基于AXIS2的安全模型系統(tǒng)

摘  要
     隨著電子政務(wù)和電子商務(wù)不斷推進(jìn)，互聯(lián)網(wǎng)上的安全問題已經(jīng)日益突山，建立完善的電子認(rèn)證體系成為電子政務(wù)和電子商務(wù)能否穩(wěn)定發(fā)展的關(guān)鍵。 以數(shù)字安全證書為核心的PKI(Public Key Infrastructure公鑰基礎(chǔ)設(shè)施)技術(shù)正在日趨成熟，PKI技術(shù)采用證書管理公鑰，通過第三方的可信任機(jī)構(gòu)認(rèn)證中心CA(Certificate Authority)，把要傳輸?shù)臄?shù)字信息進(jìn)行加密和簽名，保證信息傳輸?shù)臋C(jī)密性、真實(shí)性、完整性和不可否認(rèn)性，從而保證信息的安全傳輸。其應(yīng)用已覆蓋了安全電子郵什、虛擬專用網(wǎng)絡(luò)(VPN)、Web交互安全、電子數(shù)據(jù)交換、Internet上的信用卡交易等，涉及電子商務(wù)、電子政務(wù)、電子事務(wù)安全等諸多領(lǐng)域。 本文首先介紹了CA認(rèn)證的理論和技術(shù)和PKI體系的基本理論，重點(diǎn)分析了PKI加密技術(shù)及其涉及的關(guān)鍵技術(shù)，然后簡(jiǎn)述了國(guó)內(nèi)外PKI／CA認(rèn)證體系的概況，分析了國(guó)內(nèi)CA認(rèn)證的現(xiàn)況，及CA建設(shè)中存在的問題。 針對(duì)貴陽CA認(rèn)證中心，本文從GYCA系統(tǒng)需求入手，從應(yīng)用的角度討論了系統(tǒng)架構(gòu)、模塊的組成、原理、相互關(guān)系，分析了系統(tǒng)功能的實(shí)現(xiàn)技術(shù)。根據(jù)貴陽CA認(rèn)證中心的實(shí)際工作流程、系統(tǒng)安全性的考慮以及實(shí)際應(yīng)用情況，討論了CA認(rèn)證在電子政務(wù)中的實(shí)際應(yīng)用，研究PKI／CA認(rèn)證技術(shù)在電子政務(wù)中的可行性。 PKI／CA的應(yīng)用已經(jīng)十分廣泛，本文以PKI／CA在電子政務(wù)中的實(shí)際應(yīng)用，在貴陽市公務(wù)員安全電子郵件系統(tǒng)的基礎(chǔ)上，結(jié)合系統(tǒng)實(shí)際，通過研究系統(tǒng)的功能特點(diǎn)、基礎(chǔ)架構(gòu)以及信息安全、提升應(yīng)用安全、深化應(yīng)用安全等方面，闡述了PKI／CA認(rèn)證體系在系統(tǒng)中的運(yùn)用，分析了提供加密功能的郵件安全改造，著重研究CA認(rèn)證在電子政務(wù)中的應(yīng)用，而是用WEB SERVICE,AXIS2 能夠極大的保證系統(tǒng)的安全性。
因此，該系統(tǒng)實(shí)現(xiàn)了保密性、完整性、不可否認(rèn)性等方面的安全需求，具有良好的實(shí)用價(jià)值和應(yīng)用推廣價(jià)值。
關(guān)鍵詞:糾紛仲裁，數(shù)字簽名，CA身份認(rèn)證，抗抵賴性，WEB SERVICE,AXIS2

