济南大学毕业设计
I 基于shiro的权限管理系统设计和实现
摘 要
随着经济社会的发展和信息科学技术的不断进步,信息的处理量越来越大,也越来越繁杂,于是计算机技术被广泛的应用到社会的各个领域之中。但随着最近一些比较严重的信息系统泄密事件的发生,使用者意识到了信息系统安全的重要性,如何保护信息的安全成为使用者最关心的问题。这里我们从系统设计实现的角度进行处理,在用户对系统数据进行访问前,先通过基于RBAC的权限管理系统的验证,确定用户拥有的角色,根据用户角色的权限再向用户展示数据信息,从而实现保护系统信息的目的。
该系统依托现在流行的JSP语言,通过MySQL数据库的数据处理,开发出通用权限管理系统来对用户身份权限信息进行验证。这套系统具有权限分配简单、扩展性好的优点,并且支持岗位、权限多变的各种需求。作为信息系统的附属系统,该系统很好的实现了用户与页面功能数据的整合和分离,还增添了信息管理等附带功能。实践证明,基于RBAC的权限管理系统是最方便和快捷的安全管理控制方法。
关键词:网络信息安全;RBAC;权限管理系统;角色 济南大学毕业设计
II
ABSTRACT
As the development of the social economy and the technology and science, the
information needed to treat is bigger and bigger, and become increasingly complex, so
computer technology is widely applied to every field of society. But along with some
serious information system leaks events happened one after another, people have realized
the importance of network security, thus how to protect information security data from
violation has become that users care most about. Here, a detailed analysis of the design
from the viewpoint of the system's realization is given, users first must log in to access the
privilege management system, for each user group one or more users are selected and their
roles and authority s are identified, and then they can view the client list and details about
each client, so as to achieve the goal of protection system information.
The authority management system is based on fashionable JSP language and MySQL
database technology to authenticate user identity authorization information. Authority
administrative system that adopts this method has stronger commonness and practicability,
which can meet demand of authority management in general application system. As the
subsidiary system of information system, the system is good enough to achieve the
integration and separation between the user and the function. Practices show that an
authority management system based on RBAC is the most convenient and efficient safety
management control.
Key words: Network information security;Role-Based Access Control;Authority management
system;Role
济南大学毕业设计
目录
摘 要 ............................................................... I
ABSTRACT .............................................................. II
1 前言 ................................................................. 1
1.1 项目背景 ........................................................ 1
1.2 目的及意义 ...................................................... 1
1.3 B/S开发模式的优点 ............................................... 2
2 需求分析 ............................................................. 3
2.1 系统概述 ........................................................ 3
2.2 系统功能需求分析 ................................................ 3
2.2.1 用户管理 .................................................. 3
2.2.2 角色管理 .................................................. 4
2.2.3 功能管理 .................................................. 4
2.3 UML 建模 ........................................................ 4
2.3.1 管理员用户的用例关系图 .................................... 4
2.3.2 一般用户的用例关系图 ...................................... 5
2.4 系统性能分析 .................................................... 6
2.4.1 安全性需求分析 ............................................ 6
2.4.2 稳定性需求分析 ............................................ 7
3 概要设计 ............................................................. 8
3.1 总体设计 ........................................................ 8
3.2.1 模块划分 .................................................. 8
3.2.2 模块设计 .................................................. 9
3.3 模块设计 ....................................................... 11
3.3.1权限管理模块 .............................................. 11
3.3.2 用户密码修改模块 ......................................... 13
3.3.3 用户账户管理模块 ......................................... 14
3.4 数据结构设计 ................................................... 16
3.4.1 用户信息表 ............................................... 16
3.4.2 角色信息表 ............................................... 17
3.4.3 功能菜单表 ............................................... 17
3.4.4 角色菜单表 ............................................... 17
4设计与实现 ........................................................... 18
4.1 软件架构 ....................................................... 18 济南大学毕业设计
4.2 系统架构 ....................................................... 18
4.3访问控制设计 .................................................... 19
5系统测试 ............................................................. 20
5.1 测试目的 ....................................................... 20
5.2 测试内容 ....................................................... 20
5.2.1 功能测试 ................................................ 20
5.2.2 性能测试 ................................................. 20
5.3 测试用例 ....................................................... 20
5.4测试结果分析 .................................................... 24
6总结与展望 ........................................................... 25
结 论 .............................................................. 26
参 考 文 献 ........................................................... 27
致 谢 .............................................................. 29