中文摘要：

目前的应用系统对其资源的访问控制往往与业务逻辑交织在一起,使访问控制模块开发和复用、系统维护及扩展变得复杂.针对SaaS模式下多租赁的特点,应用接口抽取方法与关注点分离思想,提出一种可以同时对多个系统进行访问控制管理,且满足SaaS模式下多租赁体系结构的可插拔的访问控制框架,给出了接口抽取法的形式化定义、插拔配置的方法和步骤、访问控制判定实现过程,在基本上不改变原应用系统程序的基础上,实现了对应用系统与访问控制框架的柔性连接.最后,通过一个会议系统的实例说明该框架的有效性.

英文摘要：

At present,application system often interweaves its resources＇ access control with its business logic,which makes the development,reuse,maintenance and expansion of the access control module complex.In the view of multi-tenant of SaaS model,the method of application interface extraction and thought of concern separation propose a hot plug access control architecture,which can carry on access control management to many systems simultaneously,and satisfy SaaS model＇s multi-tenant infrastructure.The architecture gives the method of interface extraction a formalized definition,gives hot plug a configuration method and steps,gives access control a criterion realization process,on the context of without changing original application system,realizing the flexible connection between application system and access control architecture.Finally,an instance of conference system is used to explain the validity of the framework.