摘要
通过分析Web应用中URL安全管理的局限性,提出了一种利用Struts2开发框架的配置变量namespace来管理URL权限的方法。首先读取用户自定义的配置文件,匹配授权角色和登录角色,再次调用解析算法解析操作权限值来匹配授权操作和请求操作。只有当两者都匹配成功,才允许用户正常访问。实验表明,该方法既能满足一般的URL权限管理,还能根据用户需求自定义权限控制的粒度来管理操作权限,且支持权限管理可配置,是一种通用的URL管理工具。
By analyzing the limitations of URL safety management in Web applications, this paper proposes a method to manage URL rights using configuration variable namespace of Struts2 framework. Firstly, user-defined configuration files are read to match the log role and request role, then analytical algorithm is used to parse the operation rights value to match the permit operator and request operator. Only the two matches successfully can users be allowed to access normally. The experiment shows that this method can not only meet the general URL rights management, but also according to users' needs, customize the granularity of access control to manage the operation rights. It also supports the configuration of the rights management and is a common management tool.
出处
《湖南邮电职业技术学院学报》
2014年第2期52-57,共6页
Journal of Hunan Post and Telecommunication College
关键词
WEB应用
URL技术
权限管理
算法匹配
粒度
Web application
uniform resource locator(URL) technology
rights management
algorithm for matching
granularity