Security Research And Implementation Of WEB Application System Based On JAAS

With the development of information technology, the web application system based on J2EE has been applied in many fields, such as enterprise, government, especially in the field of electronic business which requires higher security. Therefore people have been paying more and more attention to the security of web application system, the network security has become a problem that we have to resolve it imminently.This paper takes the MIS of the Tarim engineering and technology service company in Xinjiang Province of China as a project background, and brings up a kind of measure for enhancing its security by applying the technology of jaas aiming to the security of web application system. First we introduce the security mechanism of java, and expound four key security components of authentication, authorization, confidentiality and integrality. Then we analyze this technology profoundly and introduce many correlative concepts including the subject authentication and authorization of jaas in detail. What's more, we describe some concepts correlated jaas like role, resource in the Bes web server, and introduce the detailed step about applying jaas in the Bes. In the end, we discuss the design architecture of the web application system as a whole based on jaas, and accomplish designs of main modules like user management, role management, power management and delegation management in the systemic security management, and we accomplish all the main modules according to systemic design, and lay out the code of the key modules.Web design pattern of Struts framework which based on MVC model is adopted to design the whole system, which divides the application system into business module and data displaying module in effect, it improves cohesion of the systemic module in the application and decrease the coupling degree between them, and it also is convenient for systemic integration, maintenance and expansion. We make the best of struts' powerful groupware in the process of systemic implementation, and develop many common modules and user-defined labels,which accelerate the development of the web application system. Design and implementation of model, view and control modules of struts framework based on MVC model is given in this paper, and we also deeply research and design the systemic security from the different lays, such as database, web server and client browser, and analyze the system security in detail.The design goal of this system is to build a web application system which is safe, efficient and convenient for maintenance, and implement a kind of development model of the web application system on the basic of it. We adopt this development model, and make use of advanced software design theory, development technique and tools to optimize development process, and improve development efficiency of system.