基于Web Services的数字校园统一身份认证系统的研究与实现
摘要
随着数字化校园建设的逐步完善和发展,各种基于校园网的应用系统层出不穷。各种应用系统独立认证的弊端也逐渐突显出来,校园网络难以集中管理,用户访问不方便,安全性存在极大隐患。因此,建立一个统一身份认证系统对数字化校园实现统一管理、统一认证和统一授权是十分必要的。
现有的应用系统开发模式及结构存在很大差异,在应用集成上存在很多不足。随着Web Services技术的发展和广泛应用,其高效集成性、松散耦合性和实现简单等特点使得互操作和集成问题从层次上被简化。
本文采用大量广受欢迎的开源软件,提出一种基于Web Services的统一身份认证系统架构,由统一身份认证平台、LDAP数据库以及Web Services集成引擎三部分组成。其中统一身份认证平台通过CAS结合acegi来实现单点登录以及认证和授权。整个系统中,认证和授权工作全部依靠统一身份认证平台中的CAS,这样降低了各应用系统的维护和管理成本,同时提高了安全性和可扩展性,降低了开发难度。利用Xfire进行Web Services开发,系统的各个层次相对独立,这样既保证了系统的松散耦合,也使应用系统的集成和扩展新应用系统更容易。随着统一身份认证系统的逐步完善,将在数字校园信息安全体系中发挥重要作用,使得网络更安全,更方便管理和使用。
With gradual construction of e-campus being perfect, various kinds of application emerge on the campus network system.The drawbacks of each kind of application system with independent authentication also gradually appears, so the campus network is hard to be centralized management, the visit of user is not convenient, and the security exists enormous hidden danger. Therefore, to establish a Unified Identity Authentication System(UIAS) to the digitized campus that realize unified management, unified authentication and unified authorization is extremely essential.
The development pattern and the structure of existing application system are very different, they has very many insufficiencies in the application integration. With the technology development of Web Services, its characteristic that contain highly effective integration, the loose coupling and easy realization and so on cause that mutually to operate and the integrated question is simplified from the level.
This article uses massive popular open-source softwares, and proposes one kind of UIAS frame that based on Web Services,it contains three parts, the platform of unified identity authentication, the database of LDAP as well as Web Services integration engine. the platform of unified authentication identity including the CAS server. Through unifying acegi and CAS the authentication and authorization can be realized. In the overall system, the authentication and authorization completely depends on CAS. This can reduce the maintenance and management cost of each application system, enhance the security and extension, and reduce the difficulty of development. Developing Web Services with Xfire can make each level of the system be relative independence.This can guarantee the loose and coupling of system, also cause the integration and extence of application system be easier. With the gradually consummation of UIAS system, it will play vital role in the information security system of e-campus, and will make the network safer, management and use more convenient.
现有的应用系统开发模式及结构存在很大差异,在应用集成上存在很多不足。随着Web Services技术的发展和广泛应用,其高效集成性、松散耦合性和实现简单等特点使得互操作和集成问题从层次上被简化。
本文采用大量广受欢迎的开源软件,提出一种基于Web Services的统一身份认证系统架构,由统一身份认证平台、LDAP数据库以及Web Services集成引擎三部分组成。其中统一身份认证平台通过CAS结合acegi来实现单点登录以及认证和授权。整个系统中,认证和授权工作全部依靠统一身份认证平台中的CAS,这样降低了各应用系统的维护和管理成本,同时提高了安全性和可扩展性,降低了开发难度。利用Xfire进行Web Services开发,系统的各个层次相对独立,这样既保证了系统的松散耦合,也使应用系统的集成和扩展新应用系统更容易。随着统一身份认证系统的逐步完善,将在数字校园信息安全体系中发挥重要作用,使得网络更安全,更方便管理和使用。
With gradual construction of e-campus being perfect, various kinds of application emerge on the campus network system.The drawbacks of each kind of application system with independent authentication also gradually appears, so the campus network is hard to be centralized management, the visit of user is not convenient, and the security exists enormous hidden danger. Therefore, to establish a Unified Identity Authentication System(UIAS) to the digitized campus that realize unified management, unified authentication and unified authorization is extremely essential.
