Research And Implementation Of A Lightweight Secure Web Development Framework

With the increasing requirement of enterprise applications,the program development cycle is becoming increasingly urgent,meanwhile the safety calls for more stringent demand.The mainstream web application development frameworks have strict and complex specifications which lead to inefficiency of development.In terms of security,these specifications also have limitations,which are not applicable to enterprises that focus on the security.Therefore,there is a need to build a lightweight secure web development framework to meet the needs of enterprises for fast development and security.This dissertation deeply studies J2EE architecture and MVC design patterns,and explicitly states the design principles and problems to be solved by analyzing the shortcomings of the current mainstream web development frameworks.From the lightweight perspective,the overall structure of three tiers and eight modules of web development framework is designed and implemented,and the functions of each tier are well encapsulated.Then,the security mechanism of web is researched.Identity authentication and access control play a key role in the security access control of web applications.This dissertation improves JWT in the aspects of data structure and authentication method,designs and implements a high-performance Token protocol,which effectively reduces the resource consumption of the system and better ensures the security of the system authentication.In terms of access control,an extended model of RBAC is designed and implemented.By adding organization attribute,the model accomplishes the collaborative control of functional and data entitlement,guarantees the security at the system access control level,and further improves the security and reliability of the system.Finally,based on the network asset information collection and management system,the lightweight secure web development framework is applied.The general framework of function and database of the system is introduced,and the implementation of main functions and security access control of the system is given.Results of the application show that the lightweight secure web development framework not only greatly shortens the program development cycle,and improves the security and stability of the system.