The Application And Realization Of JAAS In BeforeTheCall System

In the Web model, the security design of a new CRM needs. Comparedto traditional C/S applications we have to consider not only the security ofdata access, but also the security of the network. As computer networks andthe rapid development of communication technologies fly, the datatransmission network security has become a matter of growing concern. AsInternet open itself, the user in the network will have benefit, but at the sametime could also become a network spreading. This led to the disorderlyInternet, but also makes Internet network have no law to follow. Thereforethe use of encryption decryption requires that the signature status,authentication, authority control, and other means to ensure the safety ofusers.Before The Call is a company that closes the gap between marketing andsales with fully qualified lead profiles. The complete product runs on ahosted server that is designed to integrate directly with customer relationshipmanagement software. The function that Before the Call provides isenrichment. The hosted solution is designed to integrate with existing CRMsystems or used standalone. The standalone system does not do CRM, butrather provides enrichment for manually entered data. The hosted solutioninterfaces with many web services. Within the complete product, there aretwo sub-systems, the User Management and Billing. As the centrialcharacter of the BTC System is the management and usage to the clients' data,as it is neccesary to ensure its security. So when realize system, the securitymust be the principal problem.This paper mainly talks about the JAAS technologhy.Based on it, wedesigned an effective data access module.Then to make Weblogic Platformframework for standards,get the web access control mechanisms for researchand design, through certification to the user's operating procedures, and thusachieve the purpose of the protection system. JAAS authentication andauthorization services work together to provide additional functions: Theyprevent sensitive Java application code by potential malicioususers'destruction. Using this security model we might create a safty, effectiveCRM based on B/S.Firstly , it is mainly dicuss the background or the BTC project,thenprovide the development of the network security system in CRMnowadays.Then focus on the speciality of the BTC, we smmarizedt the valueof the security system made in it.Continuliy, we gave several conceptions about security which referred inthe developing process on the BTC, and the instruction about the securetechnologhy. Especially the conceptions relatived with the security of J2EE,such as Principal, Security Policy Domain, Security Technology Domain,Security Attributes, Credentialand so on. After all we still apply other relativetechnologhy, JAAS. At last we talked about LDAP, SSL, XML, Ajax, WebService, and SOAP which will be used in BTC system.In order to make the reader more clearly about the whole design of thesecurity service system in the BTC system. Firstly discuss the generalarchitecture and the description of each functional sub-system, as followingprovide the solution, based on the purpose that we want to design the wholesecurity system.The next chapter is the heart of the paper, mainly work on the design ofthe authentication and the authorization in the system. And here is the myprimary work in this project, in the terms of implementing the JAAS functionat both business layer and view layer base on the oringnal system strutctureand logical EJBThis is the core element of the certification authority system design andrealization of two parts. Here is the author of the major work involved in theproject completed, in the terms of implementing the JAAS function at bothbusiness layer and view layer base on the oringnal system strutcture andlogical EJB, and plans to complete the project on the basis of the modularunits for the necessary testing (JUnit Testing). Also using Ajax technology forXSLT processing of XML data files, achieve more renewable forms of partialviews.From the design point of view, first introduced BTC system in theoverall context of the J2EE certification authorization models, and analysis ofthe model characteristics;And then described in detail based on JAASauthentication module design and the main flow, including design andcertification that layer authentication logic layer EJBean design;and adetailed account of the core technologies JAAS based on the authorizationmodule design and main flow, primarily based on the competence of the roleof distribution, and add to the integrity of the other modules in the design ofseveral modules.To achieve certification authority in the system, the article firstintroduced the system basic technology, and then introduces the developmentenvironment and server configuration. Close around to the JAAS technology,talked about the the concrete realization of several modules involved in thelast chapter, and finally introducing other security technologies in the systemapplications and achieve, such as encryption technology, XML, Web Service.Any language is not an absolute security, programming language is thesame. In the realization of this technology on the J2EE security, in order toachieve the system, for example, highlights the system based on JAASsecurity technology to achieve principles.Phase II construction of the system is continuing, the current system isapplied Ajax technology to achieve a large number of XML documents basedon XSL to show, there are a number of available interfaces to accommodatedifferent types Web Service CRM system integration.BTC seeks to develop products to meet the ever increasing demands ofclients, so its system is a long-term process of innovation. However for thesecurity of the system needed further time study is based on the users to usethe system after feedback to gradually improve the system, to do so once andfor all, so that they can quickly adapt to customer and market demand.