基于axis2的安全模型系统.doc

 基于AXIS2的安全模型系统

摘  要
     随着电子政务和电子商务不断推进，互联网上的安全问题已经日益突山，建立完善的电子认证体系成为电子政务和电子商务能否稳定发展的关键。 以数字安全证书为核心的PKI(Public Key Infrastructure公钥基础设施)技术正在日趋成熟，PKI技术采用证书管理公钥，通过第三方的可信任机构认证中心CA(Certificate Authority)，把要传输的数字信息进行加密和签名，保证信息传输的机密性、真实性、完整性和不可否认性，从而保证信息的安全传输。其应用已覆盖了安全电子邮什、虚拟专用网络(VPN)、Web交互安全、电子数据交换、Internet上的信用卡交易等，涉及电子商务、电子政务、电子事务安全等诸多领域。 本文首先介绍了CA认证的理论和技术和PKI体系的基本理论，重点分析了PKI加密技术及其涉及的关键技术，然后简述了国内外PKI／CA认证体系的概况，分析了国内CA认证的现况，及CA建设中存在的问题。 针对贵阳CA认证中心，本文从GYCA系统需求入手，从应用的角度讨论了系统架构、模块的组成、原理、相互关系，分析了系统功能的实现技术。根据贵阳CA认证中心的实际工作流程、系统安全性的考虑以及实际应用情况，讨论了CA认证在电子政务中的实际应用，研究PKI／CA认证技术在电子政务中的可行性。 PKI／CA的应用已经十分广泛，本文以PKI／CA在电子政务中的实际应用，在贵阳市公务员安全电子邮件系统的基础上，结合系统实际，通过研究系统的功能特点、基础架构以及信息安全、提升应用安全、深化应用安全等方面，阐述了PKI／CA认证体系在系统中的运用，分析了提供加密功能的邮件安全改造，着重研究CA认证在电子政务中的应用，而是用WEB SERVICE,AXIS2 能够极大的保证系统的安全性。
因此，该系统实现了保密性、完整性、不可否认性等方面的安全需求，具有良好的实用价值和应用推广价值。
关键词:纠纷仲裁，数字签名，CA身份认证，抗抵赖性，WEB SERVICE,AXIS2

Abstract
This class performance management system for students were analyzed and studied. According to research, the current classes of students in many schools still use the paper signature performance management or directly transmitted without encryption in the online student course performance. The teacher will score the paper signature is printed on paper, and then be signed, its disadvantage is inconvenient to carry or store; transmitted without enc-krypton in the online results, then teachers may be uploaded to deny the results, the administrator From the results of the tampering and interception by others during transmission and so on. The digital signature technology in the identification and authentication, data integrity, anti-denial, and so has other technical advantages can not be replaced; it can achieve the results of security encryption. Therefore, the authors propose a class of students based on digital signature performance management system.
  The system to SQL Server 2000 and JAVA as a development platform, the use of B / S architecture and C / S architecture combination to ensure system availability and security. Performance management system to achieve the students, college management, class management, curriculum management, teacher information management, public private key pair generation, signature verification and other functions results. B / S architecture is the system easy to install, affordable and small browser features, however, produced under the framework of public and private key pair and the online transmission is very secure. Therefore, the combination of C / S architecture, the system provides the public and private key pair generation and signature verification plug-in plug, so that public and private key pair generation and signature performance on the client side encryption. Teachers in public and private keys generated on the client after the first CA's public key public key encryption for teachers, and then uploaded to the server, then decrypted on the server-side.
  In addition, to address controversial issues in future student achievement, student performance on the client first with the education Division of the private key signature, and then use the CA's public key encryption, and finally uploaded to the server, the server-side decryption, get the original results. Performance while preserving the signature database, the original score and upload the data and time information to provide authentication capabilities to address the performance accountability when doubts arise. But with WEB SERVICE, AXIS2 can greatly ensure the security of the system.
   Therefore, the system realizes the confidentiality, integrity, non-repudiation and other security needs have good practical value and application value.
Keywords: dispute arbitration, digital signature, authentication, repudiation of

WEB SERVICE,AXIS2

目 录
摘  要 I
Abstract II
目 录 IV
第一章 绪论 1
1.1课题的背景和意义 1
1.2数字签名技术的国内外研究现状 1
1.3本文主要研究内容 3
1.4本文结构与主要特点 4
第二章 公钥密码及数字签名算法 6
2.1公钥密码概述 6
2.2 RSA密码系统 8
2.3数字签名 9
2.3.1数字签名概述 9
2.3.2带加密的数字签名 10
2.4数字签名算法 12
2.4.1数字签名算法RSA 12
2.4.2数字签名算法DSA 12
2.5学生成绩签名上传及分数验证功能原理分析 14
2.6 本章小结 15
第三章 系统分析 16
3.1问题分析 16
3.1.1问题的定义 16
3.1.2问题的提出 16
3.2系统设计目标 17
3.3可行性分析 18
3.3.1技术可行性 18
3.3.2经济可行性 18
3.4需求分析 18
3.4.1系统需求 19
3.4.2功能需求 19
3.4.3环境需求 20
3.4.4 安全性需求 21
3.5系统设计开发工具和环境分析 21
3.5.1 JAVA简介 22
3.5.2 Web应用程序开发环境—JSP技术 22
3.5.3 Tomcat应用服务器 22
3.5.4 Sql Server2000 23
3.5.5 B/S 开发模式 23
3.6开发框架技术 25
3.6.1 Struts技术 25
3.6.2 Hibernate技术 26
3.6.3 AJAX技术介绍 26
3.6.4 JDBC技术介绍 27
3.7数据流图 28
3.8 本章小结 30
第四章 系统设计 31
4.1总体设计 31
4.1.1架构设计 31
4.1.2系统模块图 32
4.1.3模块设计 35
4.1.4系统总体流程图 37
4.2系统工程的流程思想 38
4.3面向对象机制的设计思想 38
4.4代码分层思想 38
4.5系统设计分析 39
4.6系统功能用例图 39
4.6.1 系统的用例图 39
4.6.2 系统部分模块类图 41
4.7 本章小结 42
第五章 数据库设计 43
5.1 数据库的分析 43
5.2 数据库概念结构设计 43
5.3 数据库逻辑结构设计 46
第六章 系统部分功能模块的实现 50
6.1关键技术的实现 50
6.2部分功能模块的实现 52
6.2.1登陆界面 52
6.2.2 主界面 52
6.3管理员插件与教师插件的设计 57
6.3.1管理员插件的设计 58
6.3.2教师插件的设计 59
6.4 本章小结 68
第七章 系统测试与维护 69
7.1 测试目的 69
7.2 系统测试 69
7.2.1 JSP的中文乱码问题 70
7.2.2表单和表格打印问题 70
7.2.3数据库时间字段以及页面中的时间显示问题 70
总  结 72
致  谢 73
参考文献 74

