| With the development of information technology, the web system based on J2EE architecture has been widely used in many fields. Its widespread use in E-commerce which has high standards in safety let people pay more attention to the security of web application system, and this makes the Network Security becomes the urgent problem.Based on online document management system, the paper proposes a method to enhance the web system security by applying the authentication method of Unix according to the security of the J2EE web application. Firstly, the article introduces an authentication method of Unix based on the password. The method makes use of the SHA-1 Hash algorithm and calculates the abstract message which will be stored in database by salt password. The value of password will not be used in the system authentication but the Hash value, which will add the work time of the attacker when they attack the protected data and strengthen the password security based on forms authentication, ensuring the system security. Secondly, the article introduces the Java security system and also analyses the JAAS technique. When describing the Java security architecture, the paper focuses on the JAAS authentication and the core class of authentication services which contains main part of Subject, the class about JAAS authentication and authorization, and described the basic work flow of JAAS authentication and authorization.Upon the analysis of JAAS security system in the design and programming of the system, the thesis makes an in-depth study of the MVC design pattern and Struts frame and designs the online document management system by applying JAAS security system which is based on Struts frame. The web application based on MVC design pattern by Struts frame separates business logic and display logic effectively ,which improves the reusability and flexibility of code, and the maintainability and extensibility of the system as well, Thus the rapid development of web application based on J2EE is possible. The system focused on the management of the user's login and file resources. The whole parts are designed by following the rules of MVC architecture, and work cooperatively in the Struts framework. By making full use of dynamic and pluggable model provided by JAAS security system, The system realizes user authentication and makes the application program more flexible. The system security is effectively strengthened by combining the Unix authentication method with JAAS authorization, The system also improves the efficiency of web application development by using the powerful Struts component function. What's more, the system achieves a series design goals of Web system based on J2EE. |
PDF Full Text Request