摘要
本文在对ROP框架和Web安全技术进行研究的基础上,首先对ROP进行了介绍,与其它技术进行了比较;同时对XML消息重写攻击对消息本体的影响进行了分析并研究了其解决策略。然后使用Ecplise平台,基于B/S的架构设计并实现了一个单点登录系统。采用ROP框架解决第三方平台认证授权问题,利用分层模型来降低系统层与层的间的耦合度,提高了系统的可扩展性和可维护性;其次针对消息本体传输安全问题,提出了ROP—Jusnit方案,并通过测试验证了其安全性和可行性。
Based on the study of Rop framework and Web security technology, Rop is introduced and compared with other technologies. At the same time, the impact of XML message rewriting attacks on message ontology is analyzed and its solution is studied. On the Eeplise platform, a single sign on system is implemented based on the B/S architecture design. The ROP framework is used to solve the authority of the platform for third - party certification, the hierarchical model is used to reduce the coupling between layer and layer, thus the system scalability and maintainability have been improved. Secondly, ROP -Jusnit scheme is proposed to solve the message body transmission security. And its safety and feasibility are tested and verified.
出处
《西安铁路职业技术学院学报》
2016年第1期7-13,共7页
Journal of Xi’an Railway Vocational & Technical Institute
关键词
安全
认证
授权
ROP
Security
Authentication
Authorization
ROP