Abstract
This class performance management system for students were analyzed and studied. According to research, the current classes of students in many schools still use the paper signature performance management or directly transmitted without encryption in the online student course performance. The teacher will score the paper signature is printed on paper, and then be signed, its disadvantage is inconvenient to carry or store; transmitted without enc-krypton in the online results, then teachers may be uploaded to deny the results, the administrator From the results of the tampering and interception by others during transmission and so on. The digital signature technology in the identification and authentication, data integrity, anti-denial, and so has other technical advantages can not be replaced; it can achieve the results of security encryption. Therefore, the authors propose a class of students based on digital signature performance management system.
  The system to SQL Server 2000 and JAVA as a development platform, the use of B / S architecture and C / S architecture combination to ensure system availability and security. Performance management system to achieve the students, college management, class management, curriculum management, teacher information management, public private key pair generation, signature verification and other functions results. B / S architecture is the system easy to install, affordable and small browser features, however, produced under the framework of public and private key pair and the online transmission is very secure. Therefore, the combination of C / S architecture, the system provides the public and private key pair generation and signature verification plug-in plug, so that public and private key pair generation and signature performance on the client side encryption. Teachers in public and private keys generated on the client after the first CA's public key public key encryption for teachers, and then uploaded to the server, then decrypted on the server-side.
  In addition, to address controversial issues in future student achievement, student performance on the client first with the education Division of the private key signature, and then use the CA's public key encryption, and finally uploaded to the server, the server-side decryption, get the original results. Performance while preserving the signature database, the original score and upload the data and time information to provide authentication capabilities to address the performance accountability when doubts arise. But with WEB SERVICE, AXIS2 can greatly ensure the security of the system.
   Therefore, the system realizes the confidentiality, integrity, non-repudiation and other security needs have good practical value and application value.
Keywords: dispute arbitration, digital signature, authentication, repudiation of

WEB SERVICE,AXIS2

目 錄
摘  要 I
Abstract II
目 錄 IV
第一章 緒論 1
1.1課題的背景和意義 1
1.2數(shù)字簽名技術(shù)的國(guó)內(nèi)外研究現(xiàn)狀 1
1.3本文主要研究?jī)?nèi)容 3
1.4本文結(jié)構(gòu)與主要特點(diǎn) 4
第二章 公鑰密碼及數(shù)字簽名算法 6
2.1公鑰密碼概述 6
2.2 RSA密碼系統(tǒng) 8
2.3數(shù)字簽名 9
2.3.1數(shù)字簽名概述 9
2.3.2帶加密的數(shù)字簽名 10
2.4數(shù)字簽名算法 12
2.4.1數(shù)字簽名算法RSA 12
2.4.2數(shù)字簽名算法DSA 12
2.5學(xué)生成績(jī)簽名上傳及分?jǐn)?shù)驗(yàn)證功能原理分析 14
2.6 本章小結(jié) 15
第三章 系統(tǒng)分析 16
3.1問題分析 16
3.1.1問題的定義 16
3.1.2問題的提出 16
3.2系統(tǒng)設(shè)計(jì)目標(biāo) 17
3.3可行性分析 18
3.3.1技術(shù)可行性 18
3.3.2經(jīng)濟(jì)可行性 18
3.4需求分析 18
3.4.1系統(tǒng)需求 19
3.4.2功能需求 19
3.4.3環(huán)境需求 20
3.4.4 安全性需求 21
3.5系統(tǒng)設(shè)計(jì)開發(fā)工具和環(huán)境分析 21
3.5.1 JAVA簡(jiǎn)介 22
3.5.2 Web應(yīng)用程序開發(fā)環(huán)境—JSP技術(shù) 22
3.5.3 Tomcat應(yīng)用服務(wù)器 22
3.5.4 Sql Server2000 23
3.5.5 B/S 開發(fā)模式 23
3.6開發(fā)框架技術(shù) 25
3.6.1 Struts技術(shù) 25
3.6.2 Hibernate技術(shù) 26
3.6.3 AJAX技術(shù)介紹 26
3.6.4 JDBC技術(shù)介紹 27
3.7數(shù)據(jù)流圖 28
3.8 本章小結(jié) 30
第四章 系統(tǒng)設(shè)計(jì) 31
4.1總體設(shè)計(jì) 31
4.1.1架構(gòu)設(shè)計(jì) 31
4.1.2系統(tǒng)模塊圖 32
4.1.3模塊設(shè)計(jì) 35
4.1.4系統(tǒng)總體流程圖 37
4.2系統(tǒng)工程的流程思想 38
4.3面向?qū)ο髾C(jī)制的設(shè)計(jì)思想 38
4.4代碼分層思想 38
4.5系統(tǒng)設(shè)計(jì)分析 39
4.6系統(tǒng)功能用例圖 39
4.6.1 系統(tǒng)的用例圖 39
4.6.2 系統(tǒng)部分模塊類圖 41
4.7 本章小結(jié) 42
第五章 數(shù)據(jù)庫設(shè)計(jì) 43
5.1 數(shù)據(jù)庫的分析 43
5.2 數(shù)據(jù)庫概念結(jié)構(gòu)設(shè)計(jì) 43
5.3 數(shù)據(jù)庫邏輯結(jié)構(gòu)設(shè)計(jì) 46
第六章 系統(tǒng)部分功能模塊的實(shí)現(xiàn) 50
6.1關(guān)鍵技術(shù)的實(shí)現(xiàn) 50
6.2部分功能模塊的實(shí)現(xiàn) 52
6.2.1登陸界面 52
6.2.2 主界面 52
6.3管理員插件與教師插件的設(shè)計(jì) 57
6.3.1管理員插件的設(shè)計(jì) 58
6.3.2教師插件的設(shè)計(jì) 59
6.4 本章小結(jié) 68
第七章 系統(tǒng)測(cè)試與維護(hù) 69
7.1 測(cè)試目的 69
7.2 系統(tǒng)測(cè)試 69
7.2.1 JSP的中文亂碼問題 70
7.2.2表單和表格打印問題 70
7.2.3數(shù)據(jù)庫時(shí)間字段以及頁面中的時(shí)間顯示問題 70
總  結(jié) 72
致  謝 73
參考文獻(xiàn) 74

