| In the design of information system, security has always been considered to be important, and it is critical to the survival of the system. The construction of the security system in an enterprise information system has become a significant research field. As a part of the security system, access control is one of the essential technologies guaranteeing the security. Specifically, Role-Based Access Control (RBAC) provides a dynamic and flexible strategy to manage a large amount of data access permissions, thus, it has been widely used in the development of enterprise information system. In addition, as a popular development platform, J2EE's access control system is also role-based, demonstrating some advantages of RBAC in application. Concentrating on the access control technology and its application in the security system of information system, the present thesis has studied the following aspects:With main focus on the access control technology, the thesis presents the general development in the field of information security by exploring the security needs of information system, and analyzing the security problems and technologies, which includes data encryption, intrusion detection, ID authentication, access control, and etc. Besides, the technology of access control has been further studied. Some fundamental concepts of the technology have been introduced, which include the basic elements, essential means, the priciples and model of access control; the related technologies of access control have been analyzed. Further investigation has been conducted on the mechanism of access control in RRAC model and J2EE: with the use of role, RBAC model logically separates users from the access permission, which reduces the complexity of authorization administration, and facilitates the application of the strategy for dynamic and complicated access control; as a role-based security mechanism, the access control mechanism in the J2EE standards ensures the access safety by authorization and authentication.Furthermore, with the above technology and the common technologies in J2EE: the Servlet component technology, JSP component technology, JavaBean and EJB, this thesis analyzes the model of system development, the design of architecture and corpus, and proves the effectiveness and practicability of these technologies in application of enterprise access control.Finally, the thesis compares the differences in J2EE access control mechanism and the strategy of access control in standard RBAC model; taking the characteristics of application in enterprises into consideration, the thesis points out the weakness in J2EE access control mechanism that it does not support the inheritance of restraints among roles and the dynamic management of role permissions.In conclusion, this thesis can provide some useful references for further researches on role-based technologies of access control in the J2EE platform. |
PDF Full Text Request