点击上面课题下载设计演示录像(建议用电脑用爱奇艺万能播放器看录像)
概要
管理信息系统是一个复杂的人机交互系统,其中每个具体环节都可能受到安全威胁。构建强健的权限管理系统,保证管理信息系统的安全性是非常重要的。权限管理系统是管理信息系统中代码重用性最高的模块之一。任何多用户的系统都不可避免的涉及到相同的权限需求,都需要解决实体鉴别、数据保密性、数据完整性、防抵赖和访问控制等安全服务(据ISO7498-2)。例如,访问控制服务要求系统根据操作者已经设定的操作权限,控制操作者可以访问哪些资源,以及确定对资源如何进行操作。目前,权限管理系统也是重复开发率最高的模块之一。在企业中,不同的应用系统都拥有一套独立的权限管理系统。
本文首先介绍了权限管理的背景及要研究的主要内容,并针对当前所流行的各种权限管理模型所存在的缺陷引出基于角色访问控制的,采用J2EE架构的多层体系结构的权限管理的优势所在。然后又介绍了基于角色的权限管理的有关概念及原理,以及基于角色的访问控制RBAC模型的设计思想,接着详尽的做了需求分析,并给出方案,最后详细的说明了基于角色的权限管理系统的设计与实现过程。
本系统采用当今流行的JSP技术,采用MVC三层架构模式,使用Mysql数据库,使用Eclipse工具、Myeclipse插件进行开发。主要实现了应用系统的用户管理,角色管理,模块管理,功能管理,角色控制,功能控制和权限控制访问等功能,基本上满足了基于角色的权限管理的所有要求。
关键词:管理系统;权限管理;基于角色访问控制;RBAC
RBAC Privilege Management System
ABSTRACT
Management information system is a complex man-machine interaction system, each of which may be subject to a specific part of security threats. Permission to build a strong management system, management information systems to ensure security is very important. Rights Management system is a management information system, code reuse, one of the highest in the module. Any multi-user systems are inevitably related to demand the same privileges, all need to address physical identification, data confidentiality, data integrity, anti-repudiation and access control and other security services (according to ISO7498-2). For example, access control service requires system based on the operation of the operator has already set permissions
Control the operator can access what resources, and determine how resources are to operate. At present, the rights management system is also duplication of development efforts, one of the highest rates of module. In the enterprise, different application systems have a separate set of rights management systems.
This paper first describes the rights management background and to study the main content, and for the currently popular models of various rights management shortcomings led to role-based access control, using J2EE architecture, multi-tier architecture for rights management advantages lies.And then introduced the role-based access management with the concepts and principles, as well as the role-based access control RBAC model for design ideas, and then do a detailed needs analysis, and gives the program the last detailed description of the role-based rights management system design and implementation process.
The system uses today’s popular JSP technology, using three-tier MVC pattern, using Mysql database, using the Eclipse tool, Myeclipse plug-in for development. Main achieved application user management, role management, module management, functional management, the role of control, function control and permissions to control access and other functions, basically meeting the needs of role-based rights management with all the requirements.
Keywords: management systems; rights management; role-based access control; RBAC
目 录
附录3 42