題目 基于AXIS2安全模型設(shè)計(jì)





姓 名 ___
院 系 軟件工程學(xué)院 _
專 業(yè) ___________________
班級(jí)學(xué)號(hào) __________
指導(dǎo)老師 ____________

摘 要
隨著電子政務(wù)和電子商務(wù)不斷推進(jìn)，互聯(lián)網(wǎng)上的安全問題已經(jīng)日益突山，建立完善的電子認(rèn)證體系成為電子政務(wù)和電子商務(wù)能否穩(wěn)定發(fā)展的關(guān)鍵。 以數(shù)字安全證書為核心的PKI(Public Key Infrastructure公鑰基礎(chǔ)設(shè)施)技術(shù)正在日趨成熟，PKI技術(shù)采用證書管理公鑰，通過第三方的可信任機(jī)構(gòu)認(rèn)證中心CA(Certificate Authority)，把要傳輸?shù)臄?shù)字信息進(jìn)行加密和簽名，保證信息傳輸?shù)臋C(jī)密性、真實(shí)性、完整性和不可否認(rèn)性，從而保證信息的安全傳輸。其應(yīng)用已覆蓋了安全電子郵什、虛擬專用網(wǎng)絡(luò)(VPN)、Web交互安全、電子數(shù)據(jù)交換、Internet上的信用卡交易等，涉及電子商務(wù)、電子政務(wù)、電子事務(wù)安全等諸多領(lǐng)域。 本文首先介紹了CA認(rèn)證的理論和技術(shù)和PKI體系的基本理論，重點(diǎn)分析了PKI加密技術(shù)及其涉及的關(guān)鍵技術(shù)，然后簡(jiǎn)述了國(guó)內(nèi)外PKI／CA認(rèn)證體系的概況，分析了國(guó)內(nèi)CA認(rèn)證的現(xiàn)況，及CA建設(shè)中存在的問題。 針對(duì)貴陽CA認(rèn)證中心，本文從GYCA系統(tǒng)需求入手，從應(yīng)用的角度討論了系統(tǒng)架構(gòu)、模塊的組成、原理、相互關(guān)系，分析了系統(tǒng)功能的實(shí)現(xiàn)技術(shù)。根據(jù)貴陽CA認(rèn)證中心的實(shí)際工作流程、系統(tǒng)安全性的考慮以及實(shí)際應(yīng)用情況，討論了CA認(rèn)證在電子政務(wù)中的實(shí)際應(yīng)用，研究PKI／CA認(rèn)證技術(shù)在電子政務(wù)中的可行性。 PKI／CA的應(yīng)用已經(jīng)十分廣泛，本文以PKI／CA在電子政務(wù)中的實(shí)際應(yīng)用，在貴陽市公務(wù)員安全電子郵件系統(tǒng)的基礎(chǔ)上，結(jié)合系統(tǒng)實(shí)際，通過研究系統(tǒng)的功能特點(diǎn)、基礎(chǔ)架構(gòu)以及信息安全、提升應(yīng)用安全、深化應(yīng)用安全等方面，闡述了PKI／CA認(rèn)證體系在系統(tǒng)中的運(yùn)用，分析了提供加密功能的郵件安全改造，著重研究CA認(rèn)證在電子政務(wù)中的應(yīng)用，而是用WEB SERVICE,AXIS2 能夠極大的保證系統(tǒng)的安全性。
因此，該系統(tǒng)實(shí)現(xiàn)了保密性、完整性、不可否認(rèn)性等方面的安全需求，具有良好的實(shí)用價(jià)值和應(yīng)用推廣價(jià)值。
關(guān)鍵詞:糾紛仲裁，數(shù)字簽名，CA身份認(rèn)證，抗抵賴性，WEB SERVICE,AXIS2





