计算机软件论文基于SOA的网格服务平台安全服务的研究与实现.doc

基于soa的网格服务平台安全服务的研究与实现 基于soa的网格服务平台安全服务的研究与实现 the research and implementation of security service in grid service system based on soa【中文摘要】 网格是继internet和web之后的第三代互联网应用,其目标是将互联网上计算资源、存储资源、通信资源、软件资源、信息资源和知识资源等所有资源全面整合在一起,通过高速互联网络连接成一个的虚拟组织,实现网络虚拟环境上的高性能资源共享和协同工作。网格建立在开放性、异构性极大的公共网络internet中,除了考虑传统网络的安全问题之外,还必须考虑网格计算环境中的诸多新特点所带来的安全问题,如:用户、资源动态可变,计算过程可中动态请求启动进程、申请或释放资源等等。网格安全问题是网格计算中的核心问题。通过安全认证、私钥保护,防止合法用户被冒充;通过委托授权,授予合法用户访问数据和执行操作的权限,防止数据被非法访问和修改等等。本文在基于soa的网格服务平台的研究与设计的基础上,实现了安全服务。平台的设计目标是用户通过浏览器页面,使用网格提供的各种服务,网格的实际结构相对于用户来说是透明的。通过对网格安全技术及网格安全基础设施gsi进行深入的学习和研究,分析基于gsi的安全认证过程,在gt4上自定义网格安全服务资源,使用java cog kit将网格安全服务映射到java开发框架中,对网格安全服务(申请证书服务、签发证书服务、生成代理服务)进行抽象,将gt4的安全接口封装成j2ee环境下的web服务及服务接口,使得服务层与底层的具体实现相分离,独立于底层网格平台,具备良好的可扩展性和可移植性,提高了j2ee开发者用这些接口继续开发j2ee服务的自由度【英文摘要】 the grid develops after internet and web,it is the third generation internet application, it is aim to integrate the computing resource, the memory resources, the correspondence resources, the software resource, the information resource and the knowledge resources . the grid connecting with high speed internet form a virtual environment , realize resources share and co-work on virtual environment with high propertie.the grid establish on public internet which is much open and heteromerous. except for considering security problem of traditional internet, lots of new features bringing security problems in the grid computation environment has to be considered, such as users and resources could change dynamicly, process is asked to start when computing, applicate or release resources. the grid security is the most important thing in the grid computation .it could prevent to be falsely claim to be legal users through security authentication, private key protection. and grant legal users authority to access data and execute operations, and prevent data from illegal access and modified, etc.this article has realized the security service on the foundation of the research and design of grid service system based on soa. the target of the platform is the user uses the browser page, can use each kind of service which the grid provides, the actual structure of the grid is transparen to the user. through carries on the thorough study and the research to the grid security and grid security infrastructure gsi, analyzes based on the gsi security authentication process, definited grid security service resources on gt4, uses java cog kit to map the grid security service in the java development frame, carrid on abstractly to the grid security service (requests certificate service, signs certificate service, generates proxy service), packing the gt4 security connection to the web service and the service connection under the j2ee environment, makes the service level and the first floor realizes specifically separates, independence from the first floor grid platform, has the good extendibility and the probability, enhanced the the degree-of-freedom of the j2ee exploiter to use these connections continue to develop the j2ee service【中文关键词】 网格计算; 安全认证; gsi; java cog kit; soa; 安全服务 【英文关键词】 gird computing; security authentication; gsi; java cog kit; soa; security service 【毕业论文目录】毕业论文论文致谢 5-6 摘要 6-7 abstract 7 1 引言 10-12 1.1 研究背景 10 1.2 研究内容 10-11 1.3 论文结构 11-12 2 相关理论与技术 12-35 2.1 网格基础知识 12-24 2.1.1 网格的概念 12-15 2.1.2 网格的体系结构 15-20 2.1.3 国内外网格发展情况 20-24 2.2 安全技术 24-30 2.2.1 安全需求 24-25 2.2.2 网格安全技术 25-26 2.2.3 网格安全基础设施gsi 26-30 2.3 web service与soa 30-31 2.4 globus toolkit4(gt4) 31-33 2.5 小结 33-35 3 安全服务的分析与设计 35-45 3.1 安全认证 35-41 3.1.1 申请证书 35 3.1.2 签发证书 35-36 3.1.3 用户生成代理证书 36-37 3.1.4 用户相互认证 37-38 3.1.5 授权 38-39 3.1.6 进程的安全证书签署 39-40 3.1.7 安全通信 40-41 3.2 安全服务的设计 41-44 3.2.1 需求分析 41 3.2.2 可行性分析 41-42 3.2.3 功能设计 42-44 3.3 小结 44-45 4 安全服务的实现 45-59 4.1 开发环境 45 4.2 java cog kit 45-47 4.3 中间层调用的设计与实现 47-51 4.3.1 申请证书功能的java实现 47-48 4.3.2 签发证书功能的java实现 48-49 4.3.3 生成代理功能的java实现 49-51 4.4 安全服务设计与实现 51-