Java Universal Access Control Framework Based On Rbac Research And Design,

With the rapid development of network technology, information security issues become more and more prominent. Access control is the core principal of information security mechanisms; it is a necessary means to protect system from invalid use. In the design process of access control module, developers often experience the same demand, it is necessary to construct a framework to reduce duplication of effort, facilitate the development and maintenance.In the Java development areas, all access control frameworks existed always lack of general availibity, that's a great problem. This master dissertation proposed a general-purpose ccess control framework which based on RBAC model. The framework provides switch ability between a number of authentication module and uses lots of technologies related to information security.The framework does its effort to solve following deficiencies which exists in the existing access control framework: based on the specific application framework or application server, access control system which developed from them is unable to achieve the code migration;based on specific application development model; problems occurred when trying to integrate these rights management system, it is difficult to achieve single sign-on; access control granularity is not enough; model and the actual project decoupling; application interface for configuration is too complex or complicated.Contents of this research paper include: the advantages and disadvantages of three types of access control policies; strong points of the RBAC model and why framework adopt it; PAM Pluggable Authentication Model overview; cryptographic algorithms and security protocols related to access control framework Overview; authentication and authorization process analysis of the JAAS, Spring Security, Jboss SX framework to explain the advantages of their design. At the same time, it analyzes the shortcomings of these frameworks, and tries to improve. On the basis of the theoretical preparation, the overall design and detailed implementation of the framework continues.The overall design of the framework adopts one methodology which prepares the interface firstly, and then detailed to be achieved. It mainly follows these principals: do not rely on a specific application framework or server to support code migration; using a simple Java class to support access to heterogeneous systems; the use of a unified session in order to support single sign-on; to provide the authority to control particle size; using a variety of cryptographic algorithms and agreements to ensure safety; designed to be simple; try to avoid the invasive nature of the principles of the framework. Framework developed a number of interfaces to support the RBAC model and the PAM model. For each core interface, papers have carried out in detail. After the overall design, key parts of access control framework implementation are described. The paper described in detail the implementation process. To facilitate the application developers to use, also discussed the related web support applications and aspect-oriented programming technology.Finally, dissertaion simplely introduces the use of general-purpose access control framework, a code sample is given, analyze its implementation process, and through the experiments, design of general-purpose access control framework is proved to be correct and feasible, with the actual value in the applicaton development.