[go: up one dir, main page]

CN120654260A - CMS system file protection method, device, system and storage medium - Google Patents

CMS system file protection method, device, system and storage medium

Info

Publication number
CN120654260A
CN120654260A CN202510301737.5A CN202510301737A CN120654260A CN 120654260 A CN120654260 A CN 120654260A CN 202510301737 A CN202510301737 A CN 202510301737A CN 120654260 A CN120654260 A CN 120654260A
Authority
CN
China
Prior art keywords
security manager
file
access request
cms system
application
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202510301737.5A
Other languages
Chinese (zh)
Inventor
李传咏
陈宁
武志强
王业超
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xi'an Webber Software Co ltd
Original Assignee
Xi'an Webber Software Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xi'an Webber Software Co ltd filed Critical Xi'an Webber Software Co ltd
Priority to CN202510301737.5A priority Critical patent/CN120654260A/en
Publication of CN120654260A publication Critical patent/CN120654260A/en
Pending legal-status Critical Current

Links

Landscapes

  • Storage Device Security (AREA)

Abstract

本申请公开一种CMS系统文件防护方法、装置、系统及存储介质,涉及文件防护技术领域。该方法包括通过继承Java的SecurityManager类配置安全管理器,将安全管理器编译为二进制文件,并进行非对称加密生成dat文件;启动CMS系统时,解密dat文件得到安全管理器,并应用到应用程序中;通过Map数据结构定义访问权限,加载安全管理器的权限信息;当应用程序发出访问请求时,通过Map查找并验证权限,根据结果处理请求;此外,还启动监控功能记录访问日志,并定义报警机制,在检测到异常时及时进行通知。本申请实施例确保了安全管理器本身的安全性,防止了被恶意篡改或泄露的风险,还提高了系统的可靠性和稳定性。

The present application discloses a CMS system file protection method, device, system and storage medium, which relates to the field of file protection technology. The method includes configuring a security manager by inheriting Java's SecurityManager class, compiling the security manager into a binary file, and performing asymmetric encryption to generate a dat file; when the CMS system is started, the dat file is decrypted to obtain the security manager and applied to the application; access rights are defined through a Map data structure, and the permission information of the security manager is loaded; when the application issues an access request, the permission is searched and verified through the Map, and the request is processed according to the result; in addition, a monitoring function is started to record access logs, and an alarm mechanism is defined to promptly notify when an anomaly is detected. The embodiment of the present application ensures the security of the security manager itself, prevents the risk of malicious tampering or leakage, and improves the reliability and stability of the system.

