基于J2EE的Web安全技术应用研究
|
摘要
本文主要提出了基于J2EE的Web安全技术,对于使用J2EE规范来架构系统时存在的非物理性的安全问题提出了解决方案。这些安全问题主要包括数据加密传输问题、数字签名问题和部分J2EE组件的安全问题。论文首先介绍了J2EE计算平台和J2EE技术;其次介绍了加密安全和数字签名;然后介绍了SSL协议、SET协议和JSSE API;最后将三者有机地结合起来提出基于J2EE的Web安全问题的解决方案,并提供了基于J2EE的Web应用安全框架。
The paper chiefly put forward Web security technology on the basis of J2EE. which is a kind of the computer specification. When it can be used to frame computer system, given a solving method to problem of the non-physical safety. These problems major included problems of the encryption techniques in the process of data transmission, numerical underwrite and safety in the partially component J2EE. First the paper introduced the computer platform and technology of the J2EE. Second the safety of the encryption and numerical underwrite are discussed. And then the SSL protocol, SET protocol and JSSE API are given in the paper. Finally through logically combined three forward terms, put forward the solving schemes of the Web secure technology of the basic J2EE. At the same time, the Web applied security frame on the basis of J2EE can be also provided in the paper.
The paper chiefly put forward Web security technology on the basis of J2EE. which is a kind of the computer specification. When it can be used to frame computer system, given a solving method to problem of the non-physical safety. These problems major included problems of the encryption techniques in the process of data transmission, numerical underwrite and safety in the partially component J2EE. First the paper introduced the computer platform and technology of the J2EE. Second the safety of the encryption and numerical underwrite are discussed. And then the SSL protocol, SET protocol and JSSE API are given in the paper. Finally through logically combined three forward terms, put forward the solving schemes of the Web secure technology of the basic J2EE. At the same time, the Web applied security frame on the basis of J2EE can be also provided in the paper.
引文
1.Jamie Jaworski等著.Java安全手册[M],北京:电子工业出版社,2001,175-177
2.Jess Garms,Daniel Somerfield著.Java安全性编程指南[M],北京:电子工业出版社,2002,114-115
3.Pvaul J.Perrone,et al.著.J2EE构建企业系统[M],北京:清华大学出版社,2001,612-613
4.胡凯,宋京民等编著.网络计算新技术[M],北京:科学出版社,2001,322-326
5.方美琪编.电子商务概论[M],北京:清华大学出版社,2000,126-127
6.李文生,等.基于Web的多层客户/服务器数据库应用程序[J],计算机应用研究,2001(2).
7.章勇,等.Web与数据库集成及其安全性技术[J],计算机应用研究,1999(3).
8.陈震解,等.基于Web的B/S结构供电安全系统的实现技术[J].计算机应用研究,2001,(10)
9.李炳等,基于J2EE技术的安全B/S系统的研究与实现[J].武汉理工大学学报,2002,26(1)
10.张桂宁,内联网Intranet的安全技[J].广西大学学报,1999,24(12):20-21
11.陈宝林,电子商务系统安全问题概述[J].信息技术,2001,(1):28-29
12.吴应良等,电子商务的安全机制与体系模型[J].计算机工程与应用,2001,(08):27-28
13.陈庆峰等,安全电子商务技术的研究[J].计算机学报,2000,23(2):202-203
14.刘靖,SET协议中问题的分析与解决方案[J].广东通信技术,1999,19(4):20
15.梁向阳等,电子商务中的加密技术[J].安康师专学报,2001,13(2):50-52
16.曹鸣鹏等,J2EE技术及其实现[J].计算机应用,2001,21(10)
17.万助盛等,J2EE企业计算平台[J].计算机应用研究,2000
18.胡永,J2EE企业计算平台[J].计算机系统应用,1999,(5)
19.边娜,Web安全技术与防火墙[J].计算机系统应用,2000,22(12)增刊
20.阳威特,Web应用程序的安全维护[J].电脑开发与应用,2000,13(4)
21.赵东,分布对象技术述评[J].计算机应用,2000,20(12)
22.李湘江,网络安全技术与管理[J].现代图书情报技术,2002,第2期
23.陈庆峰,电子商务安全协议及其非单调动态逻辑验证[J].软件学报,2000,11(2)
