摘要
J2EE环境下的企业级应用中,访问控制系统是其至关重要的组成部分,如何设计一个通用的插件化的访问控制系统成了亟待解决的问题。目前诸多J2EE应用的访问控制/用户权限都是存储在关系数据库中,方便性、安全性和可移植性都存在问题。本文从关系数据库的访问控制存在的问题以及访问控制的安全策略入手,阐述了J2EE环境下基于LDAP的访问控制过滤器“JLD APAccessFilter”的设计与实现。
With more and more extensive application of J2EE Enterprise Applications,how to design an universal and flexible access authorization system is an urgent problem we must solve。At the same time,within most J2EE applications,access authorization system are based on RDBMS,most of these systems are inconvenient、insecurity and untransplantable。This paper first introduces some old access authorization system’s pitfalls as well as the securty policys when desiging access authorization system。Then,it introduces a J2EE access authorization system/filter based on LDAP which named “JLDAPAccessFilter”。
出处
《微电子学与计算机》
CSCD
北大核心
2005年第3期118-120,124,共4页
Microelectronics & Computer
