The Research And Implementation Of Web Application And Its Security Framework Based On J2EE

Recently, there has been a greater demand for application systems based on Web to meet more complicated requirements, shorter R&D time. For small and medium size enterprises, it's a problem on how to rapidly develop a Web application with scalability, reusability and security. By research on current multi-tiers systems and analysis of open-source frameworks, a generic and lightweight Web Application architecture and its security architecture is designed in this thesis. An example based on Drug Sales System is introduced as well to illustrate the process to build a multi-tiers system with the help of the architecture.There are many patterns of Web Applications in which we usually can't find uniform way to approach the resolving of security concerns. In real projects, we usually can't reuse the code of the security aspect of early projects. In order to solve this problem, we try to use open-source frameworks which focus on specific aspect in system, such as transaction, security etc. This mode has great practical significance for the development of enterprise web applications.Based on the requestments of security framework, the J2EE security mechanisms and aspect-oriented technology is first introduced, and then Acegi security framework is analyzed. Based on analysis of the system requirements and advantages of open-source frameworks, a multi-layered system architecture based on Struts, Hibernate, Spring and Acegi frameworks is designed.The main develop work based on Drug Sales System is as following:First, Struts, Spring and Hibernate are integrated together to give full play of their respective advantages and developed functional modules of the system.Secondly, Acegi is used to construct the system's security framework, by using of AOP (Aspect-Oriented Programming) technology to protect Web resources and business methods, and applying non-invasive role-based access control.Thirdly, the permission data model of Acegi framework is extended, and the configuration information to the database is transplanted, then, the cache mechanism to apply the graphical dynamic management of roles and permission is changed.Finally, in other aspect of system security, based on Acegi framework , JCaptcha to apply the verification code, HTTPS to apply security transmit, MD5 message digest arithmetic to apply password encryption and Spring AOP to apply log management are used.Practice has proved that this new framework helps to increase work efficiency in development. Meanwhile, system scalability and reusability based on this framework are also satisfied. Small and medium enterprises will be benefit from this framework to fast develop secure Web Applications.