The Research And Implementation Of Web System Security Based On J2EE Platform

With the rapid development of the Internet today, large number of companies began to develop its information technology, Enterprise Web Systems’application is increasingly widespread. As one of the most fre-quently used technique in Enterprise Web Systems,the security of J2EE is highly concerned naturally. In the security system of Web Systems, access control plays an important role. Therefore, this paper studies access con-trol security system and implements it on the Web System based on J2EE platform.This paper analyzes the security problems faced by Enterprise Web Systems, points out that for the Web system in the Intranet, all kinds of malicious attacks can be ignored, so the authority management of system become the focus of security research.Then combined with author’s J2EE Web development experience during the graduate, analyzes the major components of J2EE and its security mechanisms, and focus on the access control model, on the basis of a large number of researches on the design and implementation of access control models, analyses the contacts and differences between the various models, and determine to research the RBAC model for major breakthrough conduct for this article. Then com-bines the Spring Framework, uses IOC technology to decouple the system, extends access control functions of J2EE by the built-in access control module of Spring Security,design model for users’access control man-agement in Web system, builds Web access control system with multi-role capability for multi-user.This paper introduces the Intelligent Service Management System for Visitors’Reception which was developed by author in the ANM Re- search Center of Beijing University of Posts and Telecommunications ba-sically, and analyse the scene of its application with access control model, extends and improves the framework of existing systems and databases, design and implement role-based access control function on the system, completed the expansion and upgrade of the system, provides a good learning experience for the secondary development of access control function of J2EE Web system.