企业信息化中的访问控制系统设计与实现
|
摘要
科学的发展,技术的进步特别是计算机技术、网络和通信技术的进步和应用,让企业信息化的成本逐步降低,越来越多的企业开始重视信息化建设。企业的可持续发展,规范化管理,以及核心竞争力的提高都离不开信息化。
发展中的中小企业,由于资金实力、管理水平等各方面因素,信息化建设的进程大多不能统筹规划,往往分散凌乱,导致各种信息系统的部署环境和运行环境各不相同。这种情况下各个信息系统中往往有重复建设的模块,同样的业务模块却由于平台差异,运行环境的不同而需要反复开发,这是一种资源的浪费,对企业无益。访问控制管理是各信息系统中非常重要的一环,却往往通过代码逻辑复用并结合关系数据库结构的重用来构建到各信息系统中,导致每个信息系统都有自己的访问控制管理模块。对于企业内部信息系统的安全访问和权限控制,不便于进行统一的管理,往往一个员工使用不同的系统要登录不同的账号,获取不同的访问级别,当这种系统越来越多时候,管理这些账号及权限,费时费力且很不方便。
合理利用资源建立起一个便于统一管理的访问控制系统,有助于企业的信息化建设和规范管理。通过对以往企业信息系统访问控制管理模块存在的问题进行分析,发现应用面向服务的访问控制系统架构能有效解决模块重复开发带来的资源浪费问题。利用Web服务技术实践面向服务的架构更能提供跨平台的服务特性,是一种低成本、松耦合、易复用的解决方案。
实现Web服务的两大主流平台是.NET和J2EE,通过比较两者在实现Web服务特性上的区别并结合项目开发的具体要求,选择了.NET作为系统的实现平台,将以前分布于不同应用系统的访问控制模块从这些应用系统中独立出来,只用一个访问控制系统服务于多套应用系统。并且利用Web服务技术的跨平台特点,可有效地解决不同运行环境下信息系统的数据交互问题,各个信息系统的访问权限,都通过这一个访问控制系统来管理,非常方便。
The development of science and technology especially the computer technology, network and communication technology makes the cost of Enterprise Informatization down continually. More and more enterprises begin to make much account of the establishment of informatization. Without informatization, the enterprise’s constant, standardized administraton and promotion of key competitiveness is nothingness.
Because of inadequate fund and lack of excellent management, those small and medium-sized developing enterprises frequently can not give a over-all planning during their informatization establishment process. It leads to that the disposition environment and running environment of various information systems are different from each other. In this case, there are many modules which play the same role being established repeatedly. The same function modules have to be developed more than once due to the difference of their running circumstances. That’s a really waste of resources and an unfavorable factors, especially to those small and medium-sized developing enterprises. The management of access control module plays a very important role in the information systems. But it is often built into each information system by multiplexing of business logic or code and database structure, leading to each information system has their own module of access control management. It’s inconvenient for the centralized management of secure access and privilege control.
Making rational use of resources to establish an access control system which is convenient for centralized management is necessary to an enterprise’s informatization. According to the analysis of the access control modules in enterprises’s information system, a solution turns up that using a access control architecture based on SOA can solve the problems of the repeating modules develop and waste of resources. In addition, using Web Services technology to implement the architecture based on SOA can provide Cross-Platform performance and the solution is loose coupled, easy to multiplexing and low cost.
There’re two primary and efficient platforms to implement the Web Services, J2EE and. NET. By comparing their characteristic feature in implementing Web Services and considering the specific requirement in project practice term,. NET framework was adopted to implement the architecture. It intergrated those modules which were distributed in each information system and using the Cross-Platform performance of Web Services to solve the problem of data exchange between the systems which hava different running circumstances. It’s convenient to use one access control system to manage the access privilege for each system of the enterprise.
