| At present enterprise application system which has being intense-coupled with authentication and authorization management system doesn't protect it's business method and is lack of dynamic access control and is too hard to management.This paper is devote to solve these problems and do some research as follows.Firstly,the reason why enterprise application system intense-coupled with authentication and authorization management system is that the design between Object-Oriented and Aspect-Oriented does not match.The method called AOP technology is used to separate transverse cutting attention spot;it "weaves" the transverse cutting attention spot into the place where needs it.By intensive study of Aspect-Oriented Programming and the mechanism of Spring to implement AOP, using Object-Oriented Programming coupled with Aspect-Oriented Programming to realize the authentication and authorization management system which can separate transverse cutting attention spot,resolve the intense-coupled problem between the core system and the authentication and authorization management system.Secondly,this paper analyses acegi in deeply,acegi is a security framework based on Spring AOP,it is independent of business logic of the system,provides protection of authentication and authorization for the system and can be integrated with most web framework so that it can be easily used in application based on Java EE and promotes services of authentication and authorization.This paper analyzes the strategy of authentication and authorization,discusses the protection of web reasources and method of business and the problem of acegi in practical applications, in order to resolve these problems this paper designs a authentication and authorization strategy which has dynamic access control.At last,through a practical project development which has used AOP and Acegi successfully realizes our design objective and testifies the security of the authentication and authorization management system. |
PDF Full Text Request