中国科学院软件研究所机构知识库
Advanced  
ISCAS OpenIR  > 中科院软件所  > 中科院软件所
题名:
WEB应用服务器安全服务的设计与实现
作者: 樊会锋
答辩日期: 2004
专业: 计算机软件与理论
授予单位: 中国科学院软件研究所
授予地点: 中国科学院软件研究所
学位: 博士
关键词: Web应用服务器 ; 安全参考模型 ; 安全服务
其他题名: Design and Implementation of Security Service of Web Application Server
摘要: 随着电子商务应用的需求和Internet上企业级应用的迅速发展,W已b应用服务器成为研究热点,它为开发、部署、运行、集成、维护和管理中间层应用服务提供了一个通用运行环境,使应用开发人员能将精力集中于目标系统的业务逻辑,从而简化了应用系统的开发和维护。由于安全性问题在开放的网络环境中越来越突出,因此安全服务成为应用服务器必须支持的基本功能,在应用服务器中占有重要地位。本文研究J2EE应用服务器的安全服务框架。首先,我们建立了安全参考模型。J2EE规范只定义了相关的安全需求和目标,但具体实现依赖于实现者,为了对J2EE应用服务器的安全服务具体实现提供指导,我们借鉴CORBA安全参考模型,并且结合J2EE应用服务器的特点,建立了安全参考模型。次,根据安全参考模型,我们采用分层的结构对安全服务进行了实现。通过JAAS这种PAM框架和基于Rights的访问控制模型等,我们提供了一个灵活的、可配置的和可扩展的安全服务框架,以便能够集成多种安全机制和策略。此外,由于安全服务的贯穿特性,通过使用AOP思想对安全服务进行封装,避免了安全相关代码的散布和交织,同时也提高了代码的复用率。最后,我们将安全服务集成到中科院软件所自主开发的基于JZEE规范的Web应用服务器—OnceAS中,为实现E用容器、Web容器以及JCA等的安全需求提供了具体支持。
英文摘要: With the quick development of Electronic Commerce and the enterprise application on the Internet, web application server becomes a hot research area. A web application server is a distributed system that provides runtime-integrated services such as naming service, security service, transaction management, load balancing, fault tolerance etc, for transactional web application. Developers can concentrate on their own business logic rather than be involved in those issues, and then the development and maintenance of application system is simplified. Because security issue has been more and more important in the open network environment, security service plays an important role in the application server and must be supported by it as a basic function. The thesis focuses on security service framework of J2EE application server. First, we introduce a security reference model. J2EE specification only defines security-related requirement and goal, but how to implement is due to developer. In order to guide the development of security service of J2EE application server, we define a security reference model through referring to CORBA security reference model and combining characteristics of J2EE application server. Next, according to security refencence model, we implement security service by using layer-architecture. Through the JAAS and Rights-based access control model, we provide a flexible, configurable and extensible security service framework, which can integrate various kinds of security mechanism and policy. Additionally, because of inherent cross-cutting characteristic of security service, we provide an aspect of security service by using the concept of AOP, thus security-related code scattering and tangling can be avoided, and code reusability is also promoted at the same time. Finally, we have integrated security service into Web Application Server OnceAS, which is developed by Institute of Software, CAS, and conformed to J2EE specification, and therefore the security requirements of EJB, Servlet and JCA can be satisfied.
语种: 中文
内容类型: 学位论文
URI标识: http://ir.iscas.ac.cn/handle/311060/7582
Appears in Collections:中科院软件所

Files in This Item:
File Name/ File Size Content Type Version Access License
LW014080.pdf(3450KB)----限制开放-- 联系获取全文

Recommended Citation:
樊会锋. WEB应用服务器安全服务的设计与实现[D]. 中国科学院软件研究所. 中国科学院软件研究所. 2004-01-01.
Service
Recommend this item
Sava as my favorate item
Show this item's statistics
Export Endnote File
Google Scholar
Similar articles in Google Scholar
[樊会锋]'s Articles
CSDL cross search
Similar articles in CSDL Cross Search
[樊会锋]‘s Articles
Related Copyright Policies
Null
Social Bookmarking
Add to CiteULike Add to Connotea Add to Del.icio.us Add to Digg Add to Reddit
所有评论 (0)
暂无评论
 
评注功能仅针对注册用户开放,请您登录
您对该条目有什么异议,请填写以下表单,管理员会尽快联系您。
内 容:
Email:  *
单位:
验证码:   刷新
您在IR的使用过程中有什么好的想法或者建议可以反馈给我们。
标 题:
 *
内 容:
Email:  *
验证码:   刷新

Items in IR are protected by copyright, with all rights reserved, unless otherwise indicated.

 

 

Valid XHTML 1.0!
Copyright © 2007-2017  中国科学院软件研究所 - Feedback
Powered by CSpace