Based On Aop Security Framework With The Mvc Pattern

With computer network and distributed computing technology getting more and moremature, J2EE multilayer web framework based on MVC pattern has become one of theprimary architecture in developing distributed enterprise application. Academias appliedthemselves to study and solve how to keep web application secure, prevented the activeattack and passive attack. In this situation, Sun Microsystem Corporation proposed JAASfrom J2SE1.4. It specifys a new security standard and provides a pluggable and flexibleframework. J2EE application which applies JAAS can authenticate user and protectresources effectively and its security has been improved remarkably.Researchers developed JAAS in order to enhance access control of J2EE application.Access control based on MVC pattern refers to RBAC model to some extent.Variousresources should be assigned to roles in the form of object. User can make sure whichpermissions he owns to access some specific resources by right of his roles and accesscontrol policy. Though it simplifies permission management, there are some limitations byusing traditional OOP. Each core concern must implement crosscutting concerns scatteredwidely. It will cause code tangling and scattering.To tackle this problem, we tried hard touse Aspect Oriented Programming(AOP) to improve access control based on MVC patternand proposed a AOP security framework based on MVC pattern (MBASF).In the thesis, we designed and implemented all modules of MBASF by designideas. The work mainly includes some aspects as follows: password authentication based onMD5 digests including salt, password/X.509 certificate stack authentication, authorizationbased on RDBMS and XML policy file, session management, browsing and querying auditlogs by Ajax, monitoring system performance, Hibernate persistence management. ByAOP modeling crosscutting concerns, system can be further improved in reusability, flexibility and scalability, which conforms to the objective of software engineering.In the thesis, we built a J2EE architecture applying MBASF on the basis of designingand implementing MBASF.It can be used as the technical criteria of developing projectapplication. As running-system and monitoring result shows, MBASF not only impliesdesign objectives of security, functionality, structure and efficiency, but also improvessecurity standard of enterprise application, which achieves research intention andexpectation.