The Research And Implement Of Web Application Security Protection System Based On AOP

With the rapid development of Internet and informationization construction, the great benefits are brought to us. However, because of several factors, many network attacks are increased rapidly, and network security faces huge challenge. The attention of paper is the security of Web application. In order to protect Web application, it is necessary to establish a security resolution project, through analyzing and researching concept and technique of network security.In practice, it is hard to separate security business from core business, leading to a question of code tangling and disrupting, when using object-oriented developing method to solve security question. The appearance of AOP (aspect-oriented programming), aiming at modularization cross-cutting concerns, brings a solution to the question. Establishing in separation of concern, AOP realizes core and security code alone, which decreases possibility of error, enhancing flexible and reusable and improving the quality of operation.Firstly, the paper points out the shortage of object-oriented developing method to solve security question and advantage of AOP to the question, and describes present research of Web security and AOP at home and abroad. Secondly, as the theory foundation of Web security, some security techniques are studied, such as authentication, authorization, firewall, intrusion detection, data encryption and transport security. The localization of Java EE's security architecture is analyzed, which offers sufficient theory foundation to the security goal of instance. The third, AOP and its advantage in security filed are described. AOP-based security framework is designed. In the end, the implement process is showed in a development instance; meanwhile, the Web application security protection system is implemented with firewall and IDS.Through the security testing, it is showed that the security protection system in the paper satisfies requirement of system, and the whole Web application is protected effectively. In addition, from the developing process of an application system, it is easy to find out that the Web application security module has features of maintenance and extendability with AOP-based software development. Because of separating cross-cutting concerns from core business concerns, the workload is decreased and the efficiency is improved with avoiding repetition of code.