基于J2EE平台的Web系统安全研究与实现
发布时间:2018-09-07 19:17
【摘要】:在互联网高速发展的今天,大量企业开始发展其信息化建设,企业级Web系统的应用日趋广泛,而J2EE作为企业Web系统中使用最频繁的技术之一,其安全问题自然受到高度关注。在Web系统的安全体系中,访问控制起着举足轻重的作用,故本文针对基于J2EE平台的Web系统的访问控制安全问题进行研究与实现。 本文首先分析了企业Web系统面临的安全问题,指出对于内网中的Web系统,各类恶意攻击可以忽略,故系统的权限管理成为安全研究的重点问题。然后结合作者研究生期间的J2EE Web开发经验,分析了J2EE的各主要组件及其安全机制,并重点研究了访问控制模型,在大量研究国内外的访问控制模型的设计与实现方式的基础上,分析了几种模型间的联系与区别,确定了以基于角色的访问控制为主要研究方向进行本文的研究。接下来结合Spring框架,使用IOC技术为系统解耦,通过Spring Security内置的访问控制模块,扩展J2EE的访问控制功能,设计模型进行Web系统中用户的访问控制管理,使得Web系统具有针对多角色多用户的访问控制能力。 本文对作者在北京邮电大学ANM研究中心参与开发的前台访客智能服务管理系统的进行了基本介绍,并分析了其应用访问控制模型的场景,对已有系统框架及数据库进行改进,在系统上设计实现了基于角色的访问控制功能,完成了对系统的扩展升级,为J2EE Web系统访问控制功能的二次开发提供了很好的经验借鉴。
[Abstract]:Today, with the rapid development of Internet, a large number of enterprises begin to develop their information construction, and the application of enterprise Web system is becoming more and more extensive. As one of the most frequently used technologies in enterprise Web system, the security problem of J2EE is naturally highly concerned. Access control plays an important role in the security system of Web system, so this paper studies and implements access control security of Web system based on J2EE platform. This paper first analyzes the security problems faced by enterprise Web systems, and points out that all kinds of malicious attacks can be ignored for Web systems in the intranet, so the privilege management of the system becomes a key issue in security research. Then, based on the J2EE Web development experience of the author's graduate students, the main components and their security mechanisms of J2EE are analyzed, and the access control model is studied emphatically, based on the research on the design and implementation of the access control model at home and abroad. The relationship and difference between several models are analyzed, and the role-based access control is chosen as the main research direction of this paper. Then combining with Spring framework, using IOC technology to decouple the system, extending the access control function of J2EE through the access control module built into Spring Security, and designing a model for user access control management in Web system. The Web system has the ability of access control for multi-role and multi-user. In this paper, the author introduces the intelligent service management system of front desk visitor in the ANM Research Center of Beijing University of posts and Telecommunications, analyzes the scene of its application access control model, and improves the existing system framework and database. The role-based access control function is designed and implemented on the system, and the extended upgrade of the system is completed, which provides a good experience for the secondary development of the J2EE Web system access control function.
【学位授予单位】:北京邮电大学
【学位级别】:硕士
【学位授予年份】:2014
【分类号】:TP393.08
本文编号:2229175
[Abstract]:Today, with the rapid development of Internet, a large number of enterprises begin to develop their information construction, and the application of enterprise Web system is becoming more and more extensive. As one of the most frequently used technologies in enterprise Web system, the security problem of J2EE is naturally highly concerned. Access control plays an important role in the security system of Web system, so this paper studies and implements access control security of Web system based on J2EE platform. This paper first analyzes the security problems faced by enterprise Web systems, and points out that all kinds of malicious attacks can be ignored for Web systems in the intranet, so the privilege management of the system becomes a key issue in security research. Then, based on the J2EE Web development experience of the author's graduate students, the main components and their security mechanisms of J2EE are analyzed, and the access control model is studied emphatically, based on the research on the design and implementation of the access control model at home and abroad. The relationship and difference between several models are analyzed, and the role-based access control is chosen as the main research direction of this paper. Then combining with Spring framework, using IOC technology to decouple the system, extending the access control function of J2EE through the access control module built into Spring Security, and designing a model for user access control management in Web system. The Web system has the ability of access control for multi-role and multi-user. In this paper, the author introduces the intelligent service management system of front desk visitor in the ANM Research Center of Beijing University of posts and Telecommunications, analyzes the scene of its application access control model, and improves the existing system framework and database. The role-based access control function is designed and implemented on the system, and the extended upgrade of the system is completed, which provides a good experience for the secondary development of the J2EE Web system access control function.
【学位授予单位】:北京邮电大学
【学位级别】:硕士
【学位授予年份】:2014
【分类号】:TP393.08
【参考文献】
相关期刊论文 前6条
1 陈继明,宋顺林;根据任务和角色进行Web访问控制[J];江苏大学学报(自然科学版);2003年04期
2 沈海波,洪帆;访问控制模型研究综述[J];计算机应用研究;2005年06期
3 黄毅;李丽娟;;基于RBAC模型中角色继承关系的改进[J];科学技术与工程;2010年04期
4 罗耀;;Acegi的应用研究[J];科协论坛(下半月);2008年08期
5 景栋盛;杨季文;;一种基于任务和角色的访问控制模型及其应用[J];计算机技术与发展;2006年02期
6 赵秀凤;郭渊博;;一种基于角色和任务的访问控制模型[J];微计算机信息;2007年33期
,本文编号:2229175
本文链接:https://www.wllwen.com/guanlilunwen/ydhl/2229175.html
