CN104486357A - Method for achieving role-based access control (RBAC) based on SSH website - Google Patents
Method for achieving role-based access control (RBAC) based on SSH website Download PDFInfo
- Publication number
- CN104486357A CN104486357A CN201410843787.8A CN201410843787A CN104486357A CN 104486357 A CN104486357 A CN 104486357A CN 201410843787 A CN201410843787 A CN 201410843787A CN 104486357 A CN104486357 A CN 104486357A
- Authority
- CN
- China
- Prior art keywords
- role
- user
- authority
- session
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/102—Entity profiles
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/604—Tools and structures for managing or administering access control systems
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a method for achieving a role-based access control (RBAC) based on an SSH website. The method includes the following steps that a user makes a request for access to a page, whether a user name variable in Session is null or not is judged, if the user name variable is null, a login page is jumped to so that the user can log in, and otherwise user information is stored in the Session; the user gets access to a database, and the user information about successful login is stored in the Session; an ORM module gets access to the database and obtains authority information corresponding to the access page; an AOP interceptor is triggered and obtains the authority information of the user from the Session; the AOP interceptor judges the authority information of the user, if the authority information includes the authority information corresponding to the access page, user access is successful, and otherwise access fails. The method for achieving the RBAC based on the SSH website has the advantages that logics are clear, the coupling degree among all the logics is low, the reusability of programs is high, and the development efficiency is high.
Description
Technical field
The present invention relates to access control and Website development technical field thereof, in particular to a kind of method realizing RBAC access privilege control based on SSH website.
Background technology
In contemporary information systems, safety management is pith always.Access control technology is then the important step of safety information system, and its main task ensures that resource is not illegally used and accesses.Access control based roles (Role-Based Access Control) receives as the replacement of traditional access control and pays close attention to widely.RBAC comprises three entities: user, Role and privilege.User is the main body operated data object, can be people, robot and computer etc.Authority is to the exercisable right of a certain data object.Role is then the middle bridge of user and authority.RBAC achieves the logical separation of user and authority by introducing the concept of role, support being separated of technical staff and business personnel's responsibility, and user obtains authority operate object by obtaining role, thus realizes rights management and control.
But traditional RBAC character species when information system is set up is determined, the incidence relation between Role and privilege has also been bound, and the system expandability is poor, and the degree of coupling between logic is high, and the reusability of program is not high, development efficiency is low.
Summary of the invention
For solving the problem, the object of the present invention is to provide a kind of clear logic, the degree of coupling low, the reusability of program is high, a kind of method realizing RBAC access privilege control based on SSH website that development efficiency is high.
The invention provides a kind of method realizing RBAC access privilege control based on SSH website, it is characterized in that, comprise the following steps:
Step 1, user, to the page request of conducting interviews, judges whether the user name variable in Session is empty, if it is empty, then jumps to login page and allow user log in, otherwise user profile be kept in described Session;
Step 2, user accesses data storehouse, and the user profile logined successfully is kept in described session;
Step 3, database described in ORM module accesses, obtains the corresponding authority information of accession page from described database;
Step 4, trigger AOP blocker, described APO blocker obtains the authority information of user from described Session;
Step 5, described AOP blocker judges the authority information of user, and the authority information that step 3 obtains if comprise, then user accesses successfully, otherwise accesses unsuccessfully.
Wherein, described database comprises:
Subscriber's meter, comprises subscriber-coded and user name, for stored user information;
Role shows, and comprises role's coding and role name, for storing Role Information;
Authority list, comprises authority coding, authority name and URL address, for storing concrete authority information;
User role table, comprise subscriber-coded and role's coding, the multi-to-multi realizing user and role maps;
Role-security table: comprise role's coding and authority coding, the multi-to-multi realizing Role and privilege maps;
Described role's table carries out associating of multi-to-multi by described user role table with described subscriber's meter;
Described role's table carries out multi-to-multi by described role-security table and described authority list and associates.
