Based E-commerce Security Architecture Of The Host System And The Implementation Of The Program

Application security is an imperative for business. Companies with better security will gain competitive revenue, open up new markets, and improve end-user experience. This is true for both B2B and B2C applications. With global network connectivity and ever-increasing bandwidth, we have seen business transformation and unprecedented access to enterprise information and resources. Security is now at the forefront of the challenges facing users, enterprises, governments, and application providers and developers.When an integrated application is developed, loosely coupled distributed applications based on J2EE and Web Services have become the preferred model for developer. Meanwhile, J2EE platform supply a lot of secure components to construct a security infrastructure. When integrating with mainframe-centric enterprise information system, security is the first focus. Because Security in a mainframe-centric environment in the past has been straightforward, but this situation has had an enormous impact on today's security infrastructure, as all kinds of untrusted access points have been introduced to the infrastructure that have access to the enterprise's sensitive program logic and data on the mainframe. Therefore, building a end-to-end security architecture is very important and essential before going any farther with the deployment of an application.This paper outlines the real challenges we are facing today in a mainframe-oriented environment when building new e-commerce application, and shows that existing security technology on the mainframe combined with new security technology outside the mainframe can be a very good fit to address those challenges. Afterwards elaborates mainframe security model and security product RACF, LDAP, and presents the J2EE platform's Key secure components on Web tie, EJB tie, EIS tie, Web service tie. At last it provides a new security multi-ties solution on common J2EE platform integrated with mainframe platform, and then based on that, takes the sample application"user award consume service"to elaborate the security modeling, security designing, security service and deployment. At last this paper elaborates some tests related to feasibility and security, by witch, the solution is better to take security problem. But there is something to do for best security, such as that access control mechanism based on role has not introduced to Web Service architecture.