Summary of the invention
The safe Java Web that the object of the present invention is to provide a kind of many strategies to support uses page tag library system, this system can provide the fine granularity access control of control level to the Web page elements, has flexible, the compatible Collective qualification service authentication of authentication mode, component design and the strong characteristics of reusability.
The safe Java Web that many strategies provided by the invention are supported uses page tag library system, and it is characterized in that: this system comprises secure log module, safe context service module, policy definition module, Web security server assembly, Web security response maker and safety label storehouse;
Definition has the safety label that a cover can import in the safety label storehouse in various Java Web webpages;
The secure log module is used to provide support to two kinds of login modes-based on the single domain authentication mode of secure log assembly and the compatibility mode of CAS single-sign-on; The secure log module is responsible for authenticating user identification, is validated user by the user who authenticates; The single-sign-on client deployment that the secure log module is controlled is in the defined policy document of policy definition module of managed resource; The safety certification that visit is subjected to the user of the node managed resource of secure log module controls must pass through the single logging-on server end; The secure log module receives the input of user's username and password, authenticates, and produces authentication result, if authentication is passed through, the secure log module sends to safe context service module with this authentification of user by sign according to the page link of user's request;
The safe context service module is used for the identity information of initialization login user, and according to the policy definition modules configured, at different delegated strategies, generate and store corresponding activation Role Information, level of security and managed control access strategy position identifiers, offer relevant Web security server assembly and use;
The policy definition module is used for the responsible set of rule that defines and manage based on the access control of safety label, carry out the setting and the access of corresponding safety rule by policy definition document to the xml form, this module is responsible for providing the access control rule to the crucial control of the managed page, is used to describe the relation between user, role, authority, safe level and these security elements;
Web security server assembly is used to resolve the safety label in safety label storehouse, the various security attributes of the security configuration dynamic load response page of realizing the secure binding of data and provide according to the safe context service module when the request of customer in response end offer Web security response maker with the component states after controlled;
The status information that Web security response maker provides according to Web security server assembly, what the decision respective page was last presents the interface, is corresponding target identification language format with the format conversion of safety label, for browser returns the unified security response page.
The system of said structure can provide the various page-tag that are subjected to safe access control in the system, basically the form of expression that contains all page-tag of JSP tag library, for the developer provides the full access control function in a cover Jian interior, efficient, complete page development tag library.Native system proposes the complete RAD solution of a cover at safety Java Web application and development, comprise that design realizes one group of reusable security component, being used to encapsulate the user interface that has security attribute shows and data access function, the support of corresponding safe Web tag library is provided simultaneously, and utilize the technology of playing up to realize the standard HTML of security component label is resolved, make it to be applicable to the Web development environment of the overwhelming majority.Provide at security component on the basis of security attribute, utilize XML language definition and describe corresponding security strategy deployment document, support access control (RBAC) simultaneously and force access control (MAC) mechanism based on the role, and expansion support by relational database (RDBMS) definition security strategy is provided, realize that a cover is flexibly easily based on the safe access control realization mechanism of assembly granularity.Particularly, the present invention has following advantage:
(1) support quick application and development: the developer only need using system definition tag name define the required various controls of its page as prefix in the page, do not need to develop extra code modules, just can realize the demand of control level access control.And label uses flexibly, and is portable strong.
(2) control level fine granularity protection: the access control granularity of traditional application system that is to say in general nothing more than module level and page-level, and its policy configurations is generally only formulated the user to the visit of module and the user access rule to the page.Native system can provide the fine granularity control of control level, and it is as seen still invisible, available or unavailable to the active user to define control, and for the active user, control should show addressable resource in which extent of competence.
(3) authentication mode is flexible, compatible Collective qualification service (CAS, Central AuthenticationService) authentication: native system provides polytype authentication mode, the user can select to login in the mode of letter of identity in based on the single domain authentication mode of secure log assembly, also can select to login with username and password.Native system compatible CAS authentication does not simultaneously need the developer to do extra programing work, and a plurality of application systems just can be used the single-sign-on between this tag library realization multisystem.
(4) component design, reusability is strong: the design of native system all is based on the assembly exploitation, and each functional module all independently becomes assembly, and reusability is strong.Each module all provides sufficient API for calling, and can adapt to the developer more easily and carry out secondary development according to demand.
Embodiment
The present invention is further detailed explanation below in conjunction with accompanying drawing and example.
As shown in Figure 1, the safe Java Web application page tag library system that provides many strategies to support provided by the invention comprises secure log module 100, safe context service module 200, policy definition module 300, Web security server assembly 400, Web security response maker 500 and safety label storehouse 600.
Safety label storehouse 600 has defined the safety label that a cover can import in various Java Web webpages, by directly in the page, defining the pairing security component of tag library, the developer can quicklook develop the Web application module that satisfies various actual engineering demands for security, be provided with by unique safe ID in policy document simultaneously, can define various safety rules easily based on the control granularity to each safety label.
Secure log module 100 provides simultaneously to the support of two kinds of login modes-based on the single domain authentication mode of secure log assembly and the compatibility mode of CAS single-sign-on.Secure log module 100 is responsible for authenticating user identification, is validated user by the user who authenticates; The single-sign-on client deployment that secure log module 100 is controlled is in the policy definition module 300 defined policy document of managed resource; The safety certification that visit is subjected to the user of the node managed resource of secure log module 100 controls must pass through the single logging-on server end.The present invention can adopt different frameworks to realize single-sign-on: the mode of (1) centralized certificate server: set up centralized certificate server and the single-sign-on client deployment can be realized single-sign-on in each resource website.Server end safeguards that overall user name password table is to realize unified certification.(2) user cipher mapping mode: safeguard user's mapping table in single logging-on server, same user is shone upon in the different user name of different resource website, can realize the single-sign-on function.
Secure log module 100 receives the input of user's username and password, authenticate, produce authentication result, if authentication is passed through, secure log module 100 sends to safe context service module 200 with this authentification of user by sign according to the page link of user's request.
The identity information of safe context service module 200 initialization login users, and according to the configuration of policy definition module 300, at different delegated strategies, generate and store corresponding activation Role Information, level of security and managed control access strategy position identifiers, use for relevant Web security server assembly 400.
Policy definition module 300 is responsible for the set of rule of definition and management " based on the access control of safety label ", carry out the setting and the access of corresponding safety rule by policy definition document to the xml form, this module is responsible for providing the access control rule to the crucial control of the managed page, is used to describe the relation between user, role, authority, safe level and these security elements.
Web security server assembly 400 is used to resolve the safety label in safety label storehouse 600, the various security attributes of the security configuration dynamic load response page of realizing the secure binding of data and provide according to safe context service module 200 when the request of customer in response end offer Web security response maker 500 with the component states after controlled.
The status information that Web security response maker 500 provides according to Web security server assembly, what the decision respective page was last presents the interface, with the format conversion of safety label is corresponding target identification language format (as html tag), finally returns the unified security response page for browser.
The total system flow process comprises as shown in Figure 2:
(1) user profile is managed for configuration, its process comprises:
The user describe flow process to as if the administrator, the administrator is managed for configuration the user with authority by the interface that system provides, idiographic flow is as follows:
(1.1) keeper's login module 100 safe in utilization is inputed the user name password.
(1.2) secure log module 100 is provided by the subscriber identity information that provides in log-on message and the policy definition module 300, if authentication is passed through, then obtain this administrator's details (comprising that the user organizes ID etc.) from policy definition module 300 by secure log module 100, and to its open administrator right (can the user right in this keeper's affiliated web site be described and revise), enter step (1.3), otherwise return login failure information, withdraw from flow process.
(1.3) keeper is by policy definition module 300 configure user information (comprising user name, password, website, user place, user's group etc.), and it is kept in the policy definition document of xml form.The keeper is configured and manages by policy definition module 300 pairs of user profile, subscriber group information and site information, and these configurations are deposited to the policy definition document of xml form the most at last.
