With the development of web technology and the booming trend of informationization,Information Security(IS) is more worthy of attention. Access control is not only an importantmechanism to guarantee IS, but also a necessary method to achieve system security. So manycurrent web applications cannot exist without access control framework. While therequirements for access control systems have much in common, it is necessary to develop amore general access control framework to reduce unnecessary duplicated workload and makeit easier for development and maintenance.This paper made a detailed research on access control models and did a comprehensivesurvey on JAVA-related access control. And I understand the basic idea and state of the art ofaccess control, I realize that the current access control framework cannot satisfy specificprojects.To aim at the actual needs of the current J2EE projects, this paper proposes an accesscontrol system based on RBAC model. Based on the idea of role-based access control, Iintroduce other related concepts and constraints, design flexible access control mechanismand provide a user-interface for access control system. This system can meet the demand ofJ2EE projects, reduce the workload of developers and facilitate the management andmaintenance work for administrators. |