Abstract
Authentication and authorization are the two aspects of Spring security system, and they are shortcomings. In this paper, we study the spring security mechanism and some improvements and optimizations based on JSON Web Token and RBAC model. Furthermore, a trust RBAC model is proposed, and we expounded its structure from direct trust and indirect trust. The simulation results show that the method we proposed has a good effect.
The paper is partly supported by NSFC No. 61773206, No. 61272420.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Young, T.: Ministers back web security position Author. Computing, pp. 123–143 (2008)
Messmer, E.: Major flaw in Java-based Spring Framework allows remote-code execution by attackers. Network World (Online), pp. 74–91(2013)
Wang, S.-Q., et al.: The web security password authentication based the single-block hash functio. IERI Procedia 4, 13–20 (2013)
Jánoky, L.V., et al.: An analysis on the revoking mechanisms for JSON Web Tokens. Int. J. Distrib. Sensor Netw. 14, 53–66 (2018)
Hsu, F.-H., et al.: Web security in a windows system as privacy defender in private browsing mode. Multimedia Tools Appl. 74(5), 65–78 (2015). https://doi.org/10.1007/s11042-014-2003-5
Moon, C.-J., et al.: Symmetric RBAC model that takes the separation of duty and role hierarchies into consideration. Comput. Secur. 23(2), 85–99 (2003)
Yang, Z., et al.: Model of domain based RBAC and supporting technologies. J. Comput. 8(5), 74–90 (2013)
Kim, K., Lee, K.: Real-time processing of spatial attribute information for mobile web based on standard web framework and HTML5. Spatial Inf. Res. 24(2), 93–101 (2016). https://doi.org/10.1007/s41324-016-0011-4
Ghafoorian, M., et al.: A thorough trust and reputation based RBAC model for secure data storage in the cloud. IEEE Trans. Parallel Distrib. Syst. 30(4), 778–788 (2019)
Zheng, H.: Design and implementation of business process driven fine-grained authority control system. Shandong University (2017)
Kirda, E., et al.: Client-side cross-site scripting protection. Comput. Secur. 28(7), 65–71 (2009)
Liang, L.: Design and implementation of mobile application management system based on RBAC security model. University of Electronic Science and Technology (2016)
Pan, N., et al.: An efficiency approach for RBAC reconfiguration with minimal roles and perturbation. Concurr. Comput.: Pract. Exp. 30(11), 177–185 (2018)
Acknowledgements
This research was partly supported by NSFC No. 61773206, No. 61272420.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Zhang, G., Zhang, M., Fan, X. (2020). Improvements Based on JWT and RBAC for Spring Security Framework. In: Yu, S., Mueller, P., Qian, J. (eds) Security and Privacy in Digital Economy. SPDE 2020. Communications in Computer and Information Science, vol 1268. Springer, Singapore. https://doi.org/10.1007/978-981-15-9129-7_9
Download citation
DOI: https://doi.org/10.1007/978-981-15-9129-7_9
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-15-9128-0
Online ISBN: 978-981-15-9129-7
eBook Packages: Computer ScienceComputer Science (R0)