| The security technology based on J2EE provided a lot of security service for the application based on J2EE architecture. However, J2EE security still has some deficiencies. For example. The class-level access control of J2EE can't meet the security requirements of application actually; The SSO in the scope of the security domain defined in J2EE specification was inconvenient. So this thesis carried on the analysis and research thoroughly on the J2EE security architecture as well as the security technology based on J2EE, especially J2EE authentication, data storage security, data transmission security and the J2EE access control model; then points out some weaknesses existing in the J2EE security.On the basis of the research described above, the paper firstly proposes a feasible scheme for enhancing the security function of J2EE, and then completes the design and realization of this scheme. In the side of server of the scheme, CAA which does not use the Cookie mechanism realizes the SSO and the central authentication function. The RBIAC (Role-based Instance-level Access Control) model is designed and realized, which fulfill the instance-level access control secondly, one kind of solution for user to visit application with multi- roles was proposed. At last the security scheme was applied in the army's office automation information platform. |
PDF Full Text Request