Plug And Play Security Authorization System Based On Light Weigh J2EE Technology

The issue of network security is an ever-moving target.As a software developer,in order to this change,it's important to pursue a comprehensive,system-wide approach. Adopting "layers of security" is a good choice,so that each layer tries to be as secure as possible in its own right,with successive layers providing additional security. At the bottom level you'll need to deal with issues such as transport security and system identification,in order to mitigate man-in-the-middle attacks.Next you'll generally utilise firewalls, perhaps with VPNs or P security to ensure only authorised systems can attempt to connectin corporate environments you may deploy a DMZ to separate public-facing servers from backend database and application servers.Hopefully somewhere along the way you'll be trying to prevent denial of service and brute force attacks against the system. Moving to the higher layers,your Java Virtual Machine will hopefully be configured to minimize the permissions granted to different Java types,and then your application will add its own problem domain-specific security configuration.Nevertheless how can we make application-level security much easier.This article centers on this subject and constructs a plug and play security authorization system based on light weigh J2EE technology(PnPCAS),which is easy to implement,and has good scalability and reusability.The contents which this article researches include organization management system for large organization,improved RBAC access mechanism,variable light weigh J2EE technology and plug-and-play web security authorization technology which is independent with the business logic.This article integrates light weigh J2EE technolo-gy,constructs a plug and play security authorization system based on light weigh J2EE technology(PnPCAS).The PnPCAS uses variable presentation layer technology to make a user-oriented system.We apply Struts2,Spring,Hibernate3,etc technology to our development,so the programmer could concentrate their energies on user experience and businees logic,and could not focus on tedious security control code.The critical issue are plug and play. The security authorization and business logic is inde- pendent.That is to say,the development of security logic irrelevant to the businees logic.Thus,if user deploys our PnPCAS system,he can reduce the financial burden.