【作者】 马林；

【导师】 黄文培；

【作者基本信息】 西南交通大学 ， 密码学， 2007， 硕士

【摘要】 企业级应用是指那些为商业组织、大型企业而创建并部署的解决方案及应用。一个理想的企业级应用系统平台应该具备体系的合理性、灵活性，升级的便捷性和良好的安全性。J2EE(Java 2 Platform Enterprise Edition)是一个基于JAVA2平台独立的、可移植的、多用户的、安全的企业级平台。J2EE本身是一个标准，而不是现成的产品，它克服了传统Client/Server模式的弊病，迎合Brower/Server架构的潮流，简化企业级应用的开发、管理和部署。伴随着J2EE的发展，时下也出现了许多基于J2EE体系的第三方框架。这些第三方框架一般都专注于某一具体功能面的实现，所以在开发企业级应用的时候，适当选择一些框架作为基础组件来负责事务、安全等功能，自己则只负责业务逻辑的设计开发是一种有效的开发方式。Acegi是一个基于Spring AOP技术的安全框架，它独立于系统业务逻辑，可以灵活地为系统部署安全服务。Acegi可以与大多数Web框架无缝集成，因此它可以方便地搭建在基于J2EE的企业级系统框架之上，为系统提供认证授权等方面的服务。基于以上，本文针对实际的企业级系统项目“ITBOSS”主要作了如下工作：1、介绍J2EE体系架构及第三方框架Struts、Spring。2、分析了基于角色访问控制(RBAC)的实现及其特性，扩展了RBAC模型使其支持数据权限的控制。3、详细介绍了AOP机制，研究了基于Spring AOP的Acegi系统安全框架的搭建。4、提出并实现了对Acegi安全框架进行面向数据库的移植，扩展其应用的通用性。更多还原

【Abstract】 Enterprise applications refers to applications and solutions that deployed for commercial organizations and large enterprises. An ideal enterprise applications platform should be upgrading easily, reliable, safe, and have a flexibility architecture.J2EE(Java 2 Platform Enterprise Edition)is an architecture that defined the standard for developing Platform independent, transplantable, multi-user and secure enterprise applications. It use B/S model instead of C/S model, simplifies the maintenance and deployment of enterprise applications. Along whit the development of J2EE, many open-source framekworks emerge which are focus on specific aspect in system, such as transaction, security etc. We can only concentrate on development of business logic.Acegi is a framework based on Spring AOP technology, it works independently against business logic of the system and can provide security services deployed. Acegi can be intergrated with mass Web frameworks perfectly. So we can establish Acegi security syste in the enterprise system based J2EE and provide authentication service and authorization service.The main work is as follows:First, introduce the J2EE architecture and two open-source framework: Struts and Spring.Secondly, having been research some available information access control strategies, especially RBAC. We improve the RBAC model so that it can be suitable for data permission access control.Thirdly, we introduce the AOP in detail and the Acegi Security framework which is based Spring AOP.Finally, we adopt the Acegi Security framework, and extend its functions, as a result we make the Acegi can work with its config build on a database.更多还原