| With the rapid development of computer technology, the application of the information management system based on B/S structure becomes more and more widely. As the characteristics of multi-user multi-role in the WEB environments, the traditional passive access control methods with single role-play and rear-mounted access control features have obvious deficiencies, which need an access control method can play an active role in the multiple role-play and interactive dynamic controlled role-play. Therefore, the establishment of comprehensive access control models and the implementation of access control technologies have a very real and important meaning in the field of information security.This paper focuses on research and application of access control technology in the field of information security, based on the research of the basic role-based access control model and its extension and the analysis of the requirements of the active access control, this paper presents a dynamic context-based active access control model. This paper introduces subject context and object context of the model, and focuses on research of the properties, mechanisms and interactions between the two, and explores the dynamic context-based exception handling mechanism and the security log audit mechanism. Meanwhile, this paper adopts and extends the Spring Security technology to achieve this dynamic context-based active access control model, and applies the model and implementation techniques in the development of a scientific management system based on WEB. The application shows that the model has implemented the functions of the proactive security access control based on dynamic context, and ensures the system can be effective accessed with confidentiality and security. |
PDF Full Text Request