Further improve as the present invention, in described role's table, add the classification of parent role coding in order to adapt to role.
Further improve as the present invention, described user profile, described Role Information and described authority information are all stored in session with the form of variable name.
Beneficial effect of the present invention is:
1, by the design of database, the logic of user and authority well separated, the degree of coupling between each logic reduces;
2, by ORM module to database access and AOP blocker to the inspection of calling party authority, make that the reusability of calling program is high, development efficiency is high.
Accompanying drawing explanation
Fig. 1 is the structure chart of a kind of database described in the embodiment of the present invention.
Fig. 2 is a kind of flow chart realizing the method for RBAC access privilege control based on SSH website described in the embodiment of the present invention;
Embodiment
Also by reference to the accompanying drawings the present invention is described in further detail below by specific embodiment.
As shown in Figure 1, database of the present invention comprises:
Subscriber's meter, comprises subscriber-coded userid and user name username, for stored user information;
Role shows, and comprises role and to encode roleid and role name rolename, for storing Role Information;
Authority list, comprises authority coding rightid, authority name rightname and URL address, for storing concrete authority information;
User role table, comprise subscriber-coded userid and role and to encode roleid, the multi-to-multi realizing user and role maps;
Role-security table: comprise role encode roleid and authority coding rightid, realize Role and privilege multi-to-multi map;
Described role's table carries out associating of multi-to-multi by described user role table with described subscriber's meter;
Described role's table carries out multi-to-multi by described role-security table and described authority list and associates.
As shown in Figure 2, a kind of method realizing RBAC access privilege control based on SSH website described in the embodiment of the present invention, comprises the following steps:
Step 1, user, to the page request of conducting interviews, judges whether the username variable in Session is empty, if it is empty, then jumps to login page and allow user log in, otherwise user profile be kept in described Session;
Step 2, user accesses data storehouse, and the user profile logined successfully is kept in described session;
Step 3, database described in ORM module accesses, obtains the corresponding authority information of accession page from described database;
Step 4, trigger AOP blocker, described APO blocker obtains the authority information of user from described Session;
Step 5, described AOP blocker judges the authority information of user, and the authority information that step 3 obtains if comprise, then user accesses successfully, otherwise accesses unsuccessfully.
Owing to being visited by the page time user accesses, be exactly a URL address, and the authority that user has identifies by encoding when input, this just needs to set up one between encoding with authority in URL address and associates.Because URL address is preserved in a database with associating of authority, this just needs to visit database by ORM module, to realize inquiring about the authority corresponding to URL address.
When user logs in, encode roleid, role name rolename, authority coding rightid, authority name rightname and URL address of subscriber-coded userid, the user name username that user can be had, role is stored in Session with the form of variable name, standbyly calls when needing.When user accesses certain page, just trigger AOP blocker, AOP blocker obtains user right information from Session, and the authority information obtained with ORM module compares, and to judge whether the authority of accessing this page, realizes access control.
Further improve as the present invention, in described role's table, add the classification of parent role coding in order to adapt to role.
The foregoing is only the preferred embodiments of the present invention, be not limited to the present invention, for a person skilled in the art, the present invention can have various modifications and variations.Within the spirit and principles in the present invention all, any amendment done, equivalent replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (4)
1. realize a method for RBAC access privilege control based on SSH website, it is characterized in that, comprise the following steps:
Step 1, user, to the page request of conducting interviews, judges whether the user name variable in Session is empty, if it is empty, then jumps to login page and allow user log in, otherwise user profile be kept in described Session;
Step 2, user accesses data storehouse, and the user profile logined successfully is kept in described session;
Step 3, database described in ORM module accesses, obtains the corresponding authority information of accession page from described database;
Step 4, trigger AOP blocker, described APO blocker obtains the authority information of user from described Session;
Step 5, described AOP blocker judges the authority information of user, and the authority information that step 3 obtains if comprise, then user accesses successfully, otherwise accesses unsuccessfully.