Description

CMS system file protection method, device, system and storage medium
Technical Field
The application belongs to the technical field of file protection, and particularly relates to a CMS system file protection method, device, system and storage medium.
Background
The CMS is an important component of the system to function properly as a content management system. If the content file is unsafe, the risk of illegal access, tampering or leakage is raised, which not only damages the privacy of the user, but also can cause legal disputes and seriously damages the credit of the system. Secondly, the instability of the system file can cause abnormal functions, such as slow page loading, wrong content display and the like, which directly affect the user experience and even can cause loss of the user. Finally, insufficient reliability of the file threatens the integrity and consistency of the data, and once the data is damaged, recovery becomes difficult, thereby affecting the continuity of the service and the data recovery capability.
In the prior art, CMS system files are typically protected by a Policy file based access control system (Policy-Based Access Control, PBAC), which is a system that uses Policy files to define, manage and enforce access control rules, a file integrity verification system (FILE INTEGRITY Verification System), and an Access Control List (ACL) based file protection scheme, which evaluates the user's access request according to the rules in the Policy files and decides whether to allow the user to access a particular resource based thereon. These rules may be formulated based on the identity, role, attributes of the user, and the context conditions of the access. The policy file is the core component of the system and contains all access control rules. These rules are typically written in a structured format (e.g., XML, JSON, etc.) to facilitate system parsing and execution, and a file integrity verification system periodically performs integrity verification on the file to ensure that the hash value or signature of the file matches the expected value. If a file is tampered or damaged, the system will immediately give an alarm and take corresponding recovery measures, and the access control list-based file protection scheme limits the access rights of users to the file by defining an access control list for each file, and the ACL may contain a plurality of entries, each entry specifying a user or role and its corresponding access rights. When a user attempts to access a file, the system will check the ACL to determine if the user has the corresponding rights.
However, the access control system based on policy files faces security risks for storing, transmitting and processing policy files, physical environment, rights management, network attack, encryption deficiency and the like may cause policy files to be exposed, definition and management of policies may become very complex, particularly in a large-scale CMS system, a large number of policies and rules need to be processed, conflicts or redundancies may exist among different policies, which increase difficulty in policy management and may cause security holes, and a file integrity checking system generally has no function of managing other types of resources except for verifying the integrity of the files, and for other types of resources (such as network requests, user rights and the like), such systems cannot provide direct support or verification, if the checking system cannot detect tampering or damage of the files in real time, a certain hysteresis exists, which may cause serious consequences such as data loss, system, legal disputes and the like for the CMS, and in a file protection scheme based on access control lists, checking of ACLs needs to consume system resources, particularly in a traffic peak period. Too complex ACLs may affect the performance of the device, resulting in problems with data transmission delays or packet loss, and ACLs need to be updated continually to accommodate new security requirements, which may result in high maintenance costs and time investment.
Disclosure of Invention
The application aims to provide a CMS system file protection method, a device, a system and a storage medium, which enhance the file protection capability of the CMS system through a self-defined security manager, ensure that only an application program with proper authority can access system files, and simultaneously provide a log record and alarm mechanism to track and cope with abnormal problems.
In order to achieve the above object, the solution of the present application is:
in a first aspect, an embodiment of the present application provides a CMS system file protection method, including:
Configuring a security manager by inheriting a security manager class of Java;
compiling the security manager into a binary file, and asymmetrically encrypting the binary file to generate a dat file;
Starting a CMS system, decrypting the dat file through a private key, restoring to obtain a binary file, decoding the binary file to obtain a security manager, and applying the security manager to an application program through a Java reflection mechanism;
Defining access rights through a Map data structure, starting an application program, reading rights information of a security manager, and loading the rights information of the security manager into the Map data structure;
When an application program sends an access request to a CMS system, corresponding authority information is searched in a Map through a Key, value checking and verification are carried out if the corresponding authority information is searched, a verification result is obtained, the access request is processed according to the verification result, and if the corresponding authority information is not searched, the access request is refused.
The method according to the embodiment of the application can also have the following additional technical characteristics:
Further, when an application program sends an access request to the CMS system, searching corresponding authority information in the Map through the Key, and if the corresponding authority information is found, performing Value checking and verification to obtain a verification result, and processing the access request according to the verification result, including:
If the verification result is that Value is a permission judgment object, verifying according to permission setting of the permission judgment object, judging whether permission of the application program meets the access request, and if so, allowing the access request;
If the verification result is that Value is an empty string, the access request is allowed.
Further, the method comprises the steps of:
And starting a monitoring function of the security manager, recording the access request, generating a record log, configuring the storage position and the format of the record log, and tracking and positioning the abnormal problem by checking the record log when the abnormal problem occurs.
Further, the method comprises the steps of:
defining an alarm mechanism, configuring a sending mode and a receiving object of the alarm mechanism, and triggering the alarm mechanism when an abnormal problem is detected.
In a second aspect, an embodiment of the present application provides a CMS system file protection device, including:
A management definition module configured to configure a security manager by inheriting a security manager class of Java;
The compiling and encrypting module is configured to compile the security manager into a binary file, and asymmetrically encrypt the binary file to generate a dat file;
The management application module is configured to start the CMS system, decrypt the dat file through a private key, restore the dat file to obtain a binary file, decode the binary file to obtain a security manager, and apply the security manager to an application program through a Java reflection mechanism;
The permission loading module is configured to define access permissions through the Map data structure, start an application program, read permission information of the security manager and load the permission information of the security manager into the Map data structure;
The permission verification module is configured to search corresponding permission information in the Map through the Key when the application program sends an access request to the CMS system, and if the corresponding permission information is searched, value checking and verification are performed to obtain a verification result, and the access request is processed according to the verification result; if the corresponding authority information is not found, rejecting the access request;
If the verification result is that Value is a permission judgment object, verifying according to permission setting of the permission judgment object, judging whether permission of the application program meets the access request, and if so, allowing the access request;
If the verification result is that Value is an empty string, the access request is allowed.
In a third aspect, an embodiment of the present application provides a CMS system file protection system, where the system includes a processor and a memory, where the memory stores a computer program, and the computer program is loaded and executed by the processor to implement a CMS system file protection method as provided in the first aspect of the embodiment of the present application.
In a fourth aspect, an embodiment of the present application provides a computer readable storage medium, where a computer program is stored, where the computer program is configured to implement a CMS system file protection method according to the first aspect of the embodiment of the present application when executed by a processor.
Compared with the prior art, the CMS system file protection method provided by the embodiment of the application has the following beneficial technical effects:
The embodiment of the application provides an additional security layer for the CMS system by inheriting the Java security manager class and configuring the security manager, and the method can control the access of the application program to the system resource in a fine granularity manner to prevent unauthorized access and operation, and asymmetrically encrypts the binary file of the security manager, thereby ensuring the security of the security manager and preventing the risk of malicious tampering or leakage.
The embodiment of the application defines the access rights by using the Map data structure, so that the rights management is more flexible and expandable, an administrator can easily add, modify or delete the rights rule according to the needs, and the Key searches the corresponding rights information in the Map and verifies the rights information based on the Value, thereby realizing the accurate control of the access request and being beneficial to ensuring that only an application program with proper rights can access specific system resources.
The embodiment of the application records the access request by starting the monitoring function of the security manager and generating the record log, thereby being beneficial to an administrator to track and audit the behavior of the application program and ensuring the compliance and the security of the system, and the storage position and the format of the record log are configured and an alarm mechanism is defined, so that the administrator can quickly locate the problem and take proper measures when the abnormal problem occurs.
The embodiment of the application applies the security manager to the application program through a Java reflection mechanism, and the method has high flexibility and expandability, so that the system can easily adapt to the continuously changing security requirement, and the configuration of the alarm mechanism can enable the manager to be notified immediately when the abnormal problem is detected, thereby timely taking measures to solve the problem and improving the reliability and stability of the system.
Drawings
FIG. 1 is a flow chart of a method for protecting CMS system files according to an embodiment of the present application;
FIG. 2 is a block diagram illustrating the structure of a CMS system file protector according to an embodiment of the present application;
FIG. 3 shows a block diagram of a computer device of an embodiment of the application.
Detailed Description
In order that the above objects, features and advantages of the application will be readily understood, a more particular description of the application will be rendered by reference to the appended drawings. It is to be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the application. It should be further noted that, for convenience of description, only some, but not all of the structures related to the present application are shown in the drawings. All other embodiments, which can be made by those skilled in the art based on the embodiments of the application without making any inventive effort, are intended to be within the scope of the application.
The terms "comprising" and "having" and any variations thereof herein are intended to cover a non-exclusive inclusion. For example, a process, method, system, article, or apparatus that comprises a list of steps or elements is not limited to only those listed steps or elements but may include other steps or elements not listed or inherent to such process, method, article, or apparatus.
