Design And Implementation Of Application Security JEE Platform

In the process of enterprise development, the most concerned is development platform and information security. Because of various reasons and backgrounds of history, the enterprise which the author working for haves more than 100 business systems. These systems were developed by different technologies,now its structure could not support the current business growth. The project team had maintained it often very difficult, then the project team has a low replacement rate. At the same time, various systems have been a variety of security problems,and the project team is often in the situation of fire fighting.In order to change the blind and redundant development, the author had been required to develop a software platform to integrate the current mainstream development technology, and also can resist the primary security attacks.The project development was mainly through the use of software engineering methods. At the phase of requirement, the author first understanded the needs and objectives of the project, and then summarized the technical types of the internal development in the enterprise. At the phase of design, the author designed a set of distributed system architecture with the current mainstream development technologies, and realized the basic functions such as login, privilege management, log management etc. The system used Java language and a variety of JEE technologies based on Java, and based on Java+Linux+MySQL. Between Web layer and APP layer,the author used Dubbo/Dubbox which is a open source distributed service framework of large internet company. At the development phase, the team mainly used Eclipse as a development tool, used SVN as a version control system, and used Maven to carry out the modular and collaborative development. The team completed attack defense against the Cross-Site Scripting(i.e. XSS), SQL Injection, Broken Authentication and Session Management, Insecure Direct Object References, Cross-Site Request Forgery(i.e. CSRF),etc. In the testing phase, JUnit is a main tool for unit testing, and the delivery to the test team conducted a special integrated test. Finally, the platform is delivered to the project team to trail. Through the tests of several practical projects, the platform has been proved to achieve the goal of the design.