Absrtact: A design and implementation scheme of privilege management system based on RBAC model is proposed. This paper introduces the multilayer architecture design of Java EE architecture, expounds the design idea of role-based access control RBAC model, and discusses the core object-oriented design model of the privilege management system, as well as the key technologies such as permission access, privilege control and privilege storage mechanism.
Keywords: privilege management system; role; access control; RBAC model; J2ee;ldap
0 Introduction
Management Information System (MIS) is a complex man-machine interaction system, in which every specific link can be threatened by security. It is very important to build a robust authority management system to ensure the security of management information system. The privilege management system is one of the most reusable modules in the management information system. Any multi-user system, which inevitably involves the same permissions requirements, needs to address such security services as entity identification, data confidentiality, data integrity, non-repudiation and access control (according to Iso7498-2). For example, the Access Control service requires the system to control which resources the operator has access to, based on the operational permissions that the operator has set, and to determine how the resource is to be manipulated.
At present, the privilege management system is also one of the most repetitive development modules. In the enterprise, different application systems have a set of independent rights management system. Each set of rights management system only satisfies its own system's authority management need, regardless in the data storage, the privilege access and the authority control mechanism and so on all may be different, this inconsistency has the following drawbacks:
A. System administrators need to maintain multiple sets of rights management systems, duplication of work.
B. User management, organization and other data duplication maintenance, data consistency, integrity is not guaranteed.
C. Because of the different design of the Authority management system, the different concept interpretation, the technical differences, the integration of the rights management system problems, the difficulty of realizing single sign-on is very difficult, but also to the enterprise Construction Enterprise Portal.
Adopt the Unified safety management design idea, standardized design and advanced technology framework system, build a general, perfect, safe, easy to manage, have good portability and extensibility of the rights management system, make the privilege management system really become the core of authority control, in the maintenance of system security plays an important role, is very necessary.
This paper introduces the design and implementation of a privilege management system based on role-based access control RBAC (role-based policies access controls), which is implemented based on the Java EE Architecture technology. and discusses how the application system can access and control the permissions.
1 using Java EE architecture design
Using Java-EE Enterprise platform architecture to build a rights management system. The Java EE architecture integrates advanced software architecture ideas, with the features of Multi-layer distributed Application Model, component-based and reusable components, unified complete model and flexible transaction processing control.
The system is logically divided into four layers: customer layer, web layer, business layer and resource layer.
A. The client layer is primarily responsible for machine interaction. You can have your system administrator access through a Web browser, or you can provide APIs, Web service calls for different business systems.
The B.web layer encapsulates a service that provides the presentation logic for clients accessing the system via the Web.
C. The business layer provides business services, including business data and business logic, that centralize system business processing. The main business management modules include organizational organization management, user management, resource management, rights management and access control in several parts.
D. The resource layer is primarily responsible for data storage, organization, and management. The resource layer provides two implementations: large relational databases (such as Oracle) and LDAP (Light Directory Access Protocol, Lightweight directory accesses protocol) directory servers (such as Microsoft's Active Directory).