Realization of permission control system based on Spring Framework application

The spring framework is an excellent multi-tier Java system Framework, and spring itself does not provide security support for the system. Acegi is a security framework based on the spring IOC and the AOP mechanism. In this paper, the interaction between components in the Acegi security framework is discussed, and a security control method based on spring framework is implemented by extending the Acegi database design.

keywords Spring; Acegi; authentication; authorization

Introduction

In recent years, with the rapid development of Internet technology, computer network has been deep into people's work, study and daily life, so how to build a secure Web application has become the hottest topic. Spring is a framework for multi-tier Java application Systems based on the IOC (inversion of Control) and AOP (Aspect oriented Programming) architecture. The spring framework is attracting the attention of more and more developers with its excellent features and is being used in a large number of system development. However, the existing spring framework itself does not provide support for system security by introducing a security framework acegi that can be used in the spring framework, and further researching and expanding the use of Acegi to implement secure user authentication and resource authorization control in the spring framework. At the same time, a feasible solution is given.

Introduction to the Spring framework and ACEGI security framework

1. Spring Framework

The spring framework is an excellent multilayer Java EE System framework developed by Open source, which provides a very lightweight solution for enterprise applications, greatly reducing the difficulty and complexity of application development and increasing the speed of development.

The core of the spring Framework is IOC and AOP. IOC is a design pattern, the IOC model. The IOC model further reduces the coupling between classes, and changes the traditional method of creating objects, and implements a configuration object management method that is managed by the IOC container in the spring framework. The IOC model greatly improves the flexibility of system development and maintenance.

AOP is a programming pattern that focuses on the problem from the cross-section of the system. The traditional object-oriented programming OOP focuses on the problem from the vertical section of the system, with little or no attention to the cross-section of the system, so that OOP is powerless when considering the security, log, transaction and other enterprise services of the system. You can only add similar system service-level code to all related classes. AOP provides a good way to solve system-level service problems. AOP decomposes system services into aspects and provides a declarative system service for classes. Java classes do not need to know the existence of the log service and do not need to consider the relevant code. So, applications written with AOP are loosely coupled, and the reusability of the code improves.

2. Acegi Security Framework

With the spring framework, developers can quickly build well-formed Web applications, but the existing spring framework does not itself provide security-related solutions. The Acegi security framework, also from the open Source community, provides a good solution for securing control of Web applications based on the spring framework. Acegi itself is a security framework that leverages the IOC and AOP mechanisms provided by spring, and it publishes security services as a system-level service in the Java EE platform, in the form of AOP aspect. So with the help of the Acegi security framework, developers can implement a declarative approach to security control in spring enabled applications.

The Acegi security framework consists primarily of security management objects, interceptors, and security control management components. The security management object is the system can carry on the security control entity, the ACEGI framework mainly supports the method and the URL request two kind of security management object; The interceptor is an important part in the Acegi, which realizes the interception of the security control request, and uses different interceptor to intercept the security control request of different security management objects. The security control management part is the actual realization various security control component, carries on the security management and the control to the interception request, the main component includes realizes the user authentication the AuthenticationManager, realizes the user authorization Accessdecisionmanager And the Runasmanager to implement the role transformation. The relationship between security management objects, interceptors, and security control management components is shown in Figure 1.

The application of ACEGI security framework in the spring frame based system

1. Analyze system security Requirements

First, objects that require explicit security control can be business methods and URL resources.

Secondly, we need to further clarify the data persistence form of system identity authentication data and resource authorization information.