摘要
针对核心RBAC模型实现B/S企业应用时,没有根据操作特征细化权限控制粒度,缺乏针对细分数据的访问控制问题,提出了一种在操作维度上进行了扩充的细粒度RBAC模型,给出了模型的形式化描述;针对传统企业应用中权限认证逻辑横切业务逻辑的问题,阐述了基于AOP与注解的细粒度RBAC模型实现,模块化了权限认证逻辑,解除了业务逻辑与权限通用服务的耦合,提高了权限管理模块的复用性、可维护性与可扩展性.
According to the shortage of the core RBAC model in implementing B/S enterprise ap- plications without refining permission control granularity based on operating characteristic and lacking of access control for fine-grained data, a fine-grained RBAC model extended in the operat- ing dimensions was presented and a formal description for the model was given. Concerning the problems of existing enterprise applications of the authenticating logic cross-cutting the business logic, the implementation of the fine-grained RBAC model based on AOP and annotation was discussed. This paper modularized the authenticating logic, and decoupled the business logic and the permission common service. Furthermore, we also improved the reusability, maintainability and scalability of permission management module.
出处
《北京交通大学学报》
CAS
CSCD
北大核心
2013年第5期48-52,共5页
JOURNAL OF BEIJING JIAOTONG UNIVERSITY
基金
河南省科技攻关计划项目资助(092102310038)
河南省自然科学基金资助项目(082102210082)
关键词
基于角色的访问控制
细粒度
面向切面的程序设计
注解
切面
role based access control(RBAC)
fine-grained
aspect-oriented programming(AOP)
annotation
aspect
