Authentication and authorization are critical to ensuring the security of data and services in software systems.To satisfy the need for authorization management during the development of the next generation information platform for East China Normal University's Graduate School,this paper proposes an access domain-based authorization module and uses Spring Security components to implement a hierarchical,configurable,high-performance privilege interceptor.The approach can effectively defend against popular network attacks,such as session attacks and CSRF,guarantee low latency for web service access,and provide a flexible way to meet the frequently changing authorization requirements of faculty from different schools and departments.%认证与授权是保障软件系统中数据与服务安全的重要机制.在研发下一代华东师范大学研究生院信息管理系统的过程中,针对新的业务需求(如学籍异动管理和预毕结业审核等流程审批管理),设计了一种基于访问域模型的权限管理模块,结合Spring Security组件实现了一种多层级、可配置、高性能的权限拦截器,有效地解决了用户认证与授权问题.该权限管理模块在实际使用中不会给Web服务请求带来响应延迟问题,能够防御常见的网络攻击(如会话攻击或跨域请求伪造),而且可以灵活地满足华东师范大学各个院系和职能部门在使用研究生院信息平台过程中经常发生的用户授权变更需求.
展开▼
