Research And Application Of Permission Management For Application Service System Based On Java EE

The vigorous development of application service systems for enterprises has been driven by the rapid development of computer network and communication technology. Permission management is the core mechanism to protect the security of the application service system. Scientific theory is provided by access control model for permission management. RBAC model is a hot spot in the academic research. When it is applied to the application service system, which has complex business logic, large organizations, large number of users and roles, many noticeable problems arise, such as the low efficiency of management, complex authorization, privileges leakage and so on.To overcome the drawbacks of the RBAC model for permission management, the classic access control models is studied on, especially RBAC model and extended model. The inherent characteristics of access control mechanism for application service systems is drilled down to. The concept of tree structure and the constraint domain are introduced to put forward the ARBAC model of tree structure, which is suitable for application service systems. Permission management based on the ARBAC model of tree structure using B/S is designed and implemented. Through the evaluation and analysis for permission management, the correctness, safety and convenience of the ARBAC model of tree structure are verified. The main work is as follows:(1)The RBAC model of tree structure is studied and proposed. In a real scenario, the number of roles is too many to manage. The security hidden trouble is brought by complex inheritance relationship. The traditional role is replaced by the job, which is a type of tree organization nodes. The relationship between ordinary jobs is flat. The RBAC model of tree structure greatly reduces difficulty in permission management, eliminates security risks introduced by inheritance.(2)The ARBAC model of tree structure is proposed, based on the RBAC model of tree structure. Organization concept of the ARBAC02model is improved to understand management scope of administrator on the whole. Organizations, jobs, users in management scope of administrator and the tree relationship between administrators are determined by position of administrator in the tree structure, which makes management for constraint domain simpler.(3) Authentication mechanism of static password and dynamic password based on the IP security domain is proposed. The mechanism not only retains the convenience of static password, but also introduces the security of dynamic password. It is simple and security.(4) Permission management system based on the ARBAC model of tree structure is designed and implemented by using Java EE. The system includes modules such as access control implementation, access control decision, access control policy formulation and so on. The SHA-256encryption algorithm, HTTPS encrypted communication, password complexity checking, passwords regularly updating and other security mechanisms are used to further protect the system security. From evaluation results, we can know that permission management has reached the target.The ARBAC model of tree structure, based on access control structure designed is proposed. Permission management for application service system is implemented by using S2SH open source integration framework of Java EE. From evaluation results, the correctness, effectiveness and intuition of improved model, access control structure, permission management are verified.