中文摘要：

随着现代企业信息化的发展，企业的各种信息系统日益庞大和复杂，系统安全形势也日益严峻，企业应用系统的每个环节都有可能遭到安全威胁，应用系统需要保护众多的资源，对认证和授权以及资源的访问控制管理变得越来越困难．因此，为企业提供一套易使用的、易扩展和易管理的企业应用安全框架湿得十分重要．本文深入研究了基于J2EE（Java 2 Platform，Enterprise Edition）的企业应用系统的安全问题，以RBAC（Role-Based Aceess Control）访问控制模型、Acegi安全框架为基础，从多维度组织机构、认证系统和授权系统三个方面设计与实现了一种具有通用性和高度可扩展性的安全架构方案，能够满足不同企业个性化的安全需求．该方案能够降低企业信息系统安全管理的复杂度，增强系统的安全性．

英文摘要：

With the development of the modern enterprise information technology, various enterprise application systems are becoming more and more complex, and the security issues are also becoming more prominent. It is extremely necessary to provide a security system which is easy to use, easy to manage and easy to expand for the enterprise. In this paper, we give an in depth study to the security issues of the J2EE（Java 2 Platform, Enterprise Edition） based enterprise application systems. Based on the RBAC （Role-Based Access Control） access control model and Acegi security framework, we design a versatile and highly scalable security architecture program which can meet the individual security needs of the different enterprise. This thesis is based on RBAC Model, the Acegi Security Framework and the structure of the existing UniEAP （Universal Enterprise Application Platform） syslem which is a universal enterprise application platform developed hy Neusoft Group Ltd. This thesis begins with the security of J2EE enterprise application platform and discusses how to deal with overall information security problems through several views and several layers, and gives us an overall scheme based on security technology and method. The security framework is divided into three parts： muhidimension organization structure, authentication system and authorization system. The thesis gives us a concrete design and implement from the aspects. Because eyery enterprise has different requirements, the security framework is a basic framework that just resolved to commonly security problems. At the same time, the security framework is a highly extensible framework. The design solution, which is put forward here, can reduce the complexity of authority management and strengthen the systematic security. The design and implementation will be also useful to other enterprise application platforms and other enterprise applications.