2. a kind of method realizing RBAC access privilege control based on SSH website according to claim 1, it is characterized in that, described database comprises:
Subscriber's meter, comprises subscriber-coded and user name, for stored user information;
Role shows, and comprises role's coding and role name, for storing Role Information;
Authority list, comprises authority coding, authority name and URL address, for storing concrete authority information;
User role table, comprise subscriber-coded and role's coding, the multi-to-multi realizing user and role maps;
Role-security table: comprise role's coding and authority coding, the multi-to-multi realizing Role and privilege maps;
Described role's table carries out associating of multi-to-multi by described user role table with described subscriber's meter;
Described role's table carries out multi-to-multi by described role-security table and described authority list and associates.
3. a kind of method realizing RBAC access privilege control based on SSH website according to claim 2, is characterized in that, adds the classification of parent role coding in order to adapt to role in described role's table.
4. a kind of method realizing RBAC access privilege control based on SSH website according to claim 2, is characterized in that, described user profile, described Role Information and described authority information are all stored in session with the form of variable name.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410843787.8A CN104486357A (en) | 2014-12-30 | 2014-12-30 | Method for achieving role-based access control (RBAC) based on SSH website |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410843787.8A CN104486357A (en) | 2014-12-30 | 2014-12-30 | Method for achieving role-based access control (RBAC) based on SSH website |
Publications (1)
Publication Number | Publication Date |
---|---|
CN104486357A true CN104486357A (en) | 2015-04-01 |
Family
ID=52760861
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201410843787.8A Pending CN104486357A (en) | 2014-12-30 | 2014-12-30 | Method for achieving role-based access control (RBAC) based on SSH website |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN104486357A (en) |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105262780A (en) * | 2015-11-27 | 2016-01-20 | 国网信息通信产业集团有限公司 | Authority control method and system |
CN107147671A (en) * | 2017-06-19 | 2017-09-08 | 上海斐讯数据通信技术有限公司 | One kind is based on website route access right control method, access method and system |
CN109472127A (en) * | 2018-10-11 | 2019-03-15 | 北京三快在线科技有限公司 | Permission processing method, device, using side apparatus and storage medium |
CN110727929A (en) * | 2019-10-12 | 2020-01-24 | 北京明略软件系统有限公司 | AOP-based line-level authority control method, device and client |
CN110750747A (en) * | 2019-10-22 | 2020-02-04 | 杭州安恒信息技术股份有限公司 | Page jump method, device, equipment and readable storage medium |
CN110971563A (en) * | 2018-09-28 | 2020-04-07 | 北京国双科技有限公司 | Authority information processing method and device |
CN111625842A (en) * | 2019-02-28 | 2020-09-04 | 武汉朗立创科技有限公司 | Permission control system based on RBAC |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20140157350A1 (en) * | 2012-12-03 | 2014-06-05 | Microsoft Corporation | Role-based access control modeling and auditing system |
CN104052747A (en) * | 2014-06-23 | 2014-09-17 | 桂林长海科技有限责任公司 | Permission management system based on RBAC |
CN104063636A (en) * | 2013-03-22 | 2014-09-24 | 鸿富锦精密工业(深圳)有限公司 | Role permission control method and system |
CN104243453A (en) * | 2014-08-26 | 2014-12-24 | 中国科学院信息工程研究所 | Access control method and system based on attribute and role |
-
2014
- 2014-12-30 CN CN201410843787.8A patent/CN104486357A/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20140157350A1 (en) * | 2012-12-03 | 2014-06-05 | Microsoft Corporation | Role-based access control modeling and auditing system |
CN104063636A (en) * | 2013-03-22 | 2014-09-24 | 鸿富锦精密工业(深圳)有限公司 | Role permission control method and system |
CN104052747A (en) * | 2014-06-23 | 2014-09-17 | 桂林长海科技有限责任公司 | Permission management system based on RBAC |
CN104243453A (en) * | 2014-08-26 | 2014-12-24 | 中国科学院信息工程研究所 | Access control method and system based on attribute and role |
Non-Patent Citations (2)
Title |
---|
任翔: "基于J2EE权限管理系统平台设计与实现", 《中国优秀硕士学位论文全文数据库 信息科技辑》 * |
郭文龙等: "基于SSH框架的RBAC设计与实现", 《软件》 * |
Cited By (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105262780A (en) * | 2015-11-27 | 2016-01-20 | 国网信息通信产业集团有限公司 | Authority control method and system |
CN105262780B (en) * | 2015-11-27 | 2018-12-18 | 国网信息通信产业集团有限公司 | A kind of authority control method and system |
CN107147671A (en) * | 2017-06-19 | 2017-09-08 | 上海斐讯数据通信技术有限公司 | One kind is based on website route access right control method, access method and system |
CN110971563A (en) * | 2018-09-28 | 2020-04-07 | 北京国双科技有限公司 | Authority information processing method and device |
CN110971563B (en) * | 2018-09-28 | 2022-10-04 | 北京国双科技有限公司 | Authority information processing method and device |
CN109472127A (en) * | 2018-10-11 | 2019-03-15 | 北京三快在线科技有限公司 | Permission processing method, device, using side apparatus and storage medium |
CN111625842A (en) * | 2019-02-28 | 2020-09-04 | 武汉朗立创科技有限公司 | Permission control system based on RBAC |
CN110727929A (en) * | 2019-10-12 | 2020-01-24 | 北京明略软件系统有限公司 | AOP-based line-level authority control method, device and client |
CN110727929B (en) * | 2019-10-12 | 2021-07-30 | 北京明略软件系统有限公司 | AOP-based line-level authority control method, device and client |
CN110750747A (en) * | 2019-10-22 | 2020-02-04 | 杭州安恒信息技术股份有限公司 | Page jump method, device, equipment and readable storage medium |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN104486357A (en) | Method for achieving role-based access control (RBAC) based on SSH website | |
CN109614823B (en) | Data processing method, device and equipment | |
US8590003B2 (en) | Controlling access to resources by hosted entities | |
CN107733972B (en) | Short link analysis method, device and equipment | |
US9218481B2 (en) | Managing password strength | |
CN106471466B (en) | Transient applications | |
CN102904889B (en) | Support the forced symmetric centralization system and method for cross-platform unified management | |
CN104102880B (en) | A kind of application program rewrite method detecting the attack of Android privilege-escalation and system | |
CN104954383A (en) | Application program login method and system | |
US20180054456A1 (en) | Website security tracking across a network | |
US10740286B1 (en) | Migration task validation before data migration | |
US10135913B2 (en) | Impact analysis system and method | |
US20200412736A1 (en) | Dynamic security policy consolidation | |
CN106446638A (en) | Cloud computing operation system security access method and device | |
US10891357B2 (en) | Managing the display of hidden proprietary software code to authorized licensed users | |
US20230101337A1 (en) | Domain replication across regions | |
Mathas et al. | On the design of IoT security: Analysis of software vulnerabilities for smart grids | |
TWI716385B (en) | Authentication method and authentication device | |
CN105069366A (en) | Account registration and management method and device | |
US9037609B1 (en) | Method for determining access of queries | |
US11243756B1 (en) | Extensible resource compliance management | |
US9330276B2 (en) | Conditional role activation in a database | |
CN109683942B (en) | Script management method, script management device, script management medium and electronic equipment | |
Suwarningsih et al. | The multi-tenancy queueing system “QuAntri” for public service mall | |
US10482279B2 (en) | Pattern-less private data detection on data sets |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20150401 |
|
RJ01 | Rejection of invention patent application after publication |