发展中的中小企业,由于资金实力、管理水平等各方面因素,信息化建设的进程大多不能统筹规划,往往分散凌乱,导致各种信息系统的部署环境和运行环境各不相同。这种情况下各个信息系统中往往有重复建设的模块,同样的业务模块却由于平台差异,运行环境的不同而需要反复开发,这是一种资源的浪费,对企业无益。访问控制管理是各信息系统中非常重要的一环,却往往通过代码逻辑复用并结合关系数据库结构的重用来构建到各信息系统中,导致每个信息系统都有自己的访问控制管理模块。对于企业内部信息系统的安全访问和权限控制,不便于进行统一的管理,往往一个员工使用不同的系统要登录不同的账号,获取不同的访问级别,当这种系统越来越多时候,管理这些账号及权限,费时费力且很不方便。
合理利用资源建立起一个便于统一管理的访问控制系统,有助于企业的信息化建设和规范管理。通过对以往企业信息系统访问控制管理模块存在的问题进行分析,发现应用面向服务的访问控制系统架构能有效解决模块重复开发带来的资源浪费问题。利用Web服务技术实践面向服务的架构更能提供跨平台的服务特性,是一种低成本、松耦合、易复用的解决方案。
实现Web服务的两大主流平台是.NET和J2EE,通过比较两者在实现Web服务特性上的区别并结合项目开发的具体要求,选择了.NET作为系统的实现平台,将以前分布于不同应用系统的访问控制模块从这些应用系统中独立出来,只用一个访问控制系统服务于多套应用系统。并且利用Web服务技术的跨平台特点,可有效地解决不同运行环境下信息系统的数据交互问题,各个信息系统的访问权限,都通过这一个访问控制系统来管理,非常方便。
The development of science and technology especially the computer technology, network and communication technology makes the cost of Enterprise Informatization down continually. More and more enterprises begin to make much account of the establishment of informatization. Without informatization, the enterprise’s constant, standardized administraton and promotion of key competitiveness is nothingness.
Because of inadequate fund and lack of excellent management, those small and medium-sized developing enterprises frequently can not give a over-all planning during their informatization establishment process. It leads to that the disposition environment and running environment of various information systems are different from each other. In this case, there are many modules which play the same role being established repeatedly. The same function modules have to be developed more than once due to the difference of their running circumstances. That’s a really waste of resources and an unfavorable factors, especially to those small and medium-sized developing enterprises. The management of access control module plays a very important role in the information systems. But it is often built into each information system by multiplexing of business logic or code and database structure, leading to each information system has their own module of access control management. It’s inconvenient for the centralized management of secure access and privilege control.
Making rational use of resources to establish an access control system which is convenient for centralized management is necessary to an enterprise’s informatization. According to the analysis of the access control modules in enterprises’s information system, a solution turns up that using a access control architecture based on SOA can solve the problems of the repeating modules develop and waste of resources. In addition, using Web Services technology to implement the architecture based on SOA can provide Cross-Platform performance and the solution is loose coupled, easy to multiplexing and low cost.
There’re two primary and efficient platforms to implement the Web Services, J2EE and. NET. By comparing their characteristic feature in implementing Web Services and considering the specific requirement in project practice term,. NET framework was adopted to implement the architecture. It intergrated those modules which were distributed in each information system and using the Cross-Platform performance of Web Services to solve the problem of data exchange between the systems which hava different running circumstances. It’s convenient to use one access control system to manage the access privilege for each system of the enterprise.
