| If a WEB application system want to publish on network it should primary concern aspect of security then it can possibly be a bridge to the real life along with the development of the network technology at present-day.J2EE has concentrated on the enterprise application since its existence,which contributes a lot to the construction of security enterprise application.However,the traditional J2EE security mechanism whose core point is EJB secutiry service appears cumber to most of SEM's(Small and Media Enterprises) web application and induct certain unnecessary complexity.In this situation,it is necessary to construct a lightweight Secutity Framework for WEB application that is equipped with low intrusiveness and able to make the developer and concrete security technology in a uncoupling state.By combining with WEB application system's own security characteristic, this thesis makes use a lightweight security framework Acegi based on Spring IoC and AOP.Due to all the security logic could be implemented simply by defining configure file in Spring,the Acegi framework on it can easily provide perfect security service by integrating different security solution.This paper points out that the Acegi security framework can be suitable for the majority request of Enterprise WEB application in the security requirement and,how to authenticate and authorize for web resource through dissecting the principle and process of the interaction mechanism between main components in Acegi frameworkFinally,the X.509 authentication,HTTP Form authentication,RBAC and Security channel on Acegi is applied to development of security subsystem in China Technical Innovation Hunan Information Network(CTIHIN) and designs the security subsystem in detail.The security subsystem is achieved the designed aims of security and provides the stable authentication,access control and data confidentiality service to CTIHIN by security testing.At the same time the security subsystem has good maintainability and expansibility.This thesis has certain reference value for the relative system.In thesis design of the WEB application security subsystem always based on the real requestments and business logic it present the idea of functionalism... |
PDF Full Text Request