【摘要】：在互聯(lián)網(wǎng)高速發(fā)展的今天,大量企業(yè)開始發(fā)展其信息化建設(shè),企業(yè)級(jí)Web系統(tǒng)的應(yīng)用日趨廣泛,而J2EE作為企業(yè)Web系統(tǒng)中使用最頻繁的技術(shù)之一,其安全問題自然受到高度關(guān)注。在Web系統(tǒng)的安全體系中,訪問控制起著舉足輕重的作用,故本文針對(duì)基于J2EE平臺(tái)的Web系統(tǒng)的訪問控制安全問題進(jìn)行研究與實(shí)現(xiàn)。 本文首先分析了企業(yè)Web系統(tǒng)面臨的安全問題,指出對(duì)于內(nèi)網(wǎng)中的Web系統(tǒng),各類惡意攻擊可以忽略,故系統(tǒng)的權(quán)限管理成為安全研究的重點(diǎn)問題。然后結(jié)合作者研究生期間的J2EE Web開發(fā)經(jīng)驗(yàn),分析了J2EE的各主要組件及其安全機(jī)制,并重點(diǎn)研究了訪問控制模型,在大量研究國(guó)內(nèi)外的訪問控制模型的設(shè)計(jì)與實(shí)現(xiàn)方式的基礎(chǔ)上,分析了幾種模型間的聯(lián)系與區(qū)別,確定了以基于角色的訪問控制為主要研究方向進(jìn)行本文的研究。接下來結(jié)合Spring框架,使用IOC技術(shù)為系統(tǒng)解耦,通過Spring Security內(nèi)置的訪問控制模塊,擴(kuò)展J2EE的訪問控制功能,設(shè)計(jì)模型進(jìn)行Web系統(tǒng)中用戶的訪問控制管理,使得Web系統(tǒng)具有針對(duì)多角色多用戶的訪問控制能力。 本文對(duì)作者在北京郵電大學(xué)ANM研究中心參與開發(fā)的前臺(tái)訪客智能服務(wù)管理系統(tǒng)的進(jìn)行了基本介紹,并分析了其應(yīng)用訪問控制模型的場(chǎng)景,對(duì)已有系統(tǒng)框架及數(shù)據(jù)庫(kù)進(jìn)行改進(jìn),在系統(tǒng)上設(shè)計(jì)實(shí)現(xiàn)了基于角色的訪問控制功能,完成了對(duì)系統(tǒng)的擴(kuò)展升級(jí),為J2EE Web系統(tǒng)訪問控制功能的二次開發(fā)提供了很好的經(jīng)驗(yàn)借鑒。
[Abstract]:Today, with the rapid development of Internet, a large number of enterprises begin to develop their information construction, and the application of enterprise Web system is becoming more and more extensive. As one of the most frequently used technologies in enterprise Web system, the security problem of J2EE is naturally highly concerned. Access control plays an important role in the security system of Web system, so this paper studies and implements access control security of Web system based on J2EE platform. This paper first analyzes the security problems faced by enterprise Web systems, and points out that all kinds of malicious attacks can be ignored for Web systems in the intranet, so the privilege management of the system becomes a key issue in security research. Then, based on the J2EE Web development experience of the author's graduate students, the main components and their security mechanisms of J2EE are analyzed, and the access control model is studied emphatically, based on the research on the design and implementation of the access control model at home and abroad. The relationship and difference between several models are analyzed, and the role-based access control is chosen as the main research direction of this paper. Then combining with Spring framework, using IOC technology to decouple the system, extending the access control function of J2EE through the access control module built into Spring Security, and designing a model for user access control management in Web system. The Web system has the ability of access control for multi-role and multi-user. In this paper, the author introduces the intelligent service management system of front desk visitor in the ANM Research Center of Beijing University of posts and Telecommunications, analyzes the scene of its application access control model, and improves the existing system framework and database. The role-based access control function is designed and implemented on the system, and the extended upgrade of the system is completed, which provides a good experience for the secondary development of the J2EE Web system access control function.
【學(xué)位授予單位】：北京郵電大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2014
【分類號(hào)】：TP393.08

【參考文獻(xiàn)】

相關(guān)期刊論文 前6條

1 陳繼明,宋順林;根據(jù)任務(wù)和角色進(jìn)行Web訪問控制[J];江蘇大學(xué)學(xué)報(bào)(自然科學(xué)版);2003年04期

2 沈海波,洪帆;訪問控制模型研究綜述[J];計(jì)算機(jī)應(yīng)用研究;2005年06期

3 黃毅;李麗娟;;基于RBAC模型中角色繼承關(guān)系的改進(jìn)[J];科學(xué)技術(shù)與工程;2010年04期

4 羅耀;;Acegi的應(yīng)用研究[J];科協(xié)論壇(下半月);2008年08期

5 景棟盛;楊季文;;一種基于任務(wù)和角色的訪問控制模型及其應(yīng)用[J];計(jì)算機(jī)技術(shù)與發(fā)展;2006年02期

6 趙秀鳳;郭淵博;;一種基于角色和任務(wù)的訪問控制模型[J];微計(jì)算機(jī)信息;2007年33期

，

本文編號(hào)：2229175