The development pattern and the structure of existing application system are very different, they has very many insufficiencies in the application integration. With the technology development of Web Services, its characteristic that contain highly effective integration, the loose coupling and easy realization and so on cause that mutually to operate and the integrated question is simplified from the level.
This article uses massive popular open-source softwares, and proposes one kind of UIAS frame that based on Web Services,it contains three parts, the platform of unified identity authentication, the database of LDAP as well as Web Services integration engine. the platform of unified authentication identity including the CAS server. Through unifying acegi and CAS the authentication and authorization can be realized. In the overall system, the authentication and authorization completely depends on CAS. This can reduce the maintenance and management cost of each application system, enhance the security and extension, and reduce the difficulty of development. Developing Web Services with Xfire can make each level of the system be relative independence.This can guarantee the loose and coupling of system, also cause the integration and extence of application system be easier. With the gradually consummation of UIAS system, it will play vital role in the information security system of e-campus, and will make the network safer, management and use more convenient.
引文
[1]何斌,数字化校园中的数据同步研究与实现.东华大学硕士学位论文.2005.1
[2]赵晓锋.基于Web Service的统一身份认证系统的设计与实现.北京邮电大学硕士学位论文,2005.2
[3]李冰,袁野.LDAP目录服务在统一身份认证系统中的应用.信息技术,2005.1
[4]顾丽,石福斌,曹乐松.采用目录服务Kerberos认证实现统一身份认证.信息技术,2007.4
[5]罗婵,董丽丽,马宗方.基于SOAP协议的统一身份认证服务设计与实现.计算机技术与发展,2006.10
[6]郑东曦.基于Web服务的统一身份认证服务的设计实现.计算机工程与设计,2006.3
[7]左晓珲,沈富可,任肖丽,张巍.基于LDAP的校园网统一身份认证技术简介.计算机与数字工程,第36卷.
[8]WWW.OPEN-OPEN.COM
[9]孙小权,韩伟力,邹丽英.web services在数字化校园建设中的应用.教育信息化,2005.7
[10]柴晓路,梁宇奇.Web Services技术、架构和应用[M].北京:电子工业出版社,2003.
[11]陈广怀,统一身份认证系统的研究与设计.华南理工大学硕士学位论文.2005.5
[12]程炜,杨宗凯.基于Web Services的一种分布式体系结构[J].计算机应用研究.2002,(3),105-107
[13]柴晓路,web服务架构与开放互操作技术.北京.清华大学出版社.2002
[14]张志强,张景等.基于Web Services的应用系统开发初探.计算机应用,2003,5.134-136
[15][美]Didier Martin等,XML高级教程[M],机械工业出版社,2001
[16]XML Schema[EB/OL],http://www.w3.org/XML/Schema
[17]Tim Bray,Dave Hollander,Andrew Layman.Namespaces in XML[EB/OL],1999.http://www.w3.org/TR/1999/REC-xml-names-19990114/
[18]宋善德,王雪飞.利用Web Services实现企业应用集成.计算机应用,2003.7
[19]宋剑峰.全球巨头争霸Web Service.计算机,2003.6
[20]SOAP Version1.2[EB/OL],http://www.w3.org/TR/soap
[21]Web Services Description Language(WSDL)Version1.1[EB/OL],http://www.w3.org/TR/wsdl
