Security Management Platform Based On J2ee Lightweight Framework Design And Realization

In the period of Internet technology ever-changing, Web development doesn't only require speedy completion, but also can be able to cope with the changing needs of the business. In order to ensure system security, the Web development should prevent the malicious behavior online. Therefore, the lightweight and security framework become the most in need.This thesis firstly analyzes the current situation and security requirements of the modern enterprise application development. For the complex needs of modern enterprise development, rapidity, high maintainability and security are needed.Secondly, the meanings and advantages of lightweight frame are analyzed, so the lightweight J2EE framework development is the trend. The MVC design concept is investigated, and then the most popular lightweight framework–Spring is studied in detail. This thesis analyzes the core mechanisms of Spring: DI and AOP. It also introduces one ORM open-source framework–Hibernate, and analyzes its principles and core interfaces which are used for the data persistence. By this way, the software engineers can get rid of the tedious SQL statements which are used for the communication with the database. Hibernate can be integrated with Spring well, so by using this two frameworks it can meet the basic needs for the enterprise application development. Through the MVC design concepts and the hierarchical model, a better development framework which is four-layer structure is built. By the dependency injection and the interface-oriented programming principle, the framework is designed which can make the coupling degree between the four layers become lower and increase the reusability of the code.Thirdly, in order to ensure the security of the application, this thesis researches the Acegi security framework. It analyzes the two major mechanisms of Acegi: the user's authentication and authorization. Authentication can ensure the visitor's identity which was ever audited by the system. Authorization can control the users'operations about the content resources and sensitive data in the system, and ensure the users who have the permissions can operate the target resources. By researching the deficiencies of Acegi, this framework is improved and extended, which is adapted to the current complexity of enterprise development. Acegi has become the sub-project of Spring and can combine with the Spring, so by this framework it can achieve the current goal: lightweight and safe.Finally, a security management platform is developed. This thesis researches the project's needs, and makes a detail analysis about the functional modules and business processes of the system. The above four-layer framework of application development is applied on the project, and the structure of each layer is designed and implemented in detail. By using the design principles, the dependency and coupling degree of each layer are reduced which improve the portability and expansibility of the development framework. At the same time by using the extended Acegi framework, this system can protect the content resources and the sensitive data.