Reference in the specification to "an embodiment" means that a particular feature, structure, or characteristic described in connection with the embodiment may be included in at least one embodiment of the application. The appearances of such phrases in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments mutually exclusive of other embodiments. Those of skill in the art will explicitly and implicitly appreciate that the described embodiments of the application may be combined with other embodiments.
As shown in fig. 1, an embodiment of the present application provides a CMS system file protection method, including the following steps:
step 101, configuring a security manager by inheriting the security manager class of Java.
The Java SecurityManager class is a powerful security mechanism that allows developers to customize security policies by inheriting and rewriting their methods. In the CMS system file protection method, inheriting the SecurityManager class and configuring the security manager is a fundamental step in enhancing system security.
The SecurityManager class provides methods that can be invoked when Java programs perform certain operations, and by inheriting and rewriting the methods, developers can customize security policies, such as restricting file access, network access, and the like. In CMS systems, security of files and data is critical. By configuring the security manager, a developer can ensure that only applications with the proper rights can access sensitive files and data.
First, a new class needs to be created that inherits from the SecurityManager class. In this new class, the methods in the SecurityManager class can be rewritten to define its own security policies.
In a Java program, the security manager may be set by calling a system. This method accepts a SecurityManager object as a parameter and sets it as the security manager of the current Java virtual machine.
In configuring the security manager, it is also necessary to define which operations are allowed and which are forbidden. Typically by defining and associating rights classes (e.g., filePermission, socketPermission, etc.) with particular code sources (e.g., class loaders, code locations, etc.).
In the CMS system file protection method, the main purpose of inheriting the SecurityManager class and configuring the security manager is to ensure the security of files and data. By overwriting the methods in the SecurityManager class, a developer can customize security policies, such as restricting access to particular files, monitoring file access requests, and the like. When an application attempts to access a file, the security manager checks whether the operation complies with a defined security policy and allows or denies the access request depending on the check result.
In summary, by inheriting the Java's SecurityManager class and configuring the security manager, a developer can customize security policies, enhance the security of the CMS system, and ensure that files and data are not accessed by unauthorized applications.
Step 102, compiling the security manager into a binary file, and asymmetrically encrypting the binary file to generate a dat file.
In the CMS system file protection method, a security manager is compiled into a binary file, and the binary file is asymmetrically encrypted to generate a dat file, which is an important step for enhancing the security of the system.
First, the security manager is configured by inheriting the security manager class of Java. This security manager is responsible for defining and enforcing security policies in the CMS system, ensuring that only authorized applications can access system resources.
Next, in order to embed this security manager into the CMS system, it needs to be compiled into a binary file. Binary files are file formats that can be directly executed by a computer, and by compiling, the source code of the security manager can be converted into machine code that can be understood by the computer.
However, merely compiling the security manager into a binary file is not sufficient to guarantee its security. Because if this binary is obtained by an unauthorized user, they may obtain the source code of the security manager by decompilation or the like, bypassing the security policy. Thus, after compiling the security manager into a binary, it also needs to be asymmetrically encrypted.
Asymmetric encryption is a method of encrypting and decrypting information using public and private keys. In this scenario, the binary file may be encrypted using a public key to generate an encrypted file (i.e., dat file). Thus, even if an unauthorized user obtains the dat file, they cannot directly read the contents therein because they do not have the corresponding private key to decrypt the file.
When the CMS system is started, it decrypts the dat file using the corresponding private key, and restores the original binary file. This binary file is then decoded to obtain an instance of the security manager. Finally, this security manager is applied to the application in the CMS system by the Java reflection mechanism.
In summary, compiling the security manager into a binary file, and asymmetrically encrypting the binary file to generate the dat file is an important step in the CMS system file protection method. This step ensures the security and integrity of the security manager, thereby improving the overall security of the CMS system.
And step 103, starting the CMS system, decrypting the dat file through a private key, restoring to obtain a binary file, decoding the binary file to obtain a security manager, and applying the security manager to an application program through a Java reflection mechanism.
In the CMS system file protection method, it is a critical process to start the CMS system and load and apply the security manager through a series of steps.
First, the CMS system (content management system) is started, which is the starting point of the whole file protection method and the basis on which the subsequent steps can be performed. After the CMS system is started, the next step is to decrypt the dat file generated by previous encryption with the private key. This dat file contains a binary representation of the security manager, but before that it has been asymmetrically encrypted to protect its security. Decryption using a private key is a key step in recovering the original binary file.
The decrypted dat file is effectively a binary file that contains the code of the security manager. The next step is therefore to decode this binary file to recover the original security manager object. This process involves converting the binary data back into bytecodes that can be recognized by the Java virtual machine.
After the security manager object is obtained, it is next applied to the application program by a Java reflection mechanism. Reflection is a powerful feature of Java that allows programs to dynamically obtain class information, call methods, access fields, etc. at run-time. In this scenario, the reflection is used to inject a security manager object into the context of the application, enabling it to monitor and control the application's access to the resource.