Abstract
This class performance management system for students were analyzed and studied. According to research, the current classes of students in many schools still use the paper signature performance management or directly transmitted without encryption in the online student course performance. The teacher will score the paper signature is printed on paper, and then be signed, its disadvantage is inconvenient to carry or store; transmitted without enc-krypton in the online results, then teachers may be uploaded to deny the results, the administrator From the results of the tampering and interception by others during transmission and so on. The digital signature technology in the identification and authentication, data integrity, anti-denial, and so has other technical advantages can not be replaced; it can achieve the results of security encryption. Therefore, the authors propose a class of students based on digital signature performance management system.
The system to SQL Server 2000 and JAVA as a development platform, the use of B / S architecture and C / S architecture combination to ensure system availability and security. Performance management system to achieve the students, college management, class management, curriculum management, teacher information management, public private key pair generation, signature verification and other functions results. B / S architecture is the system easy to install, affordable and small browser features, however, produced under the framework of public and private key pair and the online transmission is very secure. Therefore, the combination of C / S architecture, the system provides the public and private key pair generation and signature verification plug-in plug, so that public and private key pair generation and signature performance on the client side encryption. Teachers in public and private keys generated on the client after the first CA's public key public key encryption for teachers, and then uploaded to the server, then decrypted on the server-side.
In addition, to address controversial issues in future student achievement, student performance on the client first with the education Division of the private key signature, and then use the CA's public key encryption, and finally uploaded to the server, the server-side decryption, get the original results. Performance while preserving the signature database, the original score and upload the data and time information to provide authentication capabilities to address the performance accountability when doubts arise. But with WEB SERVICE, AXIS2 can greatly ensure the security of the system.
Therefore, the system realizes the confidentiality, integrity, non-repudiation and other security needs have good practical value and application value.
Keywords: dispute arbitration, digital signature, authentication, repudiation of, WEB SERVICE,AXIS2









目 錄
摘 要 I
Abstract II
目 錄 IV
第一章 緒論 1
1.1課題的背景和意義 1
1.2數(shù)字簽名技術(shù)的國(guó)內(nèi)外研究現(xiàn)狀 1
1.3本文主要研究?jī)?nèi)容 3
1.4本文結(jié)構(gòu)與主要特點(diǎn) 4
第二章 公鑰密碼及數(shù)字簽名算法 6
2.1公鑰密..