【作者】 吴振生；

【导师】 须文波；

【作者基本信息】 江南大学 ， 计算机应用技术， 2009， 硕士

【副题名】Web Service及其安全性的实现方案

【摘要】 或许在未来的20年里,Web Service将会成为软件开发领域最热门的话题,随着WEB2.0的迅速普及,如何利用好Web Service这一新技术就成为一个非常重要的课题。尽管SOA(Service Oriented Architecture)架构已经深入人心,但是针对这个领域的争论却一直没有停止过,以至于至今对于SOA都没有一个准确的定义。但毫无疑问的是,在实际的开发领域,人们已经越来越多地使用SOA概念下的新技术,当然,由此也产生了许多新的问题,安全性问题便是其中一个最为突出的方面。本文开篇即介绍了SOA及Web Service相关技术基础。主要介绍了SOA和Web Service的概念并分析了它们之间的区别。另外,SOA的体系结构、Web Service的实现方法中所需要的技术、基于Web Service的一些基本协议和解决方案----WSDL、UDDI、SOAP以及XML-----本文也做了详细的介绍,同时也介绍了一些当前比较成熟的软件开发方法和工具对Web Service的支持。针对Web Service的迅猛发展中遗留的安全问题,本文主要介绍了Web Service所需求的安全性的特点,实现Web Service安全性的一些基本目标和相关原则,给出了一些对现有的安全技术的讨论,也分析了一些相关的研究成果、实现方法及相关标准。在介绍了Web Service的开发技术并且分析了众多安全体系之后,结合国内的软件开发现状,集中对Eclipse+Tomcat+Axis组合的Web Service开发方法进行了深入研究,并在此框架下设计了一个提供安全保障的Web服务模型,给出了相应的模块设计方案,加入了对Web Service的安全性支持。最后,通过一个例子观察了在该模型下,SOAP消息在未加密前和加密后的区别,通过具体的分析,验证了该模型对Web服务安全性的提升。更多还原

【Abstract】 Maybe in the next 20 years, Web Service will be the most popular subject in the field of software designning. With the charm of WEB 2.0, how to use this new technology will surely become a very important topic.Though SOA (Service Oriented Architecture) is well-known, dissensions on this field has never stopped, even today there is no strict definition about SOA. But there is no doubt that in the real market of software designning, the designners are using the new technologies based on SOA more and more. Of course, with the rapid growth of it, there are still a lot of problems left.At the beginning of this article, we will talk about the basic technologies based on SOA and Web Service. We will discuss the definitions of SOA and Web Service, also the little differernces between them. Then we will focus on these technologies that we will obviously ues in developing Web Service applications, like WSDL、UDDI、SOAP and XML. We will also talk about some well-developed techniques that support Web Service.The problem of security of Web Sevice is greatly increasing while Web Sevice itself doing the same thing. In this article, we will discuss the characteristic of Web Sevice security problem, some basic destinations and prinsples are also included, we will make some discuss on the technologies of security which we have already made in use now, and we will also metion some solutions and standards.After discussing the technique of Web Service development and many security system in this subject, based on the actuality of this domain, we will take the solution of developing Web Service by Eclipse+Tomcat+Axis as our key point, and design a web service module which can provide the solution of security, with the specific design of the inner modules.Also, at the end of the article, we will give a test that simulates an attack. In this test, by comparing the differences between encrypted and unencrypted SOAP envelope, we can see how the module we provided works. It also proves the assurance of security that provided by our module.更多还原