The security manager plays a very important role in Java. It is a class that can monitor and control the security actions of Java applications. By inheriting the Java's SecurityManager class and configuring the corresponding entitlement policies, a developer can control, at a fine granularity, which operations an application can perform, which resources are accessed, and so forth. This is particularly important in protecting CMS system files from unauthorized access or modification.
In practical applications, this process requires secure storage and management of private keys to prevent unauthorized decryption and access. Furthermore, the process of decoding the binary and applying the security manager by reflection also requires careful handling to ensure that new security risks or performance issues are not introduced.
In summary, starting the CMS system and decrypting the dat file with the private key, restoring and decoding the binary file, and applying the security manager with the Java reflection mechanism are key steps in the CMS system file protection method. These steps together form the basis for protecting the security of the CMS system files.
And 104, defining access rights through the Map data structure, starting an application program, reading the rights information of the security manager, and loading the rights information of the security manager into the Map data structure.
In the CMS system file protection method, this step ensures that the system can manage and verify application access requests to system resources in a structured and efficient manner.
First, the Map data structure is a set of Key-Value pairs (Key-Value) that allow corresponding values to be quickly looked up by keys. In this scenario, maps are used to define and store access rights. Each key represents a particular resource or operation, and each value represents access rights to that resource or operation.
When an application is started, the system reads the rights information of the security manager. This rights information is defined during the security manager configuration process and reflects the operations that the application is authorized to perform and the resources that are accessed.
These rights information are then loaded into the Map data structure. This means that each right is assigned a unique key and is associated with its corresponding value (i.e. access right). Thus, when an application makes an access request to the CMS system, the system can quickly determine whether the application has the right to perform the operation by looking up the Map.
The benefit of this procedure is that it provides a flexible and extensible way to manage access rights. With the development of the system and the addition of new functions, new key value pairs can be easily added into maps to define new access rights. Meanwhile, since Map lookup operations are generally very efficient, this step does not introduce significant performance overhead, ensuring that the system can manage access rights of applications in a structured and efficient manner.
Step 105, when the application program sends an access request to the CMS system, searching corresponding authority information in the Map through the Key, if the corresponding authority information is found, performing Value check and verification to obtain a verification result, processing the access request according to the verification result, and if the corresponding authority information is not found, rejecting the access request.
When an application makes an access request to the CMS system, the system first looks up the corresponding rights information in the Map data structure using a Key (typically a specific identifier or path).
The Map data structure is predefined and used for storing various authority information, wherein Key corresponds to an application program or a resource identifier, and Value corresponds to specific authority information.
If the corresponding authority information is found in the Map, the system further checks and verifies the Value. The validation process will determine the specific validation logic based on the type and content of Value.
Specifically, if Value is a FilePermission object, then the system will verify based on the rights settings for this object. FilePermission objects typically contain rights to read and write execution of files or directories. The system determines whether the rights of the application meet the requirements of the access request. If so, the access request is allowed, and if not, the access request is denied.
If Value is an empty string, this typically means that the resource or operation has no particular rights restrictions. In this case, the system will allow the access request.
And according to the verification result, the system can make corresponding processing. If the authentication is passed, the access request is allowed, and if the authentication is not passed, the access request is denied. If an abnormal problem occurs in the process of searching the authority information or verifying (such as that the corresponding Key and Value types are not correct in the Map, etc.), the system also performs corresponding processing, such as log recording, alarm triggering mechanism, etc.
This rights verification process is one of the cores of the CMS system file protection method, which ensures that only applications with corresponding rights can access a specific resource or perform a specific operation. This helps to protect the security and stability of the system from unauthorized access and operation.
In practical application, the authority verification process can be used for various scenes needing authority management, such as access control of a file system, operation authority management of a database and the like. By reasonably configuring parameters such as Map data structures, filePermission objects and the like, a flexible and fine authority control strategy can be realized.
In summary, the security and stability of the system are ensured by searching the authority information in the Map, checking and verifying the Value, processing the access request according to the verification result, and the like.
Further, the embodiment of the application also comprises a monitoring function of starting the security manager, wherein the function aims at recording all access requests and generating a corresponding record log. The logs not only record each access request in detail, but also include key information such as time, source, target resource and the like of the request. In addition, the user may configure the storage location and format of the logs so that they can be quickly found and viewed when needed.
