【作者】 邹霁；

【导师】 陈传波；

【作者基本信息】 华中科技大学 ， 软件工程， 2010， 硕士

【摘要】 科学的发展,技术的进步特别是计算机技术、网络和通信技术的进步和应用,让企业信息化的成本逐步降低,越来越多的企业开始重视信息化建设。企业的可持续发展,规范化管理,以及核心竞争力的提高都离不开信息化。发展中的中小企业,由于资金实力、管理水平等各方面因素,信息化建设的进程大多不能统筹规划,往往分散凌乱,导致各种信息系统的部署环境和运行环境各不相同。这种情况下各个信息系统中往往有重复建设的模块,同样的业务模块却由于平台差异,运行环境的不同而需要反复开发,这是一种资源的浪费,对企业无益。访问控制管理是各信息系统中非常重要的一环,却往往通过代码逻辑复用并结合关系数据库结构的重用来构建到各信息系统中,导致每个信息系统都有自己的访问控制管理模块。对于企业内部信息系统的安全访问和权限控制,不便于进行统一的管理,往往一个员工使用不同的系统要登录不同的账号,获取不同的访问级别,当这种系统越来越多时候,管理这些账号及权限,费时费力且很不方便。合理利用资源建立起一个便于统一管理的访问控制系统,有助于企业的信息化建设和规范管理。通过对以往企业信息系统访问控制管理模块存在的问题进行分析,发现应用面向服务的访问控制系统架构能有效解决模块重复开发带来的资源浪费问题。利用Web服务技术实践面向服务的架构更能提供跨平台的服务特性,是一种低成本、松耦合、易复用的解决方案。实现Web服务的两大主流平台是.NET和J2EE,通过比较两者在实现Web服务特性上的区别并结合项目开发的具体要求,选择了.NET作为系统的实现平台,将以前分布于不同应用系统的访问控制模块从这些应用系统中独立出来,只用一个访问控制系统服务于多套应用系统。并且利用Web服务技术的跨平台特点,可有效地解决不同运行环境下信息系统的数据交互问题,各个信息系统的访问权限,都通过这一个访问控制系统来管理,非常方便。更多还原

【Abstract】 The development of science and technology especially the computer technology, network and communication technology makes the cost of Enterprise Informatization down continually. More and more enterprises begin to make much account of the establishment of informatization. Without informatization, the enterprise’s constant, standardized administraton and promotion of key competitiveness is nothingness.Because of inadequate fund and lack of excellent management, those small and medium-sized developing enterprises frequently can not give a over-all planning during their informatization establishment process. It leads to that the disposition environment and running environment of various information systems are different from each other. In this case, there are many modules which play the same role being established repeatedly. The same function modules have to be developed more than once due to the difference of their running circumstances. That’s a really waste of resources and an unfavorable factors, especially to those small and medium-sized developing enterprises. The management of access control module plays a very important role in the information systems. But it is often built into each information system by multiplexing of business logic or code and database structure, leading to each information system has their own module of access control management. It’s inconvenient for the centralized management of secure access and privilege control.Making rational use of resources to establish an access control system which is convenient for centralized management is necessary to an enterprise’s informatization. According to the analysis of the access control modules in enterprises’s information system, a solution turns up that using a access control architecture based on SOA can solve the problems of the repeating modules develop and waste of resources. In addition, using Web Services technology to implement the architecture based on SOA can provide Cross-Platform performance and the solution is loose coupled, easy to multiplexing and low cost.There’re two primary and efficient platforms to implement the Web Services, J2EE and. NET. By comparing their characteristic feature in implementing Web Services and considering the specific requirement in project practice term,. NET framework was adopted to implement the architecture. It intergrated those modules which were distributed in each information system and using the Cross-Platform performance of Web Services to solve the problem of data exchange between the systems which hava different running circumstances. It’s convenient to use one access control system to manage the access privilege for each system of the enterprise.更多还原