单点登录在企业信息门户中的应用研究
摘要
随着信息技术和网络技术的发展,基于WEB的分布式计算模型已经作为主流技术发展壮大起来,许多学校、医院、企业和政府部门都构建了自己的信息门户,通过门户实现企业内部资源的集成和信息共享,在方便用户使用的同时大大提高了工作效率。但是由于各种应用系统不断增多,用户需要登录到不同系统,需要记住不同系统的用户名和密码。并且由于各个系统都有自己的用户管理系统,必然增加了系统安全管理和技术支持部门的成本。单点登录(Single Sign On,SSO)技术的出现,是解决上述问题的有效方案。通过SSO,在多个应用系统中只需进行一次身份验证就可以访问所有已授权的网络资源。
本文首先对企业信息门户、访问控制、统一身份认证、单点登录等相关技术做了简要介绍,然后对现有SSO解决方案进行了阐述。最后,设计了一个SSO模型,并结合国家科技支撑计划项目的需求,开发了一个现代人口与生殖健康公共服务信息门户系统。该系统基于WebLogic Portal和J2EE技术实现,集成了国家人口计生委的各种现有业务系统,并且在用户群体的安全管理、单点登录、应用集成、前台页面设计和后台管理方面作了有益探索,开发了一系列相关功能模块。通过项目实际开发应用表明:单点登录技术大大简化了用户操作,提升了用户体验,降低了系统开发和管理的成本,为企业应用集成奠定了良好基础,对企业信息门户的实施和应用集成具有非常积极的意义。
With the development of information technology and network technology, the distribution computing mode based on web service has been progressed as main trend, many schools, hospitals, enterprises and government have built up their own information portal to realize enterprise internal resource integration and information communication, it is convenient to user, as meanwhile it has improved work efficiency. As a result of various application systems increasing, user has to log on different systems, and memorize account names and passwords of different systems. Moreover, as each system has its own user administration system, it is certainly rising up the cost of security administration and technology supporting department. The invention of SSO is the effective solution to solve above problems. Via SSO, we only need to be identified one time to access all the authorized internet resource in the multi-application systems.
The article firstly made a brief for enterprise information portal, access control, identity authentication, SSO etc concerned technology, and afterward it explains the solution of SSO, and developed a public service information portal system of modern population. The realization of the system based on Weblogic and J2EE technology, has integrated various operational systems of National Population Project Council, and helpfully probed into group of user security management, SSO, application integration, web design of front platform and management of background, has developed a series of concerned mode. It is indicated via the project being developed and applied: SSO technology has simplified user’s operation, upgraded user’s experience, decreased the cost of system development and administration, established a good foundation of application integration for enterprise, and had very aspiring significance for carrying out of enterprise information portal and application integration.
本文首先对企业信息门户、访问控制、统一身份认证、单点登录等相关技术做了简要介绍,然后对现有SSO解决方案进行了阐述。最后,设计了一个SSO模型,并结合国家科技支撑计划项目的需求,开发了一个现代人口与生殖健康公共服务信息门户系统。该系统基于WebLogic Portal和J2EE技术实现,集成了国家人口计生委的各种现有业务系统,并且在用户群体的安全管理、单点登录、应用集成、前台页面设计和后台管理方面作了有益探索,开发了一系列相关功能模块。通过项目实际开发应用表明:单点登录技术大大简化了用户操作,提升了用户体验,降低了系统开发和管理的成本,为企业应用集成奠定了良好基础,对企业信息门户的实施和应用集成具有非常积极的意义。
With the development of information technology and network technology, the distribution computing mode based on web service has been progressed as main trend, many schools, hospitals, enterprises and government have built up their own information portal to realize enterprise internal resource integration and information communication, it is convenient to user, as meanwhile it has improved work efficiency. As a result of various application systems increasing, user has to log on different systems, and memorize account names and passwords of different systems. Moreover, as each system has its own user administration system, it is certainly rising up the cost of security administration and technology supporting department. The invention of SSO is the effective solution to solve above problems. Via SSO, we only need to be identified one time to access all the authorized internet resource in the multi-application systems.
