基于WEB的单点登录和权限管理技术研究与实现

发布时间：2018-04-20 20:23

本文选题：Web应用 + CAS　；参考：《北京邮电大学》2017年硕士论文

【摘要】：随着企业信息化的迅速发展,企业的Web应用不断增多,但是多数Web应用之间在用户模型和安全策略上存在差异,导致用户访问不同Web应用时需要使用不同帐号去验证身份,不仅给用户带来了使用上的困扰,存在一定的安全隐患,并且还增加了企业运维成本。本文从实际应用的角度出发,针对以上问题,研究了当前较为流行的几种单点登录模型,提出了基于Web的CAS(Central Authentication Server中心认证服务)统一身份认证的解决方案,结合Shiro安全框架完成了基于角色的访问控制的用户权限管理。成功解决了多Web应用反复登录的问题,增加系统间的耦合度,本文的研究内容以及成果如下:(1)综述了国内外的单点登录技术研究现状,研究了目前主流的单点登录技术,根据目前存在的问题选择基于访问票据的单点登录模型,通过Cookie来存储登录请求的票据,再基于CAS协议实现多Web应用的单点登录功能。(2)研究了 Shiro安全框架的原理和权限管理的体系结构,对多Web应用的用户基于角色访问控制进行整合管理,以用户组为主体,被访问Web应用为资源,把主体与资源的交互交给Shiro统一管理,完成了主体到资源的权限访问控制,以此为模型继而实现基于Web应用的权限管理。(3)完成了基于Web的单点登录和权限管理模型的总体设计和系统设计,对CAS进行功能拓展,搭建了 CAS的客户端和服务器,实现单点登录和单点登出功能,将Shiro嵌入到单点登录Web应用系统中,实现了基于Web的单点登录和权限管理平台。(4)综合测评了本文实现的基于Web的单点登录和权限管理系统核心功能的有效性,对整个系统的响应性能进行了测试,完全符合预期结果,基本满足企业级单点登录的需求应用。
[Abstract]:With the rapid development of enterprise information, the number of Web applications in enterprises is increasing. However, there are differences in user models and security policies between most Web applications, which results in users need to use different accounts to verify their identity when accessing different Web applications. It not only brings users trouble in use, but also increases the cost of operation and maintenance. From the point of view of practical application, this paper studies several popular single sign-on models, and puts forward the solution of unified identity authentication based on CAS(Central Authentication Server Center Authentication Service based on Web. The user rights management based on role-based access control is completed with Shiro security framework. The problem of multiple Web application repeat login is solved successfully, and the coupling degree between systems is increased. The research contents and results of this paper are as follows: (1) the research status of single sign-on technology at home and abroad is summarized, and the current mainstream single sign-on technology is studied. According to the existing problems, the single sign-on model based on access ticket is selected to store the ticket of login request through Cookie. Then the principle of Shiro security framework and the system structure of privilege management are studied based on CAS protocol to realize single sign-on function of multi- application. The user access control based on role is integrated and managed in multi- application, with user group as the main body. Web is accessed as a resource, the interaction between principal and resource is given to Shiro unified management, and the access control from principal to resource is completed. Then implement the privilege management based on Web application. 3) complete the overall design and system design of single sign-on and privilege management model based on Web, expand the function of CAS, and build the client and server of CAS. The functions of single sign-on and single sign-on are realized, and the Shiro is embedded into the single sign-on Web application system. The platform of single sign-on and privilege management based on Web is implemented. The effectiveness of the core functions of the single sign-on and privilege management system based on Web is evaluated and the response performance of the whole system is tested. Fully in line with the expected results, basically meet the requirements of enterprise single sign-on applications.
【学位授予单位】：北京邮电大学
【学位级别】：硕士
【学位授予年份】：2017
【分类号】：TP311.52;TP393.09

【参考文献】