Design And Implementation Of The Privilege Management Component Based On RBAC

The access control is the main strategy of the network security guard and protection, which guarantees that the illegal use can not visit the network resources.It is one of the most important core strategies of guaranteeing network security. The traditional access control can not meet the increasingly secure need. The Role-Based Access Control(RBAC) technique introduces the role concept. Owing to 'role', RBAC makes user image a certain role and executes access control based on a user's role in an organization, which effectively overcomes the shortages of traditional access control technique. It can make the process of executing specific policy of protection more flexible, which provides a better environment to implement policy of security for the administrator.Based on the RBAC model and takeing Spring framework and ibatis technique, the thesis designs and realizes the privilege management component,which can provide a complete user identification authentication andthecentralized application authorization system. The main work of thesis including:1. Analysing the RBAC model, combing the superiority of Spring and ibatis technique in component development, designing the versatile and secure component application framework. Based on the framework and RBAC model,carrying on the detailed designs for the function modules, access control and database.2. Narrating the implementation process of persistence layer and business layer and control layer of the privilege management component. Based on the Spring framework intergrated with many kinds of frames (e.g. Struts,JSF), the business layer can also provide interfaces for different exterior application procedure to transfer,and realize the versatility of component.3. Based on the Spring framework interceptor mechanism, designing and implementing the user identification authentication and the authorized authentication. In order to prevent the interception,making use of Message Digest 5(MD5) to encrypt user password transmission,and making encrypted password preserved in database, implementing the secure mechanism,effectively finishing the conformity of the access control, the transmission encryption, the database encryption.4. Combining the practical project, applying the privilege management component to the backstage management system of television station.The privilege management component designed and implemented by the thesis, has been successfully applied to the backstage management system of television station.The practice proves that the component has good versatility,flexible anthorization and strong security.