CAJ | 학술논문

在企业级web系统的应用中，传统的用户权限管理的方法是按功能模块进行粗粒度分配，首先将系统中各个模块的操作权限赋予特定的角色，然后再将这些角色赋予某些用户。这种基于角色的权限管理缺少灵活性，不能做到“量身定制”；对于具有多种角色权限的用户来说，使用系统时会存在诸多不便，同时在系统扩展时权限管理与业务功能会相互影响，它会给程序员带来额外工作量。为了改进上述缺陷，本文提出利用Struts2、Spring3、Hibernate4等进行整合开发Web系统，通过权限管理拦截器对每个用户请求进行权限验证，使系统能够采用细粒度方式管理用户权限，增强权限管理的灵活性与系统的可扩展性。
재기업급web계통적응용중，전통적용호권한관리적방법시안공능모괴진행조립도분배，수선장계통중각개모괴적조작권한부여특정적각색，연후재장저사각색부여모사용호。저충기우각색적권한관리결소령활성，불능주도“량신정제”；대우구유다충각색권한적용호래설，사용계통시회존재제다불편，동시재계통확전시권한관리여업무공능회상호영향，타회급정서원대래액외공작량。위료개진상술결함，본문제출이용Struts2、Spring3、Hibernate4등진행정합개발Web계통，통과권한관리란절기대매개용호청구진행권한험증，사계통능구채용세립도방식관리용호권한，증강권한관리적령활성여계통적가확전성。
In the enterprise web application system, the access powers of user are used to be assigned on the basis of the function module of system in traditional methods. First, we used to assign the power of every module to different roles, and then these roles were assigned to some particular users. This access control technology based on roles lacks flexibility and cannot make to measure; it makes it very inconvenient for the user who has multiple roles in web application system. Furthermore, it will bring extra work in system expansion due to interaction effect of authority manage and business function. To improve the above-mentioned defect, this thesis puts forward methods of developing web system by integrating frameworks of Struts2, Spring3 and Hibernate4. It validates the log-in and permission of access for every request by the permission-interceptor. In this way, the web system can control user access powers in fine grain and Enhance the flexibility and expandability of system.