| Access Control is an essential part in design and implementation of information systems. Access Control is used to make a restricting to the resource in a software system, so that these resources can only be accessed by the user who has the corresponding privilege. With the rapid development of Internet Technology, B / S model has been developed to be the mainstream, and the information system based on the J2EE platform is increasing.This thesis presents some research results in the implementation of role-based access control (RBAC) with J2EE platform. Role-based access control can reduce the complexity and cost of authorization managements compared with traditional access control method, and the roles can be consistent with the personnel structure in a organization or corporation. This paper summarizes the different access control methods used by current information system, and analyzes the problems existed in those systems. Meanwhile, the paper analyzes the special need of foreigner teacher information management system, which is under J2EE platform. Based on RBAC,the thesis presents SF-RBAC (Simple and Flexible RBAC) model.This model adds conditions to Users-Roles, and introduces the concept of user types to improve the system's security and flexibility, to reduce the complexity for the administration of authorization. This model can be applied to other information systems easily, and has great realistic and reference significance to other information systems on the Privilege Management. Finally,this model is designed and implemented in Foreign Teachers Management Information System. |
PDF Full Text Request