(2) according to the various security attributes of the configuration dynamic load response page of policy definition module 300, generate the page that the active user finally sees, its process comprises:
Main body is a Web security response maker 500 in the page flow for displaying.The status information that provides according to respective server assembly 400, the format conversion of the safety label that safety label storehouse 600 is provided is corresponding target identification language html format, and the decision respective page is last presents the interface, and idiographic flow is as follows:
(2.1) developer is when the Web application module of various actual engineering demands for security is satisfied in exploitation, the safety label that definition tag library 600 is provided in the page, be provided with by unique safe ID in policy document simultaneously each safety label, define various safety rules based on the control granularity, these safety rules are written into the policy definition document of xml form by policy definition module 300.
(2.2) Web security response maker module 500 is directly resolved safety labels 600 by Web security server assembly 400, realizes the secure binding of data and the various security attributes of the configuration dynamic load response page control of the corresponding safety rule that provides according to policy definition module 300 when the request of customer in response end.
(2.3) status information that provides according to respective server assembly in the Web security server assembly 400 of Web security response maker module 500, what the decision respective page was last presents the interface, with the format conversion of safety label is corresponding target identification language format (as html tag), finally returns the unified security response page for browser.
(3) provide page-tag security attribute customization function to the developer, its process comprises:
(3.1) page-tag security attribute customization flow process to as if the application system development personnel, the developer at first imports tag library the engineering of exploitation, when the exploitation page, in page order element, state this tag library:<%@taglib uri=" taglibURI " prefix=" tagPrefix " %〉with taglib, wherein uri is used for representing the label descriptor, tell how container finds label description document and safety label storehouse 600, prefx is defined in the prefix of using this label in the JSP page.
(3.2) in the page use<prefix:tag attribute=value.../definition has the page elements of access control function, wherein definition has the role of tag access authority in tag attributes.When having only the active user to have in the tag attributes defined role, could visit this label substance.The role is stored in by policy definition module 300 in the policy definition document of xml form user's assignment information, during user to access pages, by the various security attributes of the managed control of Web security server assembly 400 dynamic load response pages.
(3.3) pass through policy definition module 300 defines user and role in the policy definition document of xml form corresponding relation, the native system compatibility is based on role's access control rule and pressure access control rule.The access control right of various control resources is assigned to the user by the role, the access role of definition control in the control property on the page.The benefit of this mode is: if system is huge, and number of users and page control enormous amount, but role's quantity of user is limited, so just can reduce the complexity of defined policy document in the policy definition module 300 dramatically.In the present invention simultaneously, the user can be organized into user's group, defines the role that user's group is had then, and like this, even number of users is huge, but the quantity of user's group is limited, and the appointment relation that the user organizes the role also can be relatively limited.
Specify the concrete formation that the present invention uses each several part in the page tag library system below for example.
As shown in Figure 3, secure log module 100 comprises SIM system information management module 110, subscriber information management module 120, subscriber group information administration module 130 and user authentication module 140.
SIM system information management module 110 provides the interface of configuration-system information for the keeper.The keeper passes through the registration of the realization of the policy information access module 310 in the policy definition module 300 to resource system on controlled SIM system information management module 110, log-on message comprises: the default subscribers login parameters of the login URL of systematic name, system home page URL, system, the access control policy of system and each connector, as shown in Figure 4.Submit the modification information to system to policy information access module 300 after administrator configurations finishes, configuration and modification information that 350 couples of keepers of XML access management module submit to are preserved.
Subscriber information management module 120 makes the keeper can visit and revise the user profile in institute's configured strategy definition document in the policy definition module 300 for the interface that the keeper provides configure user information.Each system manager obtains the system identifier of own system according to the system name in the SIM system information management module 110, and carry out the configuration (promptly disposing the user that all and keeper have same site ID) of this system user information by subscriber information management module 120, and by policy definition module 300 write-in policies definition document according to this system identifier.User profile specific descriptions method is as follows: each user has user ID, password, rank attributes such as (if graded access controls) in the user message table, as shown in Figure 5.The modification of submitting to user message table to policy information access module 310 by subscriber information management module 120 after administrator configurations finishes, wherein mainly comprise user name, user login code etc., configuration and modification information that 350 couples of keepers of XML access module submit to are preserved.
Subscriber group information administration module 130 provides a description the interface of user's group and user's corresponding informance for the keeper.For the system in a certain exploitation, its number of users may be a lot, and access control policy also may be different, but always having many users has identical authority, such as all same level clerks of same section office, the authority in certain system is consistent.Just the user who has identical authority on the same system can be classified as same user's group.Like this, various at system user, under the various situation of page control, it is relatively easy according to user right the user being divided into groups.The advantage of organizing the description user right by the user can also reduce the scale that subscriber policy defines document except the concrete access control policy that description person does not need to understand system.Though a Web system has the URL and the user that can reach in a large number, can be user's group of negligible amounts with user attaching, this just makes resource description become possibility.In the highly organized Web system because most of user has identical access rights, these user profile can be positioned in same user organizes, even the Web system does not have the user that will have identical access rights to be classified as same user's group, even the access control fine size is neither identical to each user's authority, the present invention also can be described each user, has improved the flexibility ratio of system.
The access control right setting that subscriber group information administration module 130 provides according to the keeper, conclusion subscriber group information, and pass through policy information access module 310 with subscriber group information write-in policy definition document.
The keeper is provided with the subscriber group information table according to the access control right of information in SIM system information management module 110 and the subscriber information management module 120 and system.Attribute in the subscriber group information table has: user ID, the user organizes ID etc., as shown in Figure 6.User and user's group satisfy the relation of multi-to-multi, and promptly a user can belong to a plurality of user's groups, and user's group can have a plurality of different users.The modification information that the keeper submits to the subscriber group information table to policy information access module 310 after setting completed, the user that 350 couples of keepers of XML access module submit to organizes setting and modification information is preserved.
User authentication module 140 is compared the user profile of managing in information such as the username and password of user input or letter of identity and the policy definition module 300, if user rs authentication is passed through, then ask user right information initializing module 210 to obtain the authority information of active user in system.
Safe context service module 200 comprises user right information initializing module 210, Role Information active module 220 and control access control decision-making module 230.
User right information initializing module 210 is obtained the subscriber group information at active user place according to the user ID that provides in the user authentication module 140 in policy definition module 300 defined policy document, offer role's active module 220.
Role's active module 220 obtains all Role Informations of active user according to active user's subscriber group information in policy definition module 300 defined policy document, and activation all roles that can activate that the active user assigned, further generate and activate Role Information, use for control access control role module 230.
Control access control decision-making module 230 obtains and generates corresponding level of security information and managed control access strategy position identifiers according to active user's activation Role Information in policy definition module 300 defined policy document, use for managed control and safety label.
Policy definition module 300 comprises: policy information access module 310, Role Information administration module 320, user organize role's assignment information module 330, role's page control operation assignment information module 340 and XML access management module 350.
Policy information access module 310 is used for access system information, user profile, subscriber group information, user and user's configuration set information, Role Information, user and organizes role's assignment information and role's page control operation assignment information.
Role Information administration module 320 is for the keeper provides the interface of configuration Role Information, makes the keeper can visit and revise Role Information in 300 configured strategy of policy definition module definition document.The system manager obtains the system identifier of own system according to the system name in the SIM system information management module 110, and carry out the configuration (promptly disposing the user that all and keeper have same site ID) of this system actor information by Role Information administration module 320, and by policy definition module 300 write-in policies definition document according to this system identifier.Role Information specific descriptions method is as follows: each role has role ID, role name, rank attributes such as (if graded access controls) in the Role Information.Administrator configurations finishes rear overhang angle look information description module 320 to the modification information of policy information access module 310 submissions to Role Information, wherein mainly comprise role name, rank etc., configuration and modification information that 350 couples of keepers of XML memory management module submit to are preserved.
The user organizes role's assignment information module 330 and for the keeper provides user's authority is assigned interface, user's authority is assigned to each user's group by role's form, and the role that the user in the same subscriber group passes through to be assigned has the access control right identical to control in the page.The data structure that the user organizes role's assignment information as shown in Figure 7.The keeper describes the back and organizes role's assignment information module 330 is submitted role's appointment that the user is organized to policy information access module 310 modification information by the user, comprise mainly that wherein the user organizes ID, role ID etc., description and modification information that 350 couples of keepers of XML memory management module submit to are preserved.
