基于Struts框架的安全策略研究与实现

【作者】 孙宇；

【导师】 张功萱；

【作者基本信息】 南京理工大学 ， 计算机应用技术， 2008， 硕士

【摘要】 随着计算机网络与分布式计算技术的日趋成熟,基于MVC模式的Struts框架逐渐成为中小企业网站开发的主流。根据安全公司的报告显示网络攻击已经开始和经济利益挂钩,对于中小企业来说,他们面临成本压力,也缺乏技术支持,同时又不乏敏感信息需要保护,需要成熟可靠的技术来为他们的信息安全保驾护航。本人在参加SANY项目开发时深刻感受到这方面的需求,借毕设之机首先分析了目前的J2EE加防火墙的网站开发模式在安全上的优缺点,结合当前技术设计了这样一个适用于Struts架构的安全系统,这套系统的特性是技术手段成熟、易于部署,并且该系统具有相当大的挖掘潜力,未来可以采用服务组合的方式加以拓展。对于本系统的论述将分三个部分进行,首先是Struts开发框架内的认证与授权体系,这一部分的技术比较成熟,已经应用在SANY项目中目前运行稳定;第二部分是设计了一个具有嗅探功能的网站守护进程,使用C++语言编写,通过这个守护进程可以分析出哪些IP是可信的,哪些是可疑的,进而可以采取措施,同时还提出了如何在Java和C++两个不同的进程间架起通信的桥梁;第三部分是对于第二部分的改进工作,这些工作包括进程隐藏研究、内存池的算法研究、服务组合研究,这些研究工作未来可以应用在真正有商业价值的适用于Struts架构的安全系统中。本文将这三个部分分别用一个章节讲述,对于它们的实现或测试都在章节中都有所体现,运行与监测结果表明设计思路可行,达到了预期的研究目的与期望。更多还原

【Abstract】 As the computer network and distribution compute technology grows mature, the Struts frame based on MVC model gradually become the main exploitation stream of midium and small size corporation. According to the report of security corporation, network attack now links to economic interests. To midium and small size corporations, upon the cost pressure , lack of technology support, and needs of protection for important informtaion, they need mature and trustful technology to insure the security of their information. I deeply perceived this kind of demands, when I took part in the SANY project. So I take advantage of the graduation design to first evaluate the merits and demerits of the present J2EE plus fire wall network exploitation model in network security. On this condition, I combined the present technology to design a security system applied to Struts frame. The traits of the system are maturity in technology and easy to carry out. And with the great potential of the system, it could be developed by adapting the mode of service combination.The dissertation of the system is genarally in three parts. First is the authentication and warranty system within the Struts frame exploitation. The technology of this part is relatively mature, as it has already applied to the SANY project, which is now good in work. The second part is to design a network protection course with sniff function. With this course, written by C++, we can analyse whether an IP is trustful or not and then take further action. The course also contributes in the communication between different courses respectively written by Java and C++. The last part are ameliorations on the second part. The ameliorations include research on course concealing, memory pool computing and service combination. These research could be applied to security system, applied to Struts frame, with real business value.This paper describes each of the three parts respectively in one section. The realization or test of them are all in the paper. The result shows that the design is feasible, which achieves the anticipated research purpose and expectation.更多还原