Today we will analyze a study and implement security JAVA site (while the rapid development of Web technology, but also bring great challenges to the security of the network, mainly from the technical point of view of security risks that may exist based on JAVA website, and propose preventive measures and solutions. during website development, system security is the key primary consideration. JAVA analysis of security mechanisms, elaborated by access control, configuration file encryption, to prevent unauthorized users access the site background to achieve site security by value security technology, database, data encryption and authentication code technology between page design technology has proved that improve the security of the site to a certain extent.), the project uses the framework for SSM (MYECLIPSE), selection of development tools for MYECLIPSE. Research and Implementation of Safety JAVA-based Web site is a background program.
To complete the system, we first need to analyze the needs of the system. Research and Implementation of a security based on JAVA website should contain user roles administrator user. In order to allow the user a smooth landing system to complete the related operations, landing roles you need to set up an account and password for each field.
The summary results for all data systems: the administrator (admin), user (yonghu), authority (quanxian), encryption (jiami)
Administrators table
Field Name | Type | property | describe the above mentioned id | INT ( 11 ) | PRIMARY KEY | administrator the above mentioned id username | VARCHAR ( 255 ) | | account password | VARCHAR ( 255 ) | | password
user table
Field Name | Type | property | describe the above mentioned id | INT ( 11 ) | PRIMARY KEY | user the above mentioned id Xingming | VARCHAR ( 255 ) | | Name xingbie | VARCHAR ( 255 ) | | Sex nianling | VARCHAR ( 255 ) | | Age username | VARCHAR ( 255 ) | |Account password | VARCHAR ( 255 ) | | password yanzhengma | VARCHAR ( 255 ) | | Code
Permissions table
Field Name | Type | property | describe the above mentioned id | INT ( 11 ) | PRIMARY KEY | authority the above mentioned id denglu | VARCHAR ( 255 ) | | Login fayan | VARCHAR ( 255 ) | | speaking Xinyong | VARCHAR ( 255 ) | | Credit
Encryption Table
Field Name | Type | properties | Description ID | the INT ( . 11 ) | a PRIMARY KEY | encrypted ID Shuzi | VARCHAR ( 255 ) | | digital Fuhao | VARCHAR ( 255 ) | | symbols zimu | VARCHAR ( 255 ) | | letters
SET FOREIGN_KEY_CHECKS=0; -- ---------------------------- -- ---------------------------- -- Table structure for ggjyASPwzdaqxyjyfx -- ---------------------------- DROP TABLE IF EXISTS `t_admin`; CREATE TABLE `t_admin` (`id` INT(11) NOT NULL AUTO_INCREMENT COMMENT '管理员id',`username` VARCHAR(255) DEFAULT NULL COMMENT '账号', `password` VARCHAR ( 255 ) the DEFAULT NULL the COMMENT ' password ' , a PRIMARY KEY (` id`) ) ENGINE = MyISAM the DEFAULT the CHARSET = UTF8 the COMMENT = ' Administrators ' ; - ----------- ----------------- the DROP TABLE the IF EXISTS `t_yonghu`; the CREATE TABLE ` t_yonghu` ( `id` the INT ( . 11 ) the NOT NULL the AUTO_INCREMENT the COMMENT ' user id' , `Xingming` VARCHAR ( 255 ) the DEFAULT NULL the COMMENT ' name ' ,` xingbie` VARCHAR ( 255 ) the DEFAULT NULL the COMMENT ' sex ' , `nianling` VARCHAR ( 255 ) the DEFAULT NULL the COMMENT ' Age ' ,` username` VARCHAR ( 255 ) the DEFAULT NULL the COMMENT ' account number ' , `password` VARCHAR ( 255) The DEFAULT NULL the COMMENT ' password ' , `yanzhengma` VARCHAR ( 255 ) the DEFAULT NULL the COMMENT ' codes ' , a PRIMARY KEY (` id`) ) ENGINE = MyISAM the DEFAULT the CHARSET = UTF8 the COMMENT = ' user ' ; - ---- ------------------------ the DROP TABLE the IF EXISTS `t_quanxian`; the CREATE TABLE ` t_quanxian` ( `id` the INT ( . 11) The NOT NULL AUTO_INCREMENT the COMMENT ' rights the above mentioned id ' , `denglu` VARCHAR ( 255 ) the DEFAULT NULL the COMMENT ' login ' ,` fayan` VARCHAR ( 255 ) the DEFAULT NULL the COMMENT ' speak ' , `xinyong` VARCHAR ( 255 ) the DEFAULT NULL the COMMENT ' credit ' , a PRIMARY KEY ( `id`) ) ENGINE = MyISAM the DEFAULT CHARSET=utf8 COMMENT='权限'; -- ---------------------------- DROP TABLE IF EXISTS `t_jiami`; CREATE TABLE `t_jiami` (`id` INT(11) NOT NULL AUTO_INCREMENT COMMENT '加密id',`shuzi` VARCHAR(255) DEFAULT NULL COMMENT '数字',`fuhao` VARCHAR(255) DEFAULT NULL COMMENT ' Symbol ' , `zimu` VARCHAR ( 255 ) the DEFAULT NULL the COMMENT ' letter ' , a PRIMARY KEY (` id`) ) ENGINE = MyISAM the DEFAULT the CHARSET = UTF8 the COMMENT = ' encryption ' ; adding encryption module: by adding an encryption module can be completed encryption addition. Jump to a page in the page to add encryption, enter the encryption of all the information, click Add to operate, you can encrypt data submitted to the jiamiController in to post. Field contains encrypted information including numbers, symbols, letters. In jiamiController accept all encryption parameters by defining jiami. Using the insert method jiamidao jiami entities into the database. The process of adding data corresponding to the matching jiamixml complete the insertion operation is performed in the sql statement in jiamiMapper. The part of the core code is as follows: The insert method jiamidao by adding encryption to the database pages transmitted jiamidao. Insert(jiami); adding encryption information success, to save the message request, the user is given prompt request.setAttribute in the page ( "message", "add encryption successfully"); returns the encrypted management interface return "Forward: / tianjiajiami. action ";
Query encryption module:
Encryption module implementations for the inquiry, launched jiamiguanli.action request page. By this request, the server response jiamiController class jiamiguanli, query operation data in the process by selectByexample. After all of the encrypted information query to request the jiamiall stored in the page on display, return jiamiguanli.jsp, the portion of the core code is as follows:
Generating an encrypted sample classes, defined query by example JiamiExample example = new JiamiExample ();
Query all encrypted information List jiamiall = jiamidao.selectByExample (example) by the method jiamidao of selectByExample;
The encryption information stored in the request, on display request.setAttribute ( "jiamiall", jiamiall) foreach method by page;
Returns the encrypted management interface
return "forward:/jiamiguanli.action";
Modify the encryption module:
After filling out the page modify information, click the Modify button to submit data to xiugaijiami, the package is an encrypted
, Modify the update method using encrypted information, synchronize data to the database, to complete the modification operation.
Modify the definition of successful message, modify the encrypted successful, and stores the request code would read:
Corresponding encrypted jiamidao.updateByPrimaryKeySelective modified by modifying the method according to the id of jiamidao (jiami);
Success will modify the encrypted information stored in the message request, give the user prompt request.setAttribute in the page ( "message", "modify the encrypted information successfully");
Returns the encrypted management interface
return "forward:/jiamiguanli.action";