Java EE多层软件架构的安全构建

针对多层软件架构在各个层次的组件上可用不同的方式进行安全性设置的问题,提出除了在统一架构上通过角色、权限控制来完成之外,在表示层使用Session和验证码的方式来防止“翻墙”和破解用户密码,在业务处理通过AOP和Spring Security来设置验证切面、认证、会话管理等,在数据持久层通过数据库自身的数据备份和恢复与Hibernate提供的事务隔离级别来提高系统的安全性.

Construction of Java EE Multi-Layer Software Architecture Security

There are security settings to solve the problem of multi - layer software architecture in the assembly of different levels based on available in different ways, in addition to the unified architecture through the role, authority control to complete, in the presentation layer using Session and verification code to prevent ＂over the wall＂ and user password cracking, in business process by AOP and Spring Security to set the validation section, authentication, session management, transaction isolation level in the data persistence layer through the database data backup and recovery and self provided by Hibernate to improve the security of the system.