Logging is an important component of system security. When an abnormal problem occurs, a system administrator can quickly locate the source of the occurrence of the problem by looking up the log, and know the occurrence process and the influence range of the problem, so that corresponding measures are taken to repair and prevent the problem. This not only helps to improve the safety of the system, but also improves the efficiency of solving the problem.
In practical applications, the function of logging can be used for various scenes needing monitoring and auditing. For example, when the system detects that an application frequently attempts to access a resource that is not rights protected, an administrator may confirm this by looking at the log and take appropriate action to prevent potential security risks.
Further, the method also comprises defining an alarm mechanism and configuring a sending mode and a receiving object of the alarm mechanism. When the system detects that an abnormal problem occurs, such as unauthorized access attempt, resource abuse and the like, an alarm mechanism is immediately triggered, and alarm information is sent to a designated receiving object in a preset mode (such as a short message, a mail, an instant messaging tool and the like).
The alarm mechanism is another line of defense for system security. By sending the alarm information in time, the system can ensure that an administrator or related responsible person can know the occurrence of the problem at the first time, so that measures are quickly taken to deal with the problem, potential safety risks are reduced, and the integrity of the system and the confidentiality of data are protected.
The alarm mechanism can be applied to various scenes requiring real-time monitoring and quick response. For example, when the system detects that a certain key resource is illegally accessed or tampered, an alarm mechanism can be triggered immediately to inform relevant responsible persons to carry out emergency treatment. In addition, the alarm mechanism can be integrated with other safety systems (such as an intrusion detection system, a firewall and the like) to realize more comprehensive and efficient safety protection.
In summary, the monitoring function of the security manager, the log record and the definition and configuration of the alarm mechanism together form a solid defense line of system security, and the stability of the system and the security of data are ensured.
As shown in fig. 2, an embodiment of the present application provides a CMS system file protection device, which includes a management definition module 201, a compilation encryption module 202, a management application module 203, a rights loading module 204, and a rights verification module 205, wherein:
a management definition module 201 configured to configure a security manager by inheriting a security manager class of Java;
a compiling and encrypting module 202 configured to compile the security manager into a binary file, and asymmetrically encrypt the binary file to generate a dat file;
The management application module 203 is configured to start the CMS system, decrypt the dat file through the private key, restore the dat file to obtain a binary file, decode the binary file to obtain a security manager, and apply the security manager to the application program through a Java reflection mechanism;
The permission loading module 204 is configured to define access permissions through the Map data structure, start an application program, read permission information of the security manager, and load the permission information of the security manager into the Map data structure;
the permission verification module 205 is configured to, when the application program sends an access request to the CMS system, search corresponding permission information in the Map through the Key, if the corresponding permission information is found, perform Value checking and verification to obtain a verification result, and process the access request according to the verification result;
If the verification result is that Value is a permission judgment object, verifying according to permission setting of the permission judgment object, judging whether permission of the application program meets the access request, and if so, allowing the access request;
if the verification result is that Value is an empty string, the access request is allowed. The CMS system file protection device provided in the embodiment of the present application can implement each process implemented by the embodiment of the CMS system file protection method in fig. 1, and in order to avoid repetition, a detailed description is omitted here.
The embodiment of the present application further provides a computer device, as shown in fig. 3, where the computer device includes a processor 301 and a memory 302, and a program or an instruction that can be executed on the processor 301 is stored in the memory 302, and when the program or the instruction is executed by the processor 301, each step of the CMS system file protection method is implemented, and the same technical effect can be achieved, so that repetition is avoided, and no further description is given here.
The embodiment of the present application also provides a readable storage medium, where a program or an instruction is stored, where the program or the instruction when executed by a processor implements each process of the embodiment of the CMS system file protection method, and the same technical effects can be achieved, and for avoiding repetition, a detailed description is omitted herein.
It should be noted that, in the present application, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element. Furthermore, it should be noted that the scope of the methods and apparatus in the embodiments of the present application is not limited to performing the functions in the order shown or discussed, but may also include performing the functions in a substantially simultaneous manner or in an opposite order depending on the functions involved, e.g., the described methods may be performed in an order different from that described, and various steps may be added, omitted, or combined. Additionally, features described with reference to certain examples may be combined in other examples.
The embodiments of the present application have been described above with reference to the accompanying drawings, but the present application is not limited to the above-described embodiments, which are merely illustrative and not restrictive, and many forms may be made by those having ordinary skill in the art without departing from the spirit of the present application and the scope of the claims, which are to be protected by the present application.