[22]Ben Galbmith等,Web服务安全性高级编程.清华大学出版社,2003
[23]http://www.springframework.org/
[24]david.turing.SSO(Single Sign-on)in Action(上篇),2006-10-02.http://www.blogjava.net/security/archive/2006/10/02/sso_in_action.html
[25]javafenger.SSO技术简介,2007-02-09.http://javafenger.javaeye.com/blog/96706
[26]李冰.用户统一身份认证系统的设计与实现.工学硕士学位论文.2005.3
[27]徐俊,黄传华.基于Web Services数字校园统一身份认证系统的研究与实现.计算机与现代化,2007.10
[28]张旗,张水平.基于Web Services架构的统一身份认证的设计与实现.空军工程大学学报,2006.2
[29]JA-SIG Central Authentication Service.http://www.ja-sig.org/products/cas/index.html
[30][美]沃尔斯,[美]布雷登巴赫著,李磊,程立,周悦虹译.Spring in Action中文版,2006年03月
[31]http://esup-casgeneric.sourceforge.net/
[32]http://xfire.codehaus.org/
[33]XFire入门.2007.5 http://www.ibm.com/developerworks/cn/java/j-lo-xfire/
[2]赵晓锋.基于Web Service的统一身份认证系统的设计与实现.北京邮电大学硕士学位论文,2005.2
[3]李冰,袁野.LDAP目录服务在统一身份认证系统中的应用.信息技术,2005.1
[4]顾丽,石福斌,曹乐松.采用目录服务Kerberos认证实现统一身份认证.信息技术,2007.4
[5]罗婵,董丽丽,马宗方.基于SOAP协议的统一身份认证服务设计与实现.计算机技术与发展,2006.10
[6]郑东曦.基于Web服务的统一身份认证服务的设计实现.计算机工程与设计,2006.3
[7]左晓珲,沈富可,任肖丽,张巍.基于LDAP的校园网统一身份认证技术简介.计算机与数字工程,第36卷.
[8]WWW.OPEN-OPEN.COM
[9]孙小权,韩伟力,邹丽英.web services在数字化校园建设中的应用.教育信息化,2005.7
[10]柴晓路,梁宇奇.Web Services技术、架构和应用[M].北京:电子工业出版社,2003.
[11]陈广怀,统一身份认证系统的研究与设计.华南理工大学硕士学位论文.2005.5
[12]程炜,杨宗凯.基于Web Services的一种分布式体系结构[J].计算机应用研究.2002,(3),105-107
[13]柴晓路,web服务架构与开放互操作技术.北京.清华大学出版社.2002
[14]张志强,张景等.基于Web Services的应用系统开发初探.计算机应用,2003,5.134-136
[15][美]Didier Martin等,XML高级教程[M],机械工业出版社,2001
[16]XML Schema[EB/OL],http://www.w3.org/XML/Schema
[17]Tim Bray,Dave Hollander,Andrew Layman.Namespaces in XML[EB/OL],1999.http://www.w3.org/TR/1999/REC-xml-names-19990114/
[18]宋善德,王雪飞.利用Web Services实现企业应用集成.计算机应用,2003.7
[19]宋剑峰.全球巨头争霸Web Service.计算机,2003.6
[20]SOAP Version1.2[EB/OL],http://www.w3.org/TR/soap
[21]Web Services Description Language(WSDL)Version1.1[EB/OL],http://www.w3.org/TR/wsdl
[22]Ben Galbmith等,Web服务安全性高级编程.清华大学出版社,2003
[23]http://www.springframework.org/
[24]david.turing.SSO(Single Sign-on)in Action(上篇),2006-10-02.http://www.blogjava.net/security/archive/2006/10/02/sso_in_action.html
[25]javafenger.SSO技术简介,2007-02-09.http://javafenger.javaeye.com/blog/96706
[26]李冰.用户统一身份认证系统的设计与实现.工学硕士学位论文.2005.3
[27]徐俊,黄传华.基于Web Services数字校园统一身份认证系统的研究与实现.计算机与现代化,2007.10
[28]张旗,张水平.基于Web Services架构的统一身份认证的设计与实现.空军工程大学学报,2006.2
[29]JA-SIG Central Authentication Service.http://www.ja-sig.org/products/cas/index.html
[30][美]沃尔斯,[美]布雷登巴赫著,李磊,程立,周悦虹译.Spring in Action中文版,2006年03月
[31]http://esup-casgeneric.sourceforge.net/
[32]http://xfire.codehaus.org/
[33]XFire入门.2007.5 http://www.ibm.com/developerworks/cn/java/j-lo-xfire/