24.章甫,面向对象的语言——JAVA[J].重庆邮电学院学报(自然科学版)2000,01期
25.赵峰等,Internet信息安全问题[J].铁道部郑州公安管理干部学院学报,2000,03期
25.金虹等,代理服务器安全性研究[J].情报科学,2001,19(3)
26.汪新平等,代理服务器在Internet/Intranet中的应用[J].计算机工程,2000,26(1)
27.沈明玉等,基于WinSocket代理服务器设计方法探讨[J].合肥工业大学学报,2001,24(3)
28.王春枝等,基于用户的代理服务器安全访问的开发[J].湖北工学院学报,2000,15(4)
29.杨德华,Internet网上用户验证技术[J].计算机应用研究,1999,(5):45-49
30.汪渊等,基于代理中间件的安全Brower/Server系统[J].计算机工程,2000,26(5)
31.孔静萍,Internet的安全通信协议SSL与SET的剖析和比较[J].现代计算机,2000,89(4)
32.潘志松,网络防火墙中的代理技术[N].计算机世界报,1999,10
33.吴益清等,代理服务器的原理与实现[J].信息工程大学学报,2000,1(4)
34.沈进等,代理服务器的研究与实现[J].南京航空航天大学学报,2000,33(6)
35.赵东等,分布对象技术评述[J].计算机应用,2000,20(12)
36.张明武等,HTTP代理服务器的设计与实现[J].湖北工学院学报,2000,15(4)
37.陈剑等,Java applet的安全性及应用[J].计算机应用研究,2001,(4)
38. Kohl J Nenman C RFC 1 51 0, The Kerberos Authentication Service V5 [S]
39. Java 2 Platform, Enterprise Edition Technical Overview (J2EE Overview) [EB/OL]. Copyright 1995-2002,Sun Microsyste Inc. Available at http://
java.sun.com/j2ee/white.html
40. Java 2 Plateform, Enterprise Edition Specification Version 1.2[EB/OL]. http://java.sun.com/J2EE/docs.html
41. Java 2 Platrform, Standard Edition, V1.3 API Specificat (J2Sespecification) [EB/OL]. Coopyright 1993,2000,Sun Microsysyte Inc. Avaiable at http://java.sun.com/products/jdk/1.3/docs.html
42. Sun's Internet Security Technologies [EB/OL].Copyright 1994-1999 Sun Microsystems, Inc. Avaiabte at http://www.sun.com/960901/feature3/javasecure.html
43. JavaTM Secure Socket Extension(JSSE)[EB/OL].Copyright 1994-1999 Sun Microsystems, Inc. Avaiable at http://java.sun.com/products/jsse/index-14.html
44. Applet Security [EB/OL].Copyright 1994-1999 Sun Microsystems, Inc. Avaiable at http://java.sun.com/sfaq/#applets
45. The World Wide Web Security FAQ[EB/OL]. http://www.w3.org/Security/Faq/wwwsf5.html#CON-Q10
46. JSP Security[EB/OL]. Jordan Dimov, Copyright 2002 Jupitermedia, Inc. Avaiable at http://www.developer.com/java/article.php/883381
47. Applet Security [EB/OL].http://pauillac.inria.fr/~rouaix/mmm/manual/node4.html
48. Applet Security [EB/OL].Copyright 1997 Elliotte Rusty Harold http://www.cafeaulait.org/course/week5/11.html
49. JSP Security for Limiting Access to Application-Internal URLs [EB/OL].Copyright 2000-2002 O'Reilly & Associates, Inc. Available at http://www.onjava.com/pub/a/onjava/2001/06/27/java_security.html
50. Introduction to SSL[EB/OL]. Copyright 1998 Netscape Communications Corporation. Available at http://developer.netscape.com/docs/manuals/security/sslin/
51. JavaTM Secure Socket Extension (JSSE) [EB/OL]. Copyright 1995-2003 Sun Microsystems, Inc. Available at http://java.sun.com/products/jsse/
52. Object Management Group The Common Object Request Broker: Architecture and Specification[R], 2.3, and June 1999.
53. BEA Systems, et al. CORBA Component Model Joint Revised Submission[S].
Object Managenent Group. OMG Document orbos/99-07-01 ed July 1999.
54. Randy Abemetby COM//DCOM Unleashed SAMS Pubishing[z]. 1998.
55. Anne Thomas. Patricia Seybold Group. Enterprise JavaBeans Technology [EB/OL].http://java.sun.com/products/ejb/white-paper.html. 1998.
