中文摘要：

反射中间件为改进基于中间件的系统的适应性在运行时刻开创中间件站台和应用程序的实现细节。然而，如此的坦诚带新挑战存取基于中间件的系统的控制。一些用户能经由反射实体存取系统，它不能被传统的中间件的存取控制机制有时保护。安全地交付高适应性，反射中间件应该为思考导致的潜在的存取控制洞与合适的存取控制机制被装备。在反射中间件集成这些机制的一个原因是反射中间件的一个目标是与思考能力装备应用程序尽可能透明的。这篇论文学习怎么设计反射 J2EE 中间件—有在头脑的存取控制的 PKUAS。起初，反射系统的一个计算模型被造识别思考导致的所有可能的存取控制点。包括 MBeans 和 Java 类装载器的一个层次的包纸，然后，一套存取控制机制为控制识别存取控制点被装备。和 J2EE 存取控制机制的这些机制为 PKUAS 形成存取控制框架。纸在质量和数量评估安全和框架的表演开销。电子增补材料这篇文章的联机版本(做 i：10.1007/s11390-008-9188-x ) 包含增补材料，它对授权用户可得到。

英文摘要：

Reflective middleware opens up the implementation details of middleware platform and applications at runtime for improving the adaptability of middleware-based systems. However, such openness brings new challenges to access control of the middleware-based systems. Some users can access the system via reflective entities, which sometimes cannot be protected by access control mechanisms of traditional middleware. To deliver high adaptability securely, reflective middleware should be equipped with proper access control mechanisms for potential access control holes induced by reflection. One reason of integrating these mechanisms in reflective middleware is that one goal of reflective middleware is to equip applications with reflection capabilities as transparent as possible. This paper studies how to design a reflective J2EE middleware -- PKUAS with access control in mind. At first, a computation model of reflective system is built to identify all possible access control points induced by reflection. Then a set of access control mechanisms, including the wrapper of MBeans and a hierarchy of Java class loaders, are equipped for controlling the identified access control points. These mechanisms together with J2EE access control mechanism form the access control framework for PKUAS. The paper evaluates the security and the performance overheads of the framework in quality and quantity.