【作者】 张雪；

【导师】 马光思；

【作者基本信息】 西安建筑科技大学 ， 计算机软件与理论， 2010， 硕士

【摘要】 网络技术的飞速发展和广泛应用,从根本上改变了人类的传统交易方式和观念。建立在高速、开放的因特网上的电子商务,其交易安全与交易效率一直是理论和实际中的热门研究课题。本文的课题研究正是基于这一背景展开的。论文深入研究了J2EE安全机制、身份认证与授权,总结了在电子商务中基于PKI和SSL构建安全中间件的主流技术。结合安全协议的Petri网建模分析,针对网上安全交易模式中的效率问题,提出了构建会话恢复及连接分类的负载控制机制,以优化系统性能,提高应用安全和交互效率,增强商务网站的竞争力与影响力。基于构建安全中间件负载控制机制的设计模式、方案和功能划分,论文重点讨论了采用OpenSSL工具建立CA中心,使用JSP实现身份认证、数字签名的过程。根据数据库设计,类结构设计,分析了数据库连接、实现JavaBean及Servlet的方法,给出了用工具类及DWR技术,实现负载控制机制的详细过程。论文介绍了建立模拟环境,采用LoadRunner工具虚拟用户访问,按两套方案分别测试负载控制机制的过程和效果。对测试结果的比较分析表明,使用会话分类负载控制机制能有效缩短服务器平均响应时间,提高电子商务网站响应效率。论文最后总结了课题所做的工作,给出进一步的研究展望。更多还原

【Abstract】 The rapid development and extensive application of Internet technology have changed human traditional trading methods and concepts. The security and efficiency of EC, built on high-speed and open-Internet, are always the popular topics in theory and practices. This research topic is deployed on these backgrounds.In this paper, security mechanisms, authentication and authorization of J2EE are intensively studied, the mainstream technologies of building secure middleware in EC, which is based on PKI and SSL, are summarized. Combined with the modeling-analysis of Petri net on secure protocol, aiming at the efficiency problems in internet secure transactional model, the overload control mechanism based on session-resumed and session classification is proposed, to optimize system performance, enhance application security and interactive efficiency, strengthen the competitiveness and influence of business site.Based on the design method、project and functional partitioning of secure middleware overload control mechanism, building Certification Authority by OpenSSL, realizing the Identify Authentication by JSP, and the process of Digital Signature are discussed significantly in this paper. According to the design of database and classes, the method of database connectivity, realizing of JavaBeans and Servlet is analyzed, the detail process of using tool-class and DWR to realize overload control mechanism is given.In this paper, the virtual environment is built, in which we can use LoadRunner to simulate users’ visitation for the purpose of testing the process and effects of overload control mechanism by two different ways. According to the comparative analysis, the average response time is sharply reduced, the efficiency of EC site is raised by the overload control mechanism based on Session classificationAt last the completed work is summarized, and the further research expectations are given.更多还原