Abstract: A 3-layer model based on Java Authentication & Authorization Service (JAAS) and Struts framework is presented to insure the security of Manufacturer Information System (MIS). In this model, the identical roles for both Database Management System (DBMS) and web container are defined. A coordinate security architecture is utilized to realize the Role-Based Access Control (RBAC) of MIS at web browser, web container and database, respectively. The results indicate that the implementation of this model meets various security requirements for MIS, and also makes it easier to administrate the system security during the runtime. In addition, the Struts framework enhances the development for web application effectively.