Research And Realization Of The Enterprise Application Security Architecture Based On Spring Security

Enterprise application refers to applications and solutions that deployed for commercial organizations and large enterprises. An ideal enterprise application platform should be upgrading easily, reliable, safe, and have flexibility architecture. As an important concern, security penetrates in all stages of the entire enterprise application development life cycle. At present, enterprise application system which has being intense-coupled with authentication and authorization management system that doesn’t protect its business method and is lack of dynamic access control. This paper is devoted to solve these problems and do some research as follows.Firstly, the reason why enterprise application system intense-coupled with authentication and authorization management system is that the design between Object-Oriented and Aspect-Oriented does not match. By intensive study of Aspect-Oriented Programming and the mechanism of Spring to implement AOP, using Object-Oriented Programming coupled with Aspect-Oriented Programming to separate transverse cutting attention spot, resolve the intense-coupled problem between the business logic and security logic.Secondly, this paper analyses spring security deeply, spring security is a security framework based on Spring AOP, it works independently against business logic of the system, providers protection of authentication and authorization for the system and can be integrated with most web framework. This paper analyzes the strategy of authentication and authorization, discusses the protection of web resources and business method.Thirdly, this paper discuss about the access control strategies, especially Role-Based Access Control. RBAC combined with Spring Security will effectively reducing the management complexity and be flexible enough to support the needs of the enterprise security policy changes.At last, through a practical project development which has dynamic access control and an operation interface realizes our design objective and testifies the admission control ability of the security architecture.