B / S Information Systems Implementation And Application Of Access Control

With the development of internet technology, the Browser/Server architecture has become the preferred architecture, but the internet's inherent openness of the Browser/Server model in information systems has also brought more security problems. Every multi-users system inevitably involves rights management, entity identification and access control to ensure that only authorized users can access the appropriate system resources. In access control technology of the current information systems, role-based access control model has obtained a wide application. The license management is simplified and the responsibility is clarified by assigning roles to users and giving authority to the roles, thus improves the system manageability.In this thesis, based on the analysis and comparison of multiple access control models, we focus on the role-based access control model applied in B/S information system. It's well known that the simple role assignment to users can not meet the requirement; complexity of the role hierarchy and limitation relationship results in implementation difficulties, and the role is not easy to manage, when the management refers to different types of users and different levels of system resources. The concept of modules is picked up from the functional division of the business. The module and specific operations constitute permission. Here, module division, the size of the module and operation types in access control system can be defined freely according to the requirements of business. Thereby all business functions can be combined with the unified access control. At the same time, the combination of business elements and the role meets the people's natural understanding. The two factors can obtain a more abundant combination, thus reduce the number of required permissions and roles, and avoid the geometric growth under large-scale application. This makes permission set more flexible and convenient, and it is also benefit to the resource control. Moreover, the relationship between interface elements including menus and business modules becomes the foundation to realize the control of functional interface, thus interface elements including menus are also included in the unified access control. Thereby an extended RBAC model based on modules and the combination of roles is proposed in this thesis. The key technologies in this model are investigated. At last, a reasonable, universal and low-cost B/S information system has been designed. It has been applied in many information systems successfully.