隨著網路應用的發達與普及,應用系統的安全防護非常重要,但是要將安全方防護方面的設計與製作做好,卻不容易。因為與安全相關的程式碼必須嵌入到應用系統的各個模組中去執行,具有橫跨(cross-cutting)的特性。在設計時,若不加以區分,仍然以一般的物件或是函式模組來將其模組化的話,往往造成系統中反覆出現類似的程式碼以及不同需求的程式碼夾雜不清的現象,當系統愈趨複雜時,這些問題就愈顯嚴重,結果導致系統不易維護且錯誤頻仍。
最近興起的剖面導向程式設計(Aspect-Oriented Programming)基於關注分離的原則(Separation of Concerns),針對像安全這類橫跨性的需求,倡議在原有的物件或函式模組外,另以剖面(aspect)作為這些橫跨性需求的模組單位,以大幅改善應用系統的模組性。近兩三年來,這方面的發展迅速,各種支援方面導向的程式語言與相關工具相繼推出,美國全錄公司柏拉圖實驗室發展的AspectJ語言就是一個具代表性的成果。本論文以剖面導向的原則,以AspectJ及JBossAOP為主要工具,針對Web應用程式在認證與存取控管方面的安全需求,設計與製作一套具重用性且可處理資料內容相關、細緻層級的存取控管框架。 / Access control is a system-wide concern that has both a generic nature and an application dependent characteristic. It is generic as many functions must be protected with restricted access, yet the rule to grant a request is highly dependent on the application state. Hence it is common to see the code for implementing access control scattered over the system and tangled with the functional code, making the system difficult to maintain. This thesis addresses this issue for Web applications by presenting a practical access control framework based on aspect-oriented programming (AOP). Our approach accommodates a wide range of access control requirements of different granularity. AOP supports the modular implementation of access control while still enables the code to get a hold of the application state. Moreover, framework technology offers a balanced view between reuse and customization. As a result, our framework is able to enforce fine-grained access control for Web applications in a highly adaptable manner.
| Identifer | oai:union.ndltd.org:CHENGCHI/G0927530241 |
| Creators | 黃植懋, Huang , Chih-Mao |
| Publisher | 國立政治大學 |
| Source Sets | National Chengchi University Libraries |
| Language | 中文 |
| Detected Language | English |
| Type | text |
| Rights | Copyright © nccu library on behalf of the copyright holders |
Page generated in 0.0018 seconds