Abstract: The method using J2EE security mechanisms to support RBAC is shown in this paper. First, the configuration of J2EE security systems is given in the paper and the algorithm of J2EE authorization decision is designed. Then, the language of J2EE security description is used to define RBAC, and the realization of the requirement of J2EE security service is given. It has achieved the anticipative effect in virtue of deployment and application on the platform of the national science technology infrastructure.

Key words: RBAC, J2EE, Access control, Authorization

摘要： 实现了用J2EE安全机制来支持RBAC模型的方法。给出了J2EE保护系统的配置，并设计一个鉴权决定算法。用J2EE安全的描述语言定义了RBAC模型，给出了实现J2EE安全服务的需求。通过在国家科技基础条件平台的部署和应用，取得了预期的效果。

关键词: RBAC, J2EE, 访问控制, 鉴权

CLC Number: 

• TP393