The article firstly made a brief for enterprise information portal, access control, identity authentication, SSO etc concerned technology, and afterward it explains the solution of SSO, and developed a public service information portal system of modern population. The realization of the system based on Weblogic and J2EE technology, has integrated various operational systems of National Population Project Council, and helpfully probed into group of user security management, SSO, application integration, web design of front platform and management of background, has developed a series of concerned mode. It is indicated via the project being developed and applied: SSO technology has simplified user’s operation, upgraded user’s experience, decreased the cost of system development and administration, established a good foundation of application integration for enterprise, and had very aspiring significance for carrying out of enterprise information portal and application integration.
引文
[1] Christopher C. Shilakes and Julie Tylman.Enterprise Information Portals[J]. Merrill Lyneh.Nov16,1998:51-53.
[2]谈猛刚.基于企业门户的应用集成研究[J].中国科学院软件研究所.2004.:278-280
[3]樊秋胜,浅析我国企业信息门户(EIP)建设[J].太原;科技情报开发与经济,2003,13(8):217-219.
[4] Microsoft..NET Passport Single Sign-In[M], MSDN,2003
[5] Liberty Alliance Project."Liberty Architecture Overview, Vision 1.1"[EB/OL]. http://www.sourceid.org/docs/sso/liberty-architecture-overview-vl.l.pdf
[6]马亚娜,钱焕延等.用Cookie构建Web安全的实现[J].计算机工程,2002:86-89.
[7] Kohl J,Neuman C.The Kerberos Network Authentication Service(V5)[S].RFC1510.1993.
[8] IBM.门户体系架构技术探讨[EB/OL].http://ww.ibm.eom.en.2002
[9]谭立球,费耀平,李建华.企业信息门户单点登录系统的实现[J].计算机工程.2005.13(8):217-219.
[10]谭立球,费耀平,李建华.企业信息门户单点登录系统的实现[D].计算机工程,2005.9,31(17).
[11]许方,邓敏.内容管理系统(CMS)的发展与应用[J],孝感学院学报,2004.5,Vol.27:154-156.
[12]方厚政,企业信息门户的5个最佳实践经验[J],电子商务世界,2003年,第11期:48-49
[13]李富玲,李颖.企业信息资源开发与利用中的问题及影响因素分析[J].情报科学,2004,(10):1015一101
[14] Java Conununity Proeess.JSR一000168 Portlet Speeifieation[M]. Oet7,2003
[15] OASIS WSRP[EB/OL] http://www.oasis一open.org/eommittees/download.php/3343/ Oasis-200304-wsrP-specification-1.0.Pdf
[16]康威,李凯统一用户认证和单点登录解决方案[J],计算机世界报,2005,36(14)
[17] Andrew Conry-Murray.Microsoft's Passport to Controversy[J].Network Magazine,2002,17(3):46-49
[18] ZDNet China专稿,深度分析:“自由联盟”,还是微软Passport?[M],2003.9.20
[19] IBM. IBM/Lotus Domino与WebSphere Portal单点登录[EB/OL].http://ww.ibm.eom.en.2002
[20] David P.Kormann,Aviel D.Rubin.Risks of the Passport Single Signon Protocol[J].Computer Networks,2000,33(6):51-58
[21] OASIS Security Services(SAML)TC[EB/OL]. http://www.oasis-open.org/commitees/security 2006
[22] Netegrity. Netegrity SiteMinder技术白皮书[D].2007
[23]刘晓华,JZEE企业级应用开发[D],第l版,北京,电子工业出版社,2005
[24]马亚娜,钱焕延,孙亚民,用Cookei构建Wbe安全的实现[J],计算机工程,2002:146-151
[25]陈玉江,Cookie的传递流程[J],塞迪网互动学校,2001
[26]林上杰等.JSP2.0技术手册[M].北京,电子工业出版社.2006
[27] [美] Kevin Duffey Vikram Goyal[M]. JSP站点设计编程指南.2003
[28]程峰等译.Java核心技术.第6版[M],北京,机械工业出版社.2004
[29] [美] Daniel I.Joshi Pavel A.Vorobiev[M]. Java程序员参考大全,2006
[30] [美] Joseph L.Weber. Java 2编程详解[M].2004
[31] [美] MICHAEL D.THOMAS PRATIK R.PATEL等.Java for Internet编程技术[M].2008
[32] [美] Peter vander Linden. Java 2教程[M].电子工业出版社,2003.
