【作者】 陈丹丹；

【导师】 饶文碧；

【作者基本信息】 武汉理工大学 ， 计算机应用技术， 2008， 硕士

【摘要】 访问控制是网络安全防范和保护的主要策略,它的主要任务是保证网络资源不被非法使用和访问。传统的访问控制已经不能满足日益增长的安全性需求。基于角色的访问控制(RBAC)通过引入角色的概念,将用户映射为在一个组织中的某种角色,将访问权限授权给相应的角色,根据用户在组织内所处的角色进行访问授权与控制,有效整合了传统访问控制技术的优势,又克服了他们的不足,使执行企业保护策略的过程更加灵活,并为管理员提供了一个更好的实现安全政策的环境。本文以RBAC模型为基础,采用Spring框架,结合ibatis技术,设计并实现了一个能提供完整的用户身份认证和集中的应用授权体系的权限管理组件。论文主要工作包括:1.具体分析RBAC模型,结合Spring和ibatis技术在组件开发中的优势,设计了一个通用的、安全的组件应用框架。基于此框架和RBAC模型,对组件功能模块、访问控制和数据库进行详细设计。2.采用Spring框架,结合ibatis技术,开发实现了组件持久层、业务层和控制层。由于Spring与多种框架(例如Struts,JSF)相互整合,业务层提供的接口可以供不同的外部应用程序调用,从而实现组件的通用性。3.基于Spring框架的拦截机制,实现用户身份验证和权限验证。运用信息摘要散列算法(MD5)实现用户登录口令加密传输以防止窃听,并进行数据库口令数据加密保存,实现组件安全机制,有效地完成了访问控制、传输加密、数据库加密的整合。4.结合具体的项目,将权限管理组件应用到某电视台的后台管理系统中。论文设计实现的权限管理组件已成功运用在某电视台后台管理系统中。实践表明,该组件具有通用性好、授权灵活、安全性强的特点。更多还原

【Abstract】 The access control is the main strategy of the network security guard and protection, which guarantees that the illegal use can not visit the network resources.It is one of the most important core strategies of guaranteeing network security. The traditional access control can not meet the increasingly secure need. The Role-Based Access Control(RBAC) technique introduces the role concept. Owing to ’role’, RBAC makes user image a certain role and executes access control based on a user’s role in an organization, which effectively overcomes the shortages of traditional access control technique. It can make the process of executing specific policy of protection more flexible, which provides a better environment to implement policy of security for the administrator.Based on the RBAC model and takeing Spring framework and ibatis technique, the thesis designs and realizes the privilege management component,which can provide a complete user identification authentication andthecentralized application authorization system. The main work of thesis including:1. Analysing the RBAC model, combing the superiority of Spring and ibatis technique in component development, designing the versatile and secure component application framework. Based on the framework and RBAC model,carrying on the detailed designs for the function modules, access control and database.2. Narrating the implementation process of persistence layer and business layer and control layer of the privilege management component. Based on the Spring framework intergrated with many kinds of frames (e.g. Struts,JSF), the business layer can also provide interfaces for different exterior application procedure to transfer,and realize the versatility of component.3. Based on the Spring framework interceptor mechanism, designing and implementing the user identification authentication and the authorized authentication. In order to prevent the interception,making use of Message Digest 5(MD5) to encrypt user password transmission,and making encrypted password preserved in database, implementing the secure mechanism,effectively finishing the conformity of the access control, the transmission encryption, the database encryption.4. Combining the practical project, applying the privilege management component to the backstage management system of television station.The privilege management component designed and implemented by the thesis, has been successfully applied to the backstage management system of television station.The practice proves that the component has good versatility,flexible anthorization and strong security.更多还原