Research And Implementation Of Single-Sign-On And Privilege Management Based On WEB Application

With the rapid development of enterprise informatization, enterprise Web application has increased, but most Web application in the user model and the security strategy differences, causing the user to access different Web applications need to use a different account to verify the identity of users, not only to bring use problems, there are some security risks, and also increase the enterprise operation cost. From the practical point of view, to solve the above problems, the SSO model several popular research, put forward the Web base on CAS (Central Authentication Server authentication service center) solution of unified identity authentication,we combine with the Shiro security framework to complete the user management role based access control. Successfully solve the problem of multi Web application repeatedly login, increase the degree of coupling between the system, the research contents and results are as follows:(1) Summarizes the research status of single-sign-on technology at home and abroad,and studies the current single-sign-on technology,selects the single sign-on model based on the access ticket,stores the ticket,Implementation of Single - Sign - On Model Base on CAS Protocol for Multi - Web Application.(2) This paper studies the principle of the Shiro security framework and the architecture of the authority management.It integrates the management of role-based access control for users of multiple Web applications,takes the user group as the main body and the visited Web application as the resource to Shiro unified management,the completion of the main access to the resources of the access control,as a model and then to achieve Web-based application rights management.(3) We complete the overall design and system design of Web-based single sign-on and privilege management model,expands the function of CAS,builds the client and server of CAS,realizes single sign-on,single sign-out and embed single sign-on Web application system,and realize the Web-based single-sign-on and rights management platform.(4) We finish the test of core function of Web-based single-sign-on and rights management system and the performance of the whole system.It can meet the requirements of Enterprise Single-Sign-on.