The Research And Implementation Of Security Architecture Based On Rbac Model In Web Application

With development of the global networking and information technology, web applications are also gradually evolving, the demands for security of information system keep increasing. Access control is one of the important security techniques to avoid unauthorized accesses. With access control service, illegal approach of critical resource can be restricted, damages caused by illegal user's intrusions or legal users'inappropriate operations can be avoided.Because of some features of web applications, such as lots of users and data resource, we have encountered many problems, such as decentralization of system control,resource protection and management apart from each other and so on. The traditional access control technology has been unable to meet the needs of web applications'security.This project is one part of long-term financial investment strategies and portfolio system in Silicon Valley of American. Long-term investment strategies and portfolio system combines a variety of investments. Investors can use these different investment strategies to create various portfolios, and execute these portfolios in the system. The system gives the return of the portfolio by analyzing historical data, which provides important suggestions for investors.In this paper we first compared and analyzed three technologies of access control, which are discretionary access control, mandatory access control, and the popular role-based access control (RBAC). Secondly, the thesis specializes in several main models of role-based access control. Thirdly, the thesis gives an expand model of RBAC, which adds user groups, time constraint and dynamic constraint. The extended user groups can make the authorization clear and concise, and also make the permission managements of system reasource hierarchical, fine-grained. The added constraint can make system more safe and effective. In this paper, we comprehensively analyzed the security demands of validfi system, gave a specific outline design and detailed design, and then implemented the system according to different models. We also added CAS technology of single sign-on to achieve the authentication of different systems. With the application of expand model of RBAC to the system, it helped us to reduce the system management costs, simplified the licensing process and improved the efficiency of system resource access, it also maked system more safety and effective.