Research And Application Of J2EE Security Mechanism In The Intelligent Building OA System

Since the rapidly development of the computer network and communication technology, the security of data that transfer on the network attracts more and more attentions. Due to the publicity of the Internet, every network user could possibly destroy the network at the same time they could benefit from the network. It causes the Internet can't be well-ordered, and makes the Internet's network order seems chaos. So we adopt some technic such as encryption/decryption, signature/ authentication, authorization and accessing control to guarantee user's security.Because of the high performance of Java language, it has been applied more and more abroad on the Internet. And to Java language, security is the key element to be considered during the development. As every developer knows, Java code will be exposed to vastly unknown users, and it'll cause obviously security risks. At first Java's security was implemented by sand-box mechanism, but sand-box mechanism could only afford very limited security. JDK 1.1 brings forward the Java Cryptographic Architecture(JCA) and it gives a general architecture for Java security. JCA frame was extended along with J2EE's announcement. Java Cryptography Extension(JCE), Java Authentication and Authorization Service(JAAS), Java Security Socket Extension(JSSE) extend Java's security from different aspect, and they establish J2EE security platform together.Through the research of the J2EE security architecture, this paper analyzed and discussed some important J2EE security mechanisms such as JCE, JAAS, JSSE thoroughly. Then this paper discussed how to choose right security tools and how to establish a complete set of security scheme. Introduced the particular design process of the encryption service module, identity authentication module and SSL transfer module in the Intelligent Building OAS. And introduced the application of every module in the Intelligent Building OAS.Through initial development and application, the security modules can meet the basic theoretical design requirement. The results of trial operation indicate that using J2EE security mechanism to implement the Intelligent Building OAS's security scheme is practical and has great application and development prospects. And this scheme is possible to be used abroad.