[33]王珊珊.XML安全认证协议及单点登录系统的研究[J].2005:90-93
[34] [美] Brett McLaugblin. Java与XML.第二版[M],中国电力出版社, 2004
[35] Steve Buzzard.用Web Service进行企业级的门户集成[D].2005
[36] W3C,Extensible Markup Language(XML)1.0[D],W3C Recommendation 10-February-1998
[37]彭江平.基于XML与SOAP技术的Web Service[D].2004
[38] [美] Angela Yochem,David Carlson,Tad Stephens. J2EE应用与BEA WebLogic Server第二版[M],电子工业出版社,2005.2
[39]孙卫琴.精通Hibernate : Java对象持久化技术详解[M].北京,电子工业出版社2006,24(5):68-79
[40]柴晓路,梁羽奇.Web services技术、架构与应用[J].电子工业出版社.2003.01.:33-37
[41] Web Service Case Study:统一身份认证服务[EB/OL]. http://www-900.ibm.com/developerWorks/cn/webservices/ws-casestudy/part4/index.shtml
[42] Single Sign On Authentication Model Using MAS TEEE2003 National Security Institute[J], Korea Daeee,2006:134-136
[43]王胜顺,金海.Web Services身份认证与授权系统的研究与实践[J].南昌大学学报(理科版).2002年03期:76-79
[44]高克义,傅彦.一种基于Web的身份鉴别策略及其实现[J].电子科技大学学报, 2002,31(5):512-516
[45]洪帆,何绪斌,徐智勇.基于角色的访问控制[J].小型微型计算机系统2000.2:43-46
[46]李小平,阎光伟,王轩峰等基于公开密钥基础设施的单点登录系统的设计[J].北京理工大学学报,2002,22(2):209-213
[47]郑宏云.Internet的加密与认证技术[J].中国数据通讯网络,2000,07:121-124
[48]林琳,罗安.基于网络安全的数据加密技术的研究[J].现代电子技术,2004.178:101-103
[49] Sun Microsystems.Key and Certificat Management Tool[EB/OL].http://java.sun.com
[50] Rich Helton,Johennie Helton.Java安全解决方案[D].北京:清华大学出版社,2003.
[51]高俊娜,于继万,朱华飞.一种新的SIP SSO机制[J].计算机应用,2004,24(5):53-55
[2]谈猛刚.基于企业门户的应用集成研究[J].中国科学院软件研究所.2004.:278-280
[3]樊秋胜,浅析我国企业信息门户(EIP)建设[J].太原;科技情报开发与经济,2003,13(8):217-219.
[4] Microsoft..NET Passport Single Sign-In[M], MSDN,2003
[5] Liberty Alliance Project."Liberty Architecture Overview, Vision 1.1"[EB/OL]. http://www.sourceid.org/docs/sso/liberty-architecture-overview-vl.l.pdf
[6]马亚娜,钱焕延等.用Cookie构建Web安全的实现[J].计算机工程,2002:86-89.
[7] Kohl J,Neuman C.The Kerberos Network Authentication Service(V5)[S].RFC1510.1993.
[8] IBM.门户体系架构技术探讨[EB/OL].http://ww.ibm.eom.en.2002
[9]谭立球,费耀平,李建华.企业信息门户单点登录系统的实现[J].计算机工程.2005.13(8):217-219.
[10]谭立球,费耀平,李建华.企业信息门户单点登录系统的实现[D].计算机工程,2005.9,31(17).
[11]许方,邓敏.内容管理系统(CMS)的发展与应用[J],孝感学院学报,2004.5,Vol.27:154-156.