Role's page control operation assignment information module 340 is assigned interface for the keeper provides to role's authority, and role's authority is mainly reflected on the operating right to control in the page.To the data structure of the operation of control definition as shown in Figure 8.After having defined the various operations on the page control, promptly can be the operating right of role's appointment on control.The data structure of role's page control operation assignment information as shown in Figure 9.Administrator configurations finishes rear overhang angle look page control operation assignment information module 340 to the modification information of policy information access module 310 submissions to the role-security appointment, wherein mainly comprise role ID, page ID, control ID, operation ID etc., configuration and modification information that the 350 couples of keepers of XML memory management module submit to are preserved, and the page control setting after the preservation will be in security attribute load-on module 420 modules of Web security service assembly 400 sets a property as authority and is loaded realization.
The XML memory management module more than 350 pairs information store with the form of XML document.
Web security server assembly 400 comprises: safety label parsing module 410, security attribute load-on module 420 and label data binding module 430.
Safety label parsing module 410 is mainly used to resolve safety label and the attribute that defines on the page.Safety label defines with XML, is referred to as label definition file 610.The server end technology refers to JSP among the present invention, use the non-HTML grammer among the present invention in the html file the inside, and server creates and provide the content of html format on the basis of these codes.When browser or page development instrument such as Dreamweaver etc. detect non-html tag among the present invention, the defined file 610 that the label that provides among the present invention can be provided come comparison they, these files are specified browsers or page development instrument how to read and are shown these labels.
Security attribute load-on module 420 will call label data binding module 430 according to the security attribute that safety label parsing module 410 module parses go out.Comprise the information such as security strategy pattern, accessible role information, minimal security rank and authorization user information that this label uses in the security attribute, can whether assign in the security attribute of this label defined role or have enough safe level according to the active user to show content corresponding.Label data binding module 430 can be come the dynamic binding data according to active user's Role Information and level of security.Same control is dynamic load when moving for different role and the level data that other user provided, such as current list control, when the security attribute of its definition during for certain addressable role that used RBAC strategy and the definition in its role attribute, when having only the active user to assign this role so, system just can could accessed resources tabulate for list control loads this role; When the security attribute of its definition is forced access control policy and defined the minimal level of visit data in its authority levels for using, have only so when user class and reach more than the minimal security rank, system just can load corresponding data for list control, and, make list of controls only demonstrate the data that level of confidentiality is lower than active user's safe level by level of security dynamic binding resource data according to the active user.The final user experiences function of the present invention by label data binding module 430.
The status information that Web security response maker 500 provides according to the respective server assembly is a corresponding target identification language format (as html tag) with the format conversion of safety label, finally returns the unified security response page for browser.Each label produces by relevant assembly.Each assembly all has a security response maker that produces HTML output, with the state of reflection assembly.This process is called as decoding.The unique ID and the currency of the security response maker request framework query expression of page elements object.According to default setting, the ID character string (for example _ id0:_id1 and so on) by the framework assignment.The page behind the coding is sent to browser, and browser shows this page according to common mode.
Safety label storehouse 600 has defined the safety label that a cover can import in various Java Web webpages, it comprises label definition file 610, each tag library file all can define title, type, content model, demonstration standard and the icon of one or more customized label, and the tag library file uses the .xml file extension.The label standard 620 that also comprises the XML document definition of a tagspec by name simultaneously.Defined in the label standard: whether allow this label can be placed on any position between the html tag in the document; A separator of the starting point of the label that defines as character string; A separator of the end point of the label that defines as character string; Whether to ignore all codes between start_string and the end_string; Whether to resolve the attribute of this label; The path and the filename that mate the icon of this label; The pixel wide of specified icons and height, and this label whether on the page as seen.
Many strategies that the present invention proposes are supported safe Java Web to use the importing of page tag library and the back are installed except finishing basic page HTML control Presentation Function, but also can show the resource that this user is visible and available, and do not need the developer to carry out extra coding work according to user's self authority.
The above is preferred embodiment of the present invention, but the present invention should not be confined to the disclosed content of this embodiment and accompanying drawing.So everyly do not break away from the equivalence of finishing under the spirit disclosed in this invention or revise, all fall into the scope of protection of the invention.