Segurança no frameweb: adicionando suporte a controle de acesso via papéis em um método de design baseado em frameworks e engenharia web

Abstract

FrameWeb is a method for the development of Web-based Information Systems whose architectures are based on popular types of frameworks, such as Front Controller, Depen dency Injection and Object/Relational Mapping frameworks. Also commonly used, Security Frameworks provide role-based access control through authentication and authorization features that can be reused if properly configured. In this work, we extend FrameWeb to support Security frameworks, allowing developers to model the aforementioned fea tures in architectural design models using a graphical editor and generating code for the configuration of the framework and related artifacts. The Role Based Access Control (RBAC) policy was used as a guideline for the extensions on the method. It proposes access control using roles that can be imbued to users inside an application, each role has a set of permissions for the execution of operations on system data. The proposal was first validated by generating code based on models and comparing with artifacts from real projects. A second validation was made by students of Computer Science, that used the proposals of this work to develop web applications with security frameworks, then provided feedback on the experiment