56. JavaServer Page Specification Version 1.1[EB]. Sun Micrisystems, Available at Http://java.sun.com/products/jsp
57. Java Servlet Specification Version 2.2[EB]. Sun Microsystems,Available at Http://java.sun.com/products/servlet.
58. JDBC 2.0 API(JDBC Specification Version 2.2)[EB]. Sun Microsystems,Available at Http://java.sun.com/products/jdbc.
59. Java Naming and Directory Interface 1.2 Specification[EB]. Sun Microsystems, Available at: Http://java.sun.com/products/jndi.
60. JavaTransaction API Versin 1.0.1 (JTA Specification)[EB]. Sun Microsystems,Available at Http://java.sun.com/products/jta
61. JavaTransaction Service. Versin 1.0.2 (JTS Specification)[EB]. Sun Microsystems,Available at Http://java.sun.com/products/jts
62. Java Message Service. Versin 1.0.2 (JMS Specification)[EB]. Sun Microsystems,Available at Http://java.sun.com/products/jms
63. Java Mail API Versin 1.1 (JavaMail Specification)[EB]. Sun Microsystems,Available at Http://java.sun.com/products/javamail
2.Jess Garms,Daniel Somerfield著.Java安全性编程指南[M],北京:电子工业出版社,2002,114-115
3.Pvaul J.Perrone,et al.著.J2EE构建企业系统[M],北京:清华大学出版社,2001,612-613
4.胡凯,宋京民等编著.网络计算新技术[M],北京:科学出版社,2001,322-326
5.方美琪编.电子商务概论[M],北京:清华大学出版社,2000,126-127
6.李文生,等.基于Web的多层客户/服务器数据库应用程序[J],计算机应用研究,2001(2).
7.章勇,等.Web与数据库集成及其安全性技术[J],计算机应用研究,1999(3).
8.陈震解,等.基于Web的B/S结构供电安全系统的实现技术[J].计算机应用研究,2001,(10)
9.李炳等,基于J2EE技术的安全B/S系统的研究与实现[J].武汉理工大学学报,2002,26(1)
10.张桂宁,内联网Intranet的安全技[J].广西大学学报,1999,24(12):20-21
11.陈宝林,电子商务系统安全问题概述[J].信息技术,2001,(1):28-29
12.吴应良等,电子商务的安全机制与体系模型[J].计算机工程与应用,2001,(08):27-28
13.陈庆峰等,安全电子商务技术的研究[J].计算机学报,2000,23(2):202-203
14.刘靖,SET协议中问题的分析与解决方案[J].广东通信技术,1999,19(4):20
15.梁向阳等,电子商务中的加密技术[J].安康师专学报,2001,13(2):50-52
16.曹鸣鹏等,J2EE技术及其实现[J].计算机应用,2001,21(10)
17.万助盛等,J2EE企业计算平台[J].计算机应用研究,2000
18.胡永,J2EE企业计算平台[J].计算机系统应用,1999,(5)
19.边娜,Web安全技术与防火墙[J].计算机系统应用,2000,22(12)增刊
20.阳威特,Web应用程序的安全维护[J].电脑开发与应用,2000,13(4)
21.赵东,分布对象技术述评[J].计算机应用,2000,20(12)
22.李湘江,网络安全技术与管理[J].现代图书情报技术,2002,第2期
23.陈庆峰,电子商务安全协议及其非单调动态逻辑验证[J].软件学报,2000,11(2)
24.章甫,面向对象的语言——JAVA[J].重庆邮电学院学报(自然科学版)2000,01期
25.赵峰等,Internet信息安全问题[J].铁道部郑州公安管理干部学院学报,2000,03期
25.金虹等,代理服务器安全性研究[J].情报科学,2001,19(3)
26.汪新平等,代理服务器在Internet/Intranet中的应用[J].计算机工程,2000,26(1)
27.沈明玉等,基于WinSocket代理服务器设计方法探讨[J].合肥工业大学学报,2001,24(3)
28.王春枝等,基于用户的代理服务器安全访问的开发[J].湖北工学院学报,2000,15(4)
29.杨德华,Internet网上用户验证技术[J].计算机应用研究,1999,(5):45-49
30.汪渊等,基于代理中间件的安全Brower/Server系统[J].计算机工程,2000,26(5)
31.孔静萍,Internet的安全通信协议SSL与SET的剖析和比较[J].现代计算机,2000,89(4)
32.潘志松,网络防火墙中的代理技术[N].计算机世界报,1999,10
33.吴益清等,代理服务器的原理与实现[J].信息工程大学学报,2000,1(4)
34.沈进等,代理服务器的研究与实现[J].南京航空航天大学学报,2000,33(6)
35.赵东等,分布对象技术评述[J].计算机应用,2000,20(12)
36.张明武等,HTTP代理服务器的设计与实现[J].湖北工学院学报,2000,15(4)
37.陈剑等,Java applet的安全性及应用[J].计算机应用研究,2001,(4)
38. Kohl J Nenman C RFC 1 51 0, The Kerberos Authentication Service V5 [S]
39. Java 2 Platform, Enterprise Edition Technical Overview (J2EE Overview) [EB/OL]. Copyright 1995-2002,Sun Microsyste Inc. Available at http://
java.sun.com/j2ee/white.html
40. Java 2 Plateform, Enterprise Edition Specification Version 1.2[EB/OL]. http://java.sun.com/J2EE/docs.html
