<> "The repository administrator has not yet configured an RDF license."^^ . <> . . . "VeRA: Verifying RBAC and authorization constraints models of web applications"^^ . "The software security issue is being paid great attention from the software development community as security violations have emerged variously. Developers\r\noften use access control techniques to restrict some security breaches to software\r\nsystems’ resources. The addition of authorization constraints to the role-based\r\naccess control model increases the ability to express access rules in real-world\r\nproblems. In this paper, we introduce an approach to reviewing the implementation of these models in web applications written by JavaEE according to the MVC\r\narchitecture under the support of the Spring Security framework. The proposed\r\nmethod helps developers detect flaws in the assignment implementation process\r\nof the models. Firstly, the approach focuses on extracting the information about\r\nusers and roles from the database of the web application. We then analyze policy\r\nconfiguration files to establish the access analysis tree of the system. Next, algorithms are introduced to validate the correctness of implemented user - role and\r\nrole - permission assignments in the application system against the role-based access control and authorization constraint specification by the SecureUML model.\r\nLastly, we developed a tool called VeRA, to automatically support the verification process. The tool has also experimented with a number of access violation\r\nscenarios in the medical record management system."^^ . "2020" . . "International journal of software engineering and knowledge engineering (IJSEKE)"^^ . . . "02181940" . . . . . . . . . . "Ninh Thuan"^^ . "Truong"^^ . "Ninh Thuan Truong"^^ . . "Thanh Nhan"^^ . "Luong"^^ . "Thanh Nhan Luong"^^ . . . . . "HTML Summary of #4095 \n\nVeRA: Verifying RBAC and authorization constraints models of web applications\n\n" . "text/html" . . . "ISI-indexed journals"@en . .