题目 基于AXIS2安全模型设计





姓 名 ___
院 系 软件工程学院 _
专 业 ___________________
班级学号 __________
指导老师 ____________

摘 要
随着电子政务和电子商务不断推进，互联网上的安全问题已经日益突山，建立完善的电子认证体系成为电子政务和电子商务能否稳定发展的关键。 以数字安全证书为核心的PKI(Public Key Infrastructure公钥基础设施)技术正在日趋成熟，PKI技术采用证书管理公钥，通过第三方的可信任机构认证中心CA(Certificate Authority)，把要传输的数字信息进行加密和签名，保证信息传输的机密性、真实性、完整性和不可否认性，从而保证信息的安全传输。其应用已覆盖了安全电子邮什、虚拟专用网络(VPN)、Web交互安全、电子数据交换、Internet上的信用卡交易等，涉及电子商务、电子政务、电子事务安全等诸多领域。 本文首先介绍了CA认证的理论和技术和PKI体系的基本理论，重点分析了PKI加密技术及其涉及的关键技术，然后简述了国内外PKI／CA认证体系的概况，分析了国内CA认证的现况，及CA建设中存在的问题。 针对贵阳CA认证中心，本文从GYCA系统需求入手，从应用的角度讨论了系统架构、模块的组成、原理、相互关系，分析了系统功能的实现技术。根据贵阳CA认证中心的实际工作流程、系统安全性的考虑以及实际应用情况，讨论了CA认证在电子政务中的实际应用，研究PKI／CA认证技术在电子政务中的可行性。 PKI／CA的应用已经十分广泛，本文以PKI／CA在电子政务中的实际应用，在贵阳市公务员安全电子邮件系统的基础上，结合系统实际，通过研究系统的功能特点、基础架构以及信息安全、提升应用安全、深化应用安全等方面，阐述了PKI／CA认证体系在系统中的运用，分析了提供加密功能的邮件安全改造，着重研究CA认证在电子政务中的应用，而是用WEB SERVICE,AXIS2 能够极大的保证系统的安全性。
因此，该系统实现了保密性、完整性、不可否认性等方面的安全需求，具有良好的实用价值和应用推广价值。
关键词:纠纷仲裁，数字签名，CA身份认证，抗抵赖性，WEB SERVICE,AXIS2





Abstract
This class performance management system for students were analyzed and studied. According to research, the current classes of students in many schools still use the paper signature performance management or directly transmitted without encryption in the online student course performance. The teacher will score the paper signature is printed on paper, and then be signed, its disadvantage is inconvenient to carry or store; transmitted without enc-krypton in the online results, then teachers may be uploaded to deny the results, the administrator From the results of the tampering and interception by others during transmission and so on. The digital signature technology in the identification and authentication, data integrity, anti-denial, and so has other technical advantages can not be replaced; it can achieve the results of security encryption. Therefore, the authors propose a class of students based on digital signature performance management system.
The system to SQL Server 2000 and JAVA as a development platform, the use of B / S architecture and C / S architecture combination to ensure system availability and security. Performance management system to achieve the students, college management, class management, curriculum management, teacher information management, public private key pair generation, signature verification and other functions results. B / S architecture is the system easy to install, affordable and small browser features, however, produced under the framework of public and private key pair and the online transmission is very secure. Therefore, the combination of C / S architecture, the system provides the public and private key pair generation and signature verification plug-in plug, so that public and private key pair generation and signature performance on the client side encryption. Teachers in public and private keys generated on the client after the first CA's public key public key encryption for teachers, and then uploaded to the server, then decrypted on the server-side.
In addition, to address controversial issues in future student achievement, student performance on the client first with the education Division of the private key signature, and then use the CA's public key encryption, and finally uploaded to the server, the server-side decryption, get the original results. Performance while preserving the signature database, the original score and upload the data and time information to provide authentication capabilities to address the performance accountability when doubts arise. But with WEB SERVICE, AXIS2 can greatly ensure the security of the system.
Therefore, the system realizes the confidentiality, integrity, non-repudiation and other security needs have good practical value and application value.
Keywords: dispute arbitration, digital signature, authentication, repudiation of, WEB SERVICE,AXIS2









目 录
摘 要 I
Abstract II
目 录 IV
第一章 绪论 1
1.1课题的背景和意义 1
1.2数字签名技术的国内外研究现状 1
1.3本文主要研究内容 3
1.4本文结构与主要特点 4
第二章 公钥密码及数字签名算法 6
2.1公钥密..