摘要
基于角色的访问控制是一种传统的软件安全技术;支持Web应用开发的框架技术层出不穷,如struts和spring框架基于MVC设计模式对Web应用进行了有效地解耦合。在这些框架技术下,如何充分使用这些框架带来的优势,实现一种配置灵活、扩展性强、易于维护的访问控制机制成为一个新的挑战。结合AOP、反射、上下文传播、XML技术给出了一种新颖的访问控制实现方法,这种方法能够同基于MVC设计模式的框架有机地结合起来,不仅使访问控制代码集中管理,而且在实现访问控制的同时,保持了原有Web应用的松耦合结构。
Role-based access control is a traditional software security technology;Web application framework technology comes out continually,such as struts and spring,they decouple Web application by MVC design pattern.It is a challenge to make full use of these frameworks,and implement a flexibly configured,scalable and maintainable access control mechanism.We present a novel access control method based on AOP,reflection,context propagation,XML technology.The method can work with MVC framework seamlessly.It not only makes the access control code be centrally controlled,but also keep Web application loose coupled at the same time.
出处
《计算机工程与应用》
CSCD
北大核心
2007年第36期110-113,共4页
Computer Engineering and Applications
基金
国家自然科学基金(the National Natural Science Foundation of China under Grant No.90104020)
国家高技术发展计划(863)(the NationalHigh- Tech Research and Development Plan of China under Grant No.2001AA113020)
国家重点基础研究发展规划(973)(the NationalGrand Fundamental Research 973 Program of China under Grant No.G1999032703)