[12]方厚政,企业信息门户的5个最佳实践经验[J],电子商务世界,2003年,第11期:48-49
[13]李富玲,李颖.企业信息资源开发与利用中的问题及影响因素分析[J].情报科学,2004,(10):1015一101
[14] Java Conununity Proeess.JSR一000168 Portlet Speeifieation[M]. Oet7,2003
[15] OASIS WSRP[EB/OL] http://www.oasis一open.org/eommittees/download.php/3343/ Oasis-200304-wsrP-specification-1.0.Pdf
[16]康威,李凯统一用户认证和单点登录解决方案[J],计算机世界报,2005,36(14)
[17] Andrew Conry-Murray.Microsoft's Passport to Controversy[J].Network Magazine,2002,17(3):46-49
[18] ZDNet China专稿,深度分析:“自由联盟”,还是微软Passport?[M],2003.9.20
[19] IBM. IBM/Lotus Domino与WebSphere Portal单点登录[EB/OL].http://ww.ibm.eom.en.2002
[20] David P.Kormann,Aviel D.Rubin.Risks of the Passport Single Signon Protocol[J].Computer Networks,2000,33(6):51-58
[21] OASIS Security Services(SAML)TC[EB/OL]. http://www.oasis-open.org/commitees/security 2006
[22] Netegrity. Netegrity SiteMinder技术白皮书[D].2007
[23]刘晓华,JZEE企业级应用开发[D],第l版,北京,电子工业出版社,2005
[24]马亚娜,钱焕延,孙亚民,用Cookei构建Wbe安全的实现[J],计算机工程,2002:146-151
[25]陈玉江,Cookie的传递流程[J],塞迪网互动学校,2001
[26]林上杰等.JSP2.0技术手册[M].北京,电子工业出版社.2006
[27] [美] Kevin Duffey Vikram Goyal[M]. JSP站点设计编程指南.2003
[28]程峰等译.Java核心技术.第6版[M],北京,机械工业出版社.2004
[29] [美] Daniel I.Joshi Pavel A.Vorobiev[M]. Java程序员参考大全,2006
[30] [美] Joseph L.Weber. Java 2编程详解[M].2004
[31] [美] MICHAEL D.THOMAS PRATIK R.PATEL等.Java for Internet编程技术[M].2008
[32] [美] Peter vander Linden. Java 2教程[M].电子工业出版社,2003.
[33]王珊珊.XML安全认证协议及单点登录系统的研究[J].2005:90-93
[34] [美] Brett McLaugblin. Java与XML.第二版[M],中国电力出版社, 2004
[35] Steve Buzzard.用Web Service进行企业级的门户集成[D].2005
[36] W3C,Extensible Markup Language(XML)1.0[D],W3C Recommendation 10-February-1998
[37]彭江平.基于XML与SOAP技术的Web Service[D].2004
[38] [美] Angela Yochem,David Carlson,Tad Stephens. J2EE应用与BEA WebLogic Server第二版[M],电子工业出版社,2005.2
[39]孙卫琴.精通Hibernate : Java对象持久化技术详解[M].北京,电子工业出版社2006,24(5):68-79
[40]柴晓路,梁羽奇.Web services技术、架构与应用[J].电子工业出版社.2003.01.:33-37
[41] Web Service Case Study:统一身份认证服务[EB/OL]. http://www-900.ibm.com/developerWorks/cn/webservices/ws-casestudy/part4/index.shtml
[42] Single Sign On Authentication Model Using MAS TEEE2003 National Security Institute[J], Korea Daeee,2006:134-136
[43]王胜顺,金海.Web Services身份认证与授权系统的研究与实践[J].南昌大学学报(理科版).2002年03期:76-79
[44]高克义,傅彦.一种基于Web的身份鉴别策略及其实现[J].电子科技大学学报, 2002,31(5):512-516
[45]洪帆,何绪斌,徐智勇.基于角色的访问控制[J].小型微型计算机系统2000.2:43-46
[46]李小平,阎光伟,王轩峰等基于公开密钥基础设施的单点登录系统的设计[J].北京理工大学学报,2002,22(2):209-213
[47]郑宏云.Internet的加密与认证技术[J].中国数据通讯网络,2000,07:121-124
[48]林琳,罗安.基于网络安全的数据加密技术的研究[J].现代电子技术,2004.178:101-103
[49] Sun Microsystems.Key and Certificat Management Tool[EB/OL].http://java.sun.com
[50] Rich Helton,Johennie Helton.Java安全解决方案[D].北京:清华大学出版社,2003.
[51]高俊娜,于继万,朱华飞.一种新的SIP SSO机制[J].计算机应用,2004,24(5):53-55