Claims (7)

1.一种CMS系统文件防护方法,其特征在于,所述方法包括:1. A CMS system file protection method, characterized in that the method comprises: 通过继承Java的SecurityManager类,配置安全管理器;Configure the security manager by inheriting Java's SecurityManager class; 将所述安全管理器编译为二进制文件,并对所述二进制文件进行非对称加密,生成dat文件;Compile the security manager into a binary file, and perform asymmetrical encryption on the binary file to generate a dat file; 启动CMS系统,通过私钥对所述dat文件进行解密,还原得到所述二进制文件,并对所述二进制文件进行解码,得到所述安全管理器,通过Java的反射机制,将所述安全管理器应用到应用程序中;Starting the CMS system, decrypting the dat file using a private key to restore the binary file, decoding the binary file to obtain the security manager, and applying the security manager to the application through Java's reflection mechanism; 通过Map数据结构定义访问权限,启动所述应用程序,并读取所述安全管理器的权限信息,将所述安全管理器的权限信息加载至所述Map数据结构中;Defining access rights through a Map data structure, starting the application, reading permission information of the security manager, and loading the permission information of the security manager into the Map data structure; 当所述应用程序向所述CMS系统发出访问请求时,通过Key在Map中查找对应的权限信息,若查找到对应的权限信息,则进行Value检查并进行验证,得到验证结果,根据所述验证结果处理所述访问请求;若未查找到对应的权限信息,则拒绝所述访问请求。When the application sends an access request to the CMS system, the corresponding permission information is searched in the Map through the Key. If the corresponding permission information is found, the Value is checked and verified to obtain a verification result, and the access request is processed according to the verification result; if the corresponding permission information is not found, the access request is rejected. 2.如权利要求1所述的CMS系统文件防护方法,其特征在于,所述当所述应用程序向所述CMS系统发出访问请求时,通过Key在Map中查找对应的权限信息,若查找到对应的权限信息,则进行Value检查并进行验证,得到验证结果,根据所述验证结果处理所述访问请求,包括:2. The CMS system file protection method according to claim 1, wherein when the application sends an access request to the CMS system, the corresponding permission information is searched in the Map by using the Key. If the corresponding permission information is found, the Value is checked and verified to obtain a verification result. The access request is processed according to the verification result, including: 若验证结果为Value是权限判断对象,则根据所述权限判断对象的权限设置进行验证,判断所述应用程序的权限是否满足所述访问请求,若满足,则允许所述访问请求;若不满足,则拒绝所述访问请求;If the verification result is that the Value is a permission judgment object, verification is performed based on the permission settings of the permission judgment object to determine whether the permissions of the application meet the access request. If so, the access request is allowed; if not, the access request is denied; 若验证结果为Value是空字符串,则允许所述访问请求。If the verification result is that the Value is an empty string, the access request is allowed. 3.如权利要求2所述的CMS系统文件防护方法,其特征在于,所述方法包括:3. The CMS system file protection method according to claim 2, wherein the method comprises: 启动所述安全管理器的监控功能,对所述访问请求进行记录,生成记录日志,并配置所述记录日志的存储位置和格式,当发生异常问题时,通过查看所述记录日志对所述异常问题进行追踪和定位。Start the monitoring function of the security manager, record the access request, generate a record log, and configure the storage location and format of the record log. When an abnormal problem occurs, track and locate the abnormal problem by viewing the record log. 4.如权利要求3所述的CMS系统文件防护方法,其特征在于,所述方法包括:4. The CMS system file protection method according to claim 3, wherein the method comprises: 定义报警机制,并配置所述报警机制的发送方式和接收对象,当检测到发生异常问题时,触发所述报警机制。Define an alarm mechanism and configure the sending method and receiving object of the alarm mechanism. When an abnormal problem is detected, the alarm mechanism is triggered. 5.一种CMS系统文件防护装置,其特征在于,所述装置包括:5. A CMS system file protection device, characterized in that the device comprises: 管理定义模块,被配置为用于通过继承Java的SecurityManager类,配置安全管理器;The management definition module is configured to configure the security manager by inheriting the Java SecurityManager class; 编译加密模块,被配置为用于将所述安全管理器编译为二进制文件,并对所述二进制文件进行非对称加密,生成dat文件;A compile encryption module is configured to compile the security manager into a binary file, and perform asymmetrical encryption on the binary file to generate a dat file; 管理应用模块,被配置为用于启动CMS系统,通过私钥对所述dat文件进行解密,还原得到所述二进制文件,并对所述二进制文件进行解码,得到所述安全管理器,通过Java的反射机制,将所述安全管理器应用到应用程序中;A management application module is configured to start the CMS system, decrypt the dat file using a private key to restore the binary file, decode the binary file to obtain the security manager, and apply the security manager to the application program through a Java reflection mechanism; 权限加载模块,被配置为用于通过Map数据结构定义访问权限,启动所述应用程序,并读取所述安全管理器的权限信息,将所述安全管理器的权限信息加载至所述Map数据结构中;a permission loading module configured to define access rights through a Map data structure, start the application, read permission information of the security manager, and load the permission information of the security manager into the Map data structure; 权限验证模块,被配置为用于当所述应用程序向所述CMS系统发出访问请求时,通过Key在Map中查找对应的权限信息,若查找到对应的权限信息,则进行Value检查并进行验证,得到验证结果,根据所述验证结果处理所述访问请求;若未查找到对应的权限信息,则拒绝所述访问请求;The permission verification module is configured to, when the application sends an access request to the CMS system, search for corresponding permission information in the Map using a key; if the corresponding permission information is found, perform a value check and verification to obtain a verification result; and process the access request based on the verification result; if the corresponding permission information is not found, reject the access request; 若验证结果为Value是权限判断对象,则根据所述权限判断对象的权限设置进行验证,判断所述应用程序的权限是否满足所述访问请求,若满足,则允许所述访问请求;若不满足,则拒绝所述访问请求;If the verification result is that the Value is a permission judgment object, verification is performed based on the permission settings of the permission judgment object to determine whether the permissions of the application meet the access request. If so, the access request is allowed; if not, the access request is denied; 若验证结果为Value是空字符串,则允许所述访问请求。If the verification result is that the Value is an empty string, the access request is allowed. 6.一种CMS系统文件防护系统,所述系统包括处理器和存储器,所述存储器中存储有计算机程序,其特征在于,所述计算机程序由所述处理器加载并执行,以实现如权利要求1至4任一项所述的CMS系统文件防护方法。6. A CMS system file protection system, the system comprising a processor and a memory, wherein a computer program is stored in the memory, and wherein the computer program is loaded and executed by the processor to implement the CMS system file protection method according to any one of claims 1 to 4. 7.一种计算机可读存储介质,所述存储介质中存储有计算机程序,其特征在于,所述计算机程序被处理器执行时,用于实现如权利要求1至7任一项所述的CMS系统文件防护方法。7. A computer-readable storage medium storing a computer program, wherein the computer program, when executed by a processor, is used to implement the CMS system file protection method according to any one of claims 1 to 7.
CN202510301737.5A 2025-03-14 2025-03-14 CMS system file protection method, device, system and storage medium Pending CN120654260A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202510301737.5A CN120654260A (en) 2025-03-14 2025-03-14 CMS system file protection method, device, system and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202510301737.5A CN120654260A (en) 2025-03-14 2025-03-14 CMS system file protection method, device, system and storage medium