引文
[1]赵小龙,张毓森,袁峰.面向组织结构的访问控制管理模型.计算机工程, 2009, 35(15): 138-140
[2]沈伯青,杨宗凯. Web服务的基石: UDDI技术.计算机工程与应用, 2003, 15(5): 10-12
[3]岳昆,王晓玲,周傲英. Web服务核心支撑技术.软件学报, 2004, 15(3): 75-77
[4] John Sharp. Microsoft Visual C# 2005 Step by Step. Microsoft Corporation, 2006: 2-10
[5]麦克唐纳. NET分布式应用程序.北京:清华大学出版社, 2005: 7-15
[6]邵叶秦涂中群张小荣. Kerberos协议的安全分析.电脑知识与技术, 2010, 6(6): 23-25
[7]于小兵,郭顺生,杨明忠.扩展RBAC模型及其在ERP系统中的应用.计算机工程, 2009, 35(24): 5-7
[8] Christian Nagel, Bill Evjen, Jay Glynn. C#高级编程.李敏波译.第4版.北京:清华大学出版社, 2006: 7-9
[9] W. Pedrycz, G. Succi and M. G.. Chun. Association Analysis of Software Measures. International Journal of Software Engineering and Knowledge Engineering, 2002, 12(3): 291-299
[10] Stephen Walther. ASP. NET Unleashed. Sams, an imprint of Macmillan Computer Publishing USA, 2002: 9-17
[11] Bobby Woolf. Exploring IBM SOA Technology & Practice. Clear Horizon, 2008: 10-12
[12] Offutt A J, Abdurazik A. Using UML Collaboration Diagrams for Static Checking and Test Generation. In: Proc. 3rd Intl. Conf. On the Unified Modeling Language (UML00). York. UK, 2000: 383-385
[13]邵维忠,杨芙清.面向对象的系统分析.第2版.北京:清华大学出版社, 2006: 42-45
[14]宋善德,郭翔,戴路.基于XML Web服务的企业应用集成系统身份认证技术研究.计算机工程与科学, 2004, 26(10): 7-9
[15] Robert V Binder.面向对象系统的测试.华庆一译.北京:人民邮电出版社, 2001: 99-103
[16]任泰明.基于B/S结构的软件开发技术.西安:西安电子科技大学出版社, 2006: 21-23
[17]李相枢,李延红. MIS系统权限管理及标准件.计算机工程与应用, 2001(4): 69-70
[18] A. Offutt, A. Abdurazik. Generating Tests from UML specifications. In: Proc. 2nd Intl. Conf. on the Unified Modeling Language(UML’99). London: Springer-Verlag, 1999: 416-422
[19]张宁林.基于Web Service技术的分布式异构数据库的集成: [硕士学位论文].南京:东南大学图书馆, 2004
[20] Choi B, Yoon H, Jeon J-O. A UML-based Test Model for Component Integration Test. In: Workshop on Software Architecture and Component, Japan, 1999: 67-70
[21] Bailin S C, Object-Oriented Requirements Analysis. In: Marciniak J, ed. Encyclopedia of Software Engineering. NY: John Wiley & Sons, 1994: 740-752
[22]杨文龙,姚淑珍,吴芸.软件工程.北京:电子工业出版社, 2003: 109-120
[23]王斌.Web Services安全问题的研究: [硕士学位论文].北京:华北电力大学图书馆, 2005
[24] M.N.Huhns,Agents as Web Services,Internet Computing,IEEE,2002,6(4):33-36
[25] Simon Robinson, Christian Nagel. Professional C#. 3rd Edition. John Wiley, 2004: 612-628
[26] Bill Evjen, Scott Hanselman, Farhan Muhammad. Professional ASP. NET 2.0. John Wiley & Sons, 2007: 10-26
[27] Ravi S.Sandhu,Edward J.Coyne,Hal L.Feinstein,Charles E.Youman. Role-Based Access Control Model,IEEE Computer, 1996, 29(2): 36-42
[28]微软公司.数据库程序设计.北京:高等教育出版社, 2004: 229-235
[29]柴晓路,梁宇奇. Web Services技术、架构和应用.北京:电子工业出版社, 2003: 495-503
[30] Andrei Alexandrescn. Modern C++ Design-Generic Programming and Design, 2003: 12-18
[31] Brian Larson. Microsoft SQL Server 2005 Reporting Services. The McGraw-Hill Companies. USA, 2006: 78-90
[32]张为.现代软件开发的过程管理方法研究.计算机工程与科学, 2003, 25(4): 99-105?
[33] David Sceppa. ADO. NET2. 0技术内幕.贾洪峰译.北京:清华大学出版社, 2007: 125-136
[34] Donis Marshal. NET安全编程.余波,张立浩译.北京:清华大学出版社, 2003: 108-126
[35] Dino Esposito. Programming Microsoft ASP. NET 3.5. Microsoft, 2008: 299-322
[36] Matthew MacDonald. Pro ASP. NET 2.0 in C# 2005. Apress, 2005: 100-118
[37]胡海璐,彭接文. XML Web Services高级编程范例.北京:电子工业出版社, 2003: 80-83
[38] Rumbaugh J, Jacobson I, Booch G. The Unified Modeling Language Reference Manual. New York: Addison-Wesley Publishing Company, 1999: 50-64
[39] Northrop L M. Object-Oriented Development. NY: John Wiley & Sons, 1994: 727-732
