Web Security Framework Research And Implementation Of A Common Business System

Although the Web application framework appeared for a long time, it still has many limitations in terms of safety, in which the framework for Web-based business is rarely mentioned because of its cumbersome business processes and varieties. To this problem, this paper carried out a study on the security framework for application of business-type systems. Based on the existed research on Web framework, aiming to overcoming the shortcomings as poor versatility and low security of the existing Web application framework, this paper tries to improve and implement a security framework applicable to business-system.Firstly, researching on the existed Web framework, mainly on the SSH integration framework improvements, the summarization of the improvement steps of SSH framework and the code optimization of the various configuration files. From a practical point of view, this paper illustrated the development process to build a framework in detail, adding a interface layer and other interception codes, therefore, the code reuse in improved infrastructure was not only high, but also it ensured the infrastructure drivability.Secondly, to the complexity of business systems, this study introduced a dialogue-based workflow model, by means of a workflow solution-- Web-based workflow system, and finally formed a state-based timing workflow model, which is to abstract the basic elements of general business solution, to control every business process on pre-set timing, and ultimately ensure the implementation of the workflow.Thirdly, using instant messaging push mechanisms to achieve the timeliness of data, IM(Instant Messaging) mechanism would not only guarantee the transformation of various kinds of data in the form of message, but also is the key technology to realize the workflow model. This paper optimized IM mechanisms so that it can be nested within the overall framework to solve the business process that can carry the message itself, control the timing of new messages adding or pushing, and enhance the compatibility of the framework. Then, improving a more practical access control model by the RBAC(Role-Based Access Control) model, to improve the sensitivity and versatility of the whole framework.Finally, testing the versatility and performance of business-type Web security framework implement. The results proved, the Web security framework proposed by this paper has the characteristics of high stability, efficient performance and good versatility for business systems.