Application of J2EE security system

Security mode design for electronic platforms
1. Preface
Due to the sensitivity of the office information of the electronic platform and the virtual and open nature of the network, it determines that the electronic platform system requires strong user access security, network security, system security, application security, database and transaction manager security to ensure the security of the electronic platform system. The system uses the J2EE framework to meet the above requirements. It not only transfers some content of the security task to the container, but also provides the function of application programmers to complete security tasks.
2. Overall design of the solution
1. User access security:
User access security is not only Web access, but also other types of access, such as Electronic Data interaction (EDI). In the Electronic platform system, we mainly use webservice. To ensure the security of user access, we mainly consider the following aspects:
Define verification methods: This part includes CAS verification and basic system verification
Define security roles: create different roles for different users to avoid permission confusion between different roles.
Define security role references for a single servlet/jsp: define security role references for some special or security-level servlets/jsp.
1) Web access:
The WEB system used by the electronic platform system is configured as a secure WEB system, which requires users to provide digital certificates for access, and uses HTTPS protocol to ensure the security and integrity of information transmission; the user information (such as name) obtained from the digital certificate submitted by the user is used as the basis for registration and logon in the system, this ensures legal and non-repudiation when processing services. On the other hand, the HTTPS protocol isolates Web applications from unauthorized access.
1) Web Service
This part is tentative
2. Network security
Network security is mainly to ensure confidentiality and information integrity. Therefore, we adopt a centralized authentication login mode to separate access by authenticated and non-authenticated users, thus ensuring network security performance. The following is a network view of the centralized authentication mode. The CA server uses the TrustPass server of a third-party CA.
Schematic diagram of centralized authentication network
3. System Security
System Security is mainly used to verify the user's identity when the user logs on to the system.
4. Application Security
Providing J2EE security for J2EE applications. Because the electronic platform system is independent from the centralized authentication system, you only need to provide J2EE-related security in the electronic platform system to ensure the security of the entire system. J2EE application security uses a role-based security mechanism. During development, we should determine the application security policy by assigning security resources and methods to specific security roles. During application Assembly, Security roles are shot as real users and groups. This two-stage security management method gives applications great flexibility and portability. During runtime, the J2EE container is responsible for forcing access control security resources and methods. J2EE containers support two types of security: