An Approach for Specifying Access Control Policy in J2EE Applications

14th Asia-Pacific Software Engineering Conference (APSEC'07) Pub Date : 2007-12-04 DOI:10.1109/APSEC.2007.18

H. Vo, Masato Suzuki

引用次数: 2

Abstract

Most applications based on J2EE platform use role- based access control as an efficient mechanism to achieve security. The current approach for specifying access rule is based on methods of Enterprise JavaBeans (EJBs). In large-scale systems, where a large number of EJBs are used and the interactions between EJBs are complex, direct use of this method- based approach is error-prone and difficult to maintain. We propose an alternative approach for specifying access control policy based on the concept of business function.

查看原文本刊更多论文

J2EE应用程序中指定访问控制策略的一种方法

大多数基于J2EE平台的应用程序使用基于角色的访问控制作为实现安全性的有效机制。当前指定访问规则的方法是基于Enterprise JavaBeans (ejb)的方法。在使用大量ejb并且ejb之间的交互非常复杂的大型系统中，直接使用这种基于方法的方法容易出错并且难以维护。我们提出了一种基于业务功能概念指定访问控制策略的替代方法。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

14th Asia-Pacific Software Engineering Conference (APSEC'07)

自引率

0.00%

发文量