Journal of East China Normal University(Natural Sc ›› 2018, Vol. 2018 ›› Issue (3): 109-120.doi: 10.3969/j.issn.1000-5641.2018.03.012

Previous Articles     Next Articles

Design and implementation of an authorization system for a graduate school information

GU Hang1, XIA Fan1, SONG Shu-bin2, XIAO Li-min2, DONG Qi-wen1, XU Lin-hao3, ZHOU Ao-ying1   

  1. 1. School of Data Science and Engineering, East China Normal University, Shanghai 200062, China;
    2. Graduate School, East China Normal University, Shanghai 200062, China;
    3. Infosys Technologies China Ltd, Shanghai 200135, China
  • Received:2017-09-19 Online:2018-05-25 Published:2018-05-29

Abstract: Authentication and authorization are critical to ensuring the security of data and services in software systems. To satisfy the need for authorization management during the development of the next generation information platform for East China Normal University's Graduate School, this paper proposes an access domain-based authorization module and uses Spring Security components to implement a hierarchical, configurable, high-performance privilege interceptor. The approach can effectively defend against popular network attacks, such as session attacks and CSRF, guarantee low latency for web service access, and provide a flexible way to meet the frequently changing authorization requirements of faculty from different schools and departments.

Key words: authorization, authority management, access domain model

CLC Number: