摘要
结合基于角色的访问控制的原理,实现了一个基于Struts框架B/S模式的权限管理系统。该系统围绕用户、角色、功能、单位等基本定义以及它们之间的关系进行模块编码,实现了灵活、实用的基于角色的权限管理功能,达到了页面级别的权限控制。利用Struts配置文件,隐藏了系统的文件结构,提高了系统安全性。同时利用过滤器技术,通过重载Filter接口,可有效拦截直接在IE的地址栏中输入内部页面地址的访问。实际应用表明,该系统具有很好的可扩展性和通用性。
An authorization management system was implemented based on struts frame in B/S model with role- based access control theory. The system was coded in module according to, the base definition and relationship of user, role, function and organization. The system could provide a flexible and practical authorization management to control page accessed. The system had some merits in information security by concealing the file structure. In addition, with the filter technique application, someone without permission could not access the page even he knew the inside address and direct wrote in IE column. The practice application showed out the proposal authorization system having good extendable and universal value.
出处
《中国安全生产科学技术》
CAS
2008年第3期110-113,共4页
Journal of Safety Science and Technology
基金
国家"十一.五"科技攻关课题(编号:2006BAK01B03)资助