41. Java 2 Platrform, Standard Edition, V1.3 API Specificat (J2Sespecification) [EB/OL]. Coopyright 1993,2000,Sun Microsysyte Inc. Avaiable at http://java.sun.com/products/jdk/1.3/docs.html
42. Sun's Internet Security Technologies [EB/OL].Copyright 1994-1999 Sun Microsystems, Inc. Avaiabte at http://www.sun.com/960901/feature3/javasecure.html
43. JavaTM Secure Socket Extension(JSSE)[EB/OL].Copyright 1994-1999 Sun Microsystems, Inc. Avaiable at http://java.sun.com/products/jsse/index-14.html
44. Applet Security [EB/OL].Copyright 1994-1999 Sun Microsystems, Inc. Avaiable at http://java.sun.com/sfaq/#applets
45. The World Wide Web Security FAQ[EB/OL]. http://www.w3.org/Security/Faq/wwwsf5.html#CON-Q10
46. JSP Security[EB/OL]. Jordan Dimov, Copyright 2002 Jupitermedia, Inc. Avaiable at http://www.developer.com/java/article.php/883381
47. Applet Security [EB/OL].http://pauillac.inria.fr/~rouaix/mmm/manual/node4.html
48. Applet Security [EB/OL].Copyright 1997 Elliotte Rusty Harold http://www.cafeaulait.org/course/week5/11.html
49. JSP Security for Limiting Access to Application-Internal URLs [EB/OL].Copyright 2000-2002 O'Reilly & Associates, Inc. Available at http://www.onjava.com/pub/a/onjava/2001/06/27/java_security.html
50. Introduction to SSL[EB/OL]. Copyright 1998 Netscape Communications Corporation. Available at http://developer.netscape.com/docs/manuals/security/sslin/
51. JavaTM Secure Socket Extension (JSSE) [EB/OL]. Copyright 1995-2003 Sun Microsystems, Inc. Available at http://java.sun.com/products/jsse/
52. Object Management Group The Common Object Request Broker: Architecture and Specification[R], 2.3, and June 1999.
53. BEA Systems, et al. CORBA Component Model Joint Revised Submission[S].
Object Managenent Group. OMG Document orbos/99-07-01 ed July 1999.
54. Randy Abemetby COM//DCOM Unleashed SAMS Pubishing[z]. 1998.
55. Anne Thomas. Patricia Seybold Group. Enterprise JavaBeans Technology [EB/OL].http://java.sun.com/products/ejb/white-paper.html. 1998.
56. JavaServer Page Specification Version 1.1[EB]. Sun Micrisystems, Available at Http://java.sun.com/products/jsp
57. Java Servlet Specification Version 2.2[EB]. Sun Microsystems,Available at Http://java.sun.com/products/servlet.
58. JDBC 2.0 API(JDBC Specification Version 2.2)[EB]. Sun Microsystems,Available at Http://java.sun.com/products/jdbc.
59. Java Naming and Directory Interface 1.2 Specification[EB]. Sun Microsystems, Available at: Http://java.sun.com/products/jndi.
60. JavaTransaction API Versin 1.0.1 (JTA Specification)[EB]. Sun Microsystems,Available at Http://java.sun.com/products/jta
61. JavaTransaction Service. Versin 1.0.2 (JTS Specification)[EB]. Sun Microsystems,Available at Http://java.sun.com/products/jts
62. Java Message Service. Versin 1.0.2 (JMS Specification)[EB]. Sun Microsystems,Available at Http://java.sun.com/products/jms
63. Java Mail API Versin 1.1 (JavaMail Specification)[EB]. Sun Microsystems,Available at Http://java.sun.com/products/javamail