailedly.The security management system applied the J2EE N-Tier architecture, which enforces the systemic expandability on level of architecture. Authentication module applied authentication technology based on passwords and digital certificates, and it also provided integration capabilities for other authentication module;RBAC Access Control model was referred to implement the security management system's authorization, which supports the changes of users'permission dynamically to implement users'duty separation.Finally, the paper introduced the implemention of the core functions on the security management system and tested it comprehensively.The final production of the study is the design and implementation of the security management system based on J2EE which integrates with Multi-Authentication and RBAC. The system can provide the service of Web applications with different levels of authentication and authorization. The production of this study had already been put into use and showed good result. |
PDF Full Text Request