摘要
在任何一个完整的Java Web应用系统的设计与实现中,用户权限管理是一个非常重要的部分。Spring框架是一个开发J2EE应用的优秀框架,但是Spring本身没有提供对系统的安全性支持。Acegi是基于Spring IOC和AOP机制的一个安全框架。分析Acegi安全框架,提出基于Acegi的权限管理方法,并介绍基于此方法的Web系统中权限管理的具体实现。该方法可以为Web应用程序提供URL级的动态认证授权机制,使业务逻辑和安全检查逻辑完全解耦,使Web应用的权限管理机制具有很好的动态性和可扩展性。
In the design and implementation of complete Java Web Application System, permission management was a very important module. Spring Framework was an excellent J2EE application framework, but itself cannot support system security. Acegi was a Security framework based on Spring IOC and AOP. It was analysed Acegi security framework, presented management method based on Acegi and introduced the implementation of the permission management in Web application system based on this method. This method provided a URL level certification and authorization for Web applications. It enabled the business logic and the security checks logic completely decoupled. So the Web application could get a dynamic and extensible permission management mechanism.
出处
《铁路计算机应用》
2008年第6期1-3,共3页
Railway Computer Application
