摘要
针对Web系统的特点以及其对用户访问控制的特殊要求,提出了在B/S结构下基于"角色-模块-页面模型"实现用户访问控制的基本思想,并讨论了其具体的实现方法。"角色-模块-页面模型"以传统的RBAC权限管理模型为基础,将模块看作是一系列页面的集合,并以二进制数值来描述角色对各模块的访问权限以及各页面的操作功能,从而将用户对模块页面的操作权限判断转化为一系列的逻辑运算。通过在高速公路机电设备养护系统中的实际应用,表明提出的用户访问控制方法能够很好地满足企业对Web系统用户访问控制的要求,通用性好,扩展性强,配置简单灵活。
Aimed at the characteristic of web system and its special demand in access control,a role-module-page model based fundamental idea of access control in B/S environment is proposed and then its implementation details are discussed.Based on traditional role-based access control model,role-module-page model treats a series of pages as module,describes the role's access permission of each module and the function of each page with binary values,so while the user access the pages,the user authentication can be finished by a series of logical operations.Through practical application in FM2E(maintenance system for freeway mechanical equipments),it indicates that the proposed access control method can satisfy enterprise's demand in access control of web system with good applicability,scalability and flexible configuration.
出处
《计算机工程与设计》
CSCD
北大核心
2010年第7期1433-1436,共4页
Computer Engineering and Design
