Abstract:In the enterprise web application system, the access powers of user are used to be assigned on the basis of the function module of system in traditional methods. First, we used to assign the power of every module to different roles, and then these roles were assigned to some particular users. This access control technology based on roles lacks flexibility and cannot make to measure; it makes it very inconvenient for the user who has multiple roles in web application system. Furthermore, it will bring extra work in system expansion due to interaction effect of authority manage and business function. To improve the above- mentioned defect, this thesis puts forward methods of developing web system by integrating frameworks of Struts2, Spring3 and Hibernate4. It validates the log-in and permission of access for every request by the permission-interceptor. In this way, the web system can control user access powers in fine grain and Enhance the flexibility and expandability of system.