[40] Markup 0’Nei11. Web服务安全技术与原理,冉晓,郭文伟译.北京:清华大学出版社, 2003: 32-40
[2]沈伯青,杨宗凯. Web服务的基石: UDDI技术.计算机工程与应用, 2003, 15(5): 10-12
[3]岳昆,王晓玲,周傲英. Web服务核心支撑技术.软件学报, 2004, 15(3): 75-77
[4] John Sharp. Microsoft Visual C# 2005 Step by Step. Microsoft Corporation, 2006: 2-10
[5]麦克唐纳. NET分布式应用程序.北京:清华大学出版社, 2005: 7-15
[6]邵叶秦涂中群张小荣. Kerberos协议的安全分析.电脑知识与技术, 2010, 6(6): 23-25
[7]于小兵,郭顺生,杨明忠.扩展RBAC模型及其在ERP系统中的应用.计算机工程, 2009, 35(24): 5-7
[8] Christian Nagel, Bill Evjen, Jay Glynn. C#高级编程.李敏波译.第4版.北京:清华大学出版社, 2006: 7-9
[9] W. Pedrycz, G. Succi and M. G.. Chun. Association Analysis of Software Measures. International Journal of Software Engineering and Knowledge Engineering, 2002, 12(3): 291-299
[10] Stephen Walther. ASP. NET Unleashed. Sams, an imprint of Macmillan Computer Publishing USA, 2002: 9-17
[11] Bobby Woolf. Exploring IBM SOA Technology & Practice. Clear Horizon, 2008: 10-12
[12] Offutt A J, Abdurazik A. Using UML Collaboration Diagrams for Static Checking and Test Generation. In: Proc. 3rd Intl. Conf. On the Unified Modeling Language (UML00). York. UK, 2000: 383-385
[13]邵维忠,杨芙清.面向对象的系统分析.第2版.北京:清华大学出版社, 2006: 42-45
[14]宋善德,郭翔,戴路.基于XML Web服务的企业应用集成系统身份认证技术研究.计算机工程与科学, 2004, 26(10): 7-9
[15] Robert V Binder.面向对象系统的测试.华庆一译.北京:人民邮电出版社, 2001: 99-103
[16]任泰明.基于B/S结构的软件开发技术.西安:西安电子科技大学出版社, 2006: 21-23
[17]李相枢,李延红. MIS系统权限管理及标准件.计算机工程与应用, 2001(4): 69-70
[18] A. Offutt, A. Abdurazik. Generating Tests from UML specifications. In: Proc. 2nd Intl. Conf. on the Unified Modeling Language(UML’99). London: Springer-Verlag, 1999: 416-422
[19]张宁林.基于Web Service技术的分布式异构数据库的集成: [硕士学位论文].南京:东南大学图书馆, 2004
[20] Choi B, Yoon H, Jeon J-O. A UML-based Test Model for Component Integration Test. In: Workshop on Software Architecture and Component, Japan, 1999: 67-70
[21] Bailin S C, Object-Oriented Requirements Analysis. In: Marciniak J, ed. Encyclopedia of Software Engineering. NY: John Wiley & Sons, 1994: 740-752
[22]杨文龙,姚淑珍,吴芸.软件工程.北京:电子工业出版社, 2003: 109-120
[23]王斌.Web Services安全问题的研究: [硕士学位论文].北京:华北电力大学图书馆, 2005
[24] M.N.Huhns,Agents as Web Services,Internet Computing,IEEE,2002,6(4):33-36
[25] Simon Robinson, Christian Nagel. Professional C#. 3rd Edition. John Wiley, 2004: 612-628
[26] Bill Evjen, Scott Hanselman, Farhan Muhammad. Professional ASP. NET 2.0. John Wiley & Sons, 2007: 10-26
[27] Ravi S.Sandhu,Edward J.Coyne,Hal L.Feinstein,Charles E.Youman. Role-Based Access Control Model,IEEE Computer, 1996, 29(2): 36-42
[28]微软公司.数据库程序设计.北京:高等教育出版社, 2004: 229-235
[29]柴晓路,梁宇奇. Web Services技术、架构和应用.北京:电子工业出版社, 2003: 495-503
[30] Andrei Alexandrescn. Modern C++ Design-Generic Programming and Design, 2003: 12-18
[31] Brian Larson. Microsoft SQL Server 2005 Reporting Services. The McGraw-Hill Companies. USA, 2006: 78-90
[32]张为.现代软件开发的过程管理方法研究.计算机工程与科学, 2003, 25(4): 99-105?
[33] David Sceppa. ADO. NET2. 0技术内幕.贾洪峰译.北京:清华大学出版社, 2007: 125-136
[34] Donis Marshal. NET安全编程.余波,张立浩译.北京:清华大学出版社, 2003: 108-126
[35] Dino Esposito. Programming Microsoft ASP. NET 3.5. Microsoft, 2008: 299-322
[36] Matthew MacDonald. Pro ASP. NET 2.0 in C# 2005. Apress, 2005: 100-118
[37]胡海璐,彭接文. XML Web Services高级编程范例.北京:电子工业出版社, 2003: 80-83
[38] Rumbaugh J, Jacobson I, Booch G. The Unified Modeling Language Reference Manual. New York: Addison-Wesley Publishing Company, 1999: 50-64
[39] Northrop L M. Object-Oriented Development. NY: John Wiley & Sons, 1994: 727-732
[40] Markup 0’Nei11. Web服务安全技术与原理,冉晓,郭文伟译.北京:清华大学出版社, 2003: 32-40