针对传统基于角色的访问控制系统在面向中小企业应用中的不足,设计了一个面向中 小企业的基于WebServices 的轻量级RBAC 系统。利用动态AOP 技术将权限验证实现为方面,通过对WebServices 动态织入方面实现RBAC 核心的重用,提高了RBAC 系统的通用性。 关键词:基于角色的访问控制(RBAC);面向方面程序设计(AOP);方面;Abstract:Aiming at drawbacks of using traditional RBAC systems in middling and minitype company oriented applications, this paper designs a lightweight RBAC system based on the WebServices. Implementing privileges validation as aspects by the dynamic AOP technology ,then dynamically weaving aspects in the WebServices implements the reuse of the core of the RBAC system and improves the commonability of the RBAC system. Keyword:Role-Based Access Control;Aspect-Oriented Programming;Asepct;WebServices