Publications (1)

Publication Number Publication Date
CN120654260A true CN120654260A (en) 2025-09-16

Family

ID=97001910

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202510301737.5A Pending CN120654260A (en) 2025-03-14 2025-03-14 CMS system file protection method, device, system and storage medium

Country Status (1)

Country Link
CN (1) CN120654260A (en)

Similar Documents

Publication Publication Date Title
CN109923548B (en) Method, system and computer program product for implementing data protection by supervising process access to encrypted data
KR101067399B1 (en) One or more computer readable media storing a method, system and a plurality of instructions implemented in a computing device for storage and retrieval of data based on symmetric key encryption.
KR100996784B1 (en) One or more computer readable media storing a method, system and a plurality of instructions implemented in a computing device for storage and retrieval of data based on public key encryption.
US9075984B2 (en) Secure system for allowing the execution of authorized computer program code
Dwoskin et al. Hardware-rooted trust for secure key management and transient trust
JP4089171B2 (en) Computer system
US7330981B2 (en) File locker and mechanisms for providing and using same
US7712135B2 (en) Pre-emptive anti-virus protection of computing systems
KR101414580B1 (en) A Secured Linux Operationg System Using Multi-level Security
KR101373542B1 (en) System for Privacy Protection which uses Logical Network Division Method based on Virtualization
CN104318176A (en) Terminal and data management method and device thereof
Pramanik et al. Security policies to mitigate insider threat in the document control domain
Morovati et al. A network based document management model to prevent data extrusion
WO2023169409A1 (en) Model invoking method and apparatus, and storage medium
US7694154B2 (en) Method and apparatus for securely executing a background process
CN119182589A (en) Method and related device for transmitting mobile medium data on trusted DCS (distributed control system) upper computer
CN120654260A (en) CMS system file protection method, device, system and storage medium
JP2009070159A (en) File carrying-out control method, information processor, and program
CN118921661A (en) High-security Bluetooth digital key storage management method based on mobile terminal TEE
da Silveira Serafim et al. Restraining and repairing file system damage through file integrity control

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination