The Study Of E-Government's Application Security Based On J2EE

The Study of E-Government's Application Security Based on J2EEE-Govemment is a system engineering which makes the governmental work be standardized, serviced, informationed, netted and opened. Most involved problems relate to the national secrets and sensitive governmental core affairs, to the maintenance of public order and the exact implementation of administrative superintendence. So the E-Government's security is especially important.The purpose of E-Government's safety is to enable the basic facility of governmental affairs, information application services and information content to prevent all menaces. The safety refers to four layers: the physical layer, the network layer, the system layer and the application layer, which includes many contents such as network insulation, encryption, safety detection and monitoring, safety audit, virus protection, access control, identity certification, data copy and recovery, security management, etc.Starting with the application layer of safety system, this article, based on J2EE, researches the privacy protection, completeness, facticity, availability and controllability of information in E-Government. The facets of customer verification, access control, authority management, log audit, data encryption, digital signature are researched and implemented to some extent. The module of customer certification adds one-off password certification to the traditional sheet certification, and replaces stored password with stored digest of user password to guard against attacks and keep secrets. The module of user authority management applies MVC and Role pattern, and adopts the business module of application system and the attached operation appointed code. So it can accomplish united management and scrupulous access control. It realizes log audit through the filter technology of JSP and interfuses log management and the system. The author have completed the data encryption and decryption of Chinese and English through technology provided by JCE, and finished the application of digital signature by confusing Sen/let and Applet.