Design and Implementation of Privilege Management System Based on RBAC

To satisfy the requirements of secure among enterprise information system, access control seemed as an information security technology has been used in more and more modern enterprises. Administration of an RBAC system using role based approach has become very appealing because of the benefits that a role-based approach typically brings. In this paper, the scope of traditional RBAC models is carried out and requirements of privilege management based on B/S mode are analyzed. The persistence layer, business layer and control layer of system are implemented under the framework of integration of spring and Hibernate by Struts2.0. Compared with the current privilege management infrastructures, because the struts2.0 framework is integrated with different kinds of frameworks, the interoperability of the system has been achieved. Based on the Filter mechanism, the authorized authentication is implemented conveniently. And the flexibility of permission maintenance has been provided by the design of resource entity.