[理学]NetBeans电子商务教程-11 - Securing the Application.doc

The NetBeans E-commerce Tutorial - Securing the Application确保应用程序安全This tutorial unit focuses on web application security. When securing web applications, there are two primary concerns that need to be addressed:本教学单元关注web应用程序安全。要确保web应用程序安全有两个主要概念需要注意：1. Preventing unauthorized users from gaining access to protected content. 阻止未授权用户访问受保护资源。2. Preventing protected content from being read while it is being transmitted. 阻止受保护资源在传输过程中被读取。The first concern, access control, is typically a two-step process that involves (1) determining whether a user is who he or she claims to be (i.e., authentication), and then (2) either granting or denying the user access to the requested resource (i.e., authorization). A simple and common way to implement access control for web applications is with a login form that enables the server to compare user credentials with a pre-existing list of authenticated users.第一个概念，访问控制，是典型的两步处理，包括（1）确定用户是否是他/她声称的人（即，认证），然后（2）准许或拒绝用户访问请求的资源（即，授权）。一种简单通用的web应用程序访问控制方法是登录表单，它使服务器能够比较用户的凭据是否与预先存在的认证用户的一致。The second concern, protecting data while it is in transit, typically involves using Transport Layer Security (TLS), or its predecessor, Secure Sockets Layer (SSL), in order to encrypt any data communicated between the client and server.Upon reviewing the Affable Bean staffs list of requirements, well need to secure the application in the following ways:第二个概念，在数据传输时提供保护，典型地包括使用传输层安全（TLS）或它的前身，安全套接字层（SSL），用于加密客户端和服务器间传输的数据。回顾AffableBean 雇员的需求列表，需要使用以下方法保护应用程序安全： Set up a login form for the administration console that enables staff members access to the consoles services, and blocks unauthorized users. 为管理控制台设置一个登录表单，允许员工访问控制台服务，阻止未授权用户。 Configure secure data transport for both the customer checkout process, and for any data transmitted to and from the administration console. 为客户结帐过程和进出管理控制台的所有数据提供数据传输保护。In order to implement the above, well take advantage of NetBeans visual editor for the web.xml deployment descriptor. Well also work in the GlassFish Administration Console to configure a user group that corresponds to Affable Bean staff members, and verify SSL support.为了实现以上目标，利用NetBeans的可视化编辑器查看web.xml部署描述符。还要在GlassFish管理控制台配置Affable bean员工对应的“用户组”，核实SSL支持。You can view a live demo of the application that you build in this tutorial: NetBeans E-commerce Tutorial Demo Application.Software or ResourceVersion RequiredNetBeans IDEJava bundle, 6.8 or 6.9Java Development Kit (JDK)version 6GlassFish serverv3 or Open Source Edition 3.0.1MySQL database serverversion 5.1AffableBean projectsnapshot 10Notes: The NetBeans IDE requires the Java Development Kit (JDK) to run properly. If you do not have any of the resources listed above, the JDK should be the first item that you download and install. The NetBeans IDE Java Bundle includes Java Web and EE technologies, which are required for the application you build in this tutorial. The NetBeans IDE Java Bundle also includes the GlassFish server, which you require for this tutorial. You could download the GlassFish server independently, but the version provided with the NetBeans download has the added benefit of being automatically registered with the IDE. You can follow this tutorial unit without having completed previous units. To do so, see the setup instructions, which describe how to prepare the database and establish connectivity between the IDE, GlassFish, and MySQL. Java EE security is an expansive topic that spans well beyond the scope of this tutorial unit. In order to fully appreciate the range of implementation options that are available to you, refer to the Java EE 6 Tutorial, Part VII: Security. This unit provides ample references to relevant sub-sections within the Java EE Tutorial. Java EE安全是开放性主题远远超出本教学单元的范围。为了充分了解可用的实现选项，请参阅Java EE 6 Tutorial, Part VII: Security。本单元提供了Java EE教程相关小节的丰富引用。Examining the Project Snapshot查看项目快照The beginning state of the snapshot helps to illustrate the need for security in the application.本快照的起始状态有助于说明本应用程序的安全需求。1. Open the project snapshot for this tutorial unit in the IDE. Click the Open Project ( ) button and use the wizard to navigate to the location on your computer where you downloaded the project. 在IDE中打开本教程的项目快照。点击打开项目按钮( )，使用向导导航到计算机下载该项目的位置。2. Run the project ( ) to ensure that it is properly configured with your database and application server. 运行项目( )，确保数据库和应用服务器配置正确。If you receive an error when running the project, revisit the setup instructions, which describe how to prepare the database and establish connectivity between the IDE, GlassFish, and MySQL.如果运行项目时收到一条错误，回顾配置指南，它描述如何准备数据库和建立IDE、GlassFish和MySQL的连接。3. Test the applications functionality in your browser. This snapshot provides an implementation of the administration console, as specified in the customer requirements. To examine the administration console, enter the following URL in your browser: 在浏览器中测试应用程序的功能。该快照提供了一个管理控制台的实现，象客户需求中指定的那样。为了检查管理控制台，在浏览器中输入以下URL：http:/localhost:8080/AffableBean/admin/The administration console enables you to view all customers and orders contained in the database. When you click either of the links in the left panel, the page will update to display a table listing customers or orders, depending on your choice. (The log out link currently does not log out an authenticated user.) 管理控制台可查看数据库中的所有客户和订单。点击面板左侧的链接，页面将更新显示一个表列出客户或订单，这取决于您的选择。Note: The customers and orders that you see displayed in the administration console are dependent on the data stored in your database. You can create new records by stepping through the checkout process in the website. Alternatively, you can run the affablebean_sample_data.sql script on your affablebean database to have your data correspond to the records displayed in the following screenshots. (If you need help with this task, refer to step 2 in the setup instructions.)管理控制台中显示的客户和订单依赖于数据库中保存的数据。可以在网站上过一遍购物结帐过程来创建一条新纪录。也可以在affablebean数据库中运行affablebean_sample_data.sql脚本，使您的数据与下列快照中显示的一致。（如果在此任务中需要帮助，参考配置指南的第二步。）You can view details for each customer record by hovering your mouse and selecting an individual record. 将鼠标悬停在一条记录上，并选择一个记录，可看到客户记录的详细情况。Likewise, you can view an order summary for each customer either by selecting an order from the administration consoles orders table, or by clicking the view order summary link in a customer details display. 同样，从管理控制台的“订单”表中选择一个订单，或者在“客户细节”显示中点击“查看订单概况链接，可看到每个客户的订单概况。Naturally, none of this information should be available to an anonymous site visitor. In the coming steps, youll create login and error pages, so that when an unauthenticated user attempts to access the administration console, he or she will be directed to the login page. Upon successful login, the user is then redirected to the administration consoles menu; upon login failure, the error page is displayed. 很自然，这样的信息不该让匿名访问者看到。在接下来的步骤中，将创建登录后错误页面，以便未验证用户试图访问管理控制台时，可直接导航到登录页面。成功登录后，用户可重定向到管理控制台菜单；登录失败，则显示错误页面。4. Examine the project snapshot in the Projects window. 在项目窗口Projects window检查项目快照This implementation of the administration console primarily relies on the following project resources: 管理控制台的实现主要依赖以下项目资源：o An admin directory within the projects webroot, which contains all page view files. 项目webroot下的admin文件夹，包含所有视图文件o An AdminServlet, contained in the controller package, which forwards requests to page views within the admin directory. 包含在controller包中的AdminServlet，将请求转发到admin文件夹中的页面视图。Also, the following files have been modified from the previous snapshot:另外，下面的文件相对于前一个快照是修改过的：o WEB-INF/web.xml: Contains a new that includes the header and footer fragments for page views contained in the admin directory. 包含一个新的标签，为admin文件夹中的页面视图包含头和脚片段。o css/affablebean.css: Includes new style definitions for elements in the administration console 包含了为管理控制台定义的新样式。If you have been following the NetBeans E-commerce Tutorial sequentially, youll find that there is nothing contained in the implementation for the administration console which hasnt already been covered in previous units. Essentially, the AdminServlet processes requests from the admin/index.jsp page, EJBs and entity classes are employed to retrieve information from the database, and the information is then forwarded back to the admin/index.jsp page to be displayed.如果一直跟着NetBeans 电子商务教程进行开发，会发现前面的单元没有包含管理控制台的开发内容。本质上讲，AdminServlet处理来自admin/index.jsp页面的请求，EJB和实体类用于从数据库中取回信息，信息再传回admin/index.jsp页面并显示出来。5. In the browser, return to the customer website by clicking the Affable Bean logo in the upper left corner of the web page. Step through the entire business process flow of the application and note that the checkout process is handled over a non-secure channel. 在浏览器中点击网页左上角的Affable Bean logo可返回客户网站应该是主页.一步接一步完成应用程序的整个业务处理流，注意结帐过程是在不安全的信道上处理的。When customers reach the checkout page, they are expected to submit sensitive personal information in order to complete their orders. Part of your task in this tutorial unit is to ensure that this data is sent over a secure channel. Because the administration console also enables authenticated users to view customers personal information, it too needs to be configured so that data is sent over the Internet securely. 当客户到达结帐页面时，期望他们提交敏感的个人信息来完成订单。本教学单元的部分任务是确保这些数据通过安全信道发送。因为管理控制台允许授权用户查看客户个人信息，所以它也需要安全信道发送。Setting up Form-Based Authentication配置基于表单的验证In this section, you set up form-based authentication for the AffableBean administration console. Form-based authentication enables the server to authenticate users based on the credentials they enter into a login form. With these credentials, the server is able to make a decision on whether to grant the user access to protected resources. In order to implement this, youll create login and error pages, and will rely on declarative security by entering security settings in the applications web.xml deployment descriptor.在本节中，要为AffableBean控制台配置基于表单的验证。基于表单的验证使服务器根据用户输入到登录表单中的凭据验证用户。根据这些凭据服务器可决定允许或拒绝用户访问受保护的资源。为了实现这一目的，将创建登录和错误页面，并依赖输入到应用程序web.xml布署描述符中的声明式安全设置。Before you begin implementing a form-based authentication mechanism for the AffableBean application, the following background information is provided to help clarify the security terms relevant to our scenario.在开始为AffableBean应用程序实现基于表单验证机制前，下面的背景信息有所增加于弄清与本场景相关的安全术语。 Declarative and Programmatic Security 声明式和编程式安全 Choosing an Authentication Mechanism 选择验证机制Declarative and Programmatic Security声明式和编程式安全With declarative security, you specify all security settings for your application, including authentication requirements, access control, and security roles, using annotations and/or deployment descriptors. In other words, the security for your application is in a form that is external to the application, and relies on the mechanisms provided by the Java EE container for its management.使用声明式安全，可以为应用程序指定所有安全设置，包括验证需求、访问控制、安全角色、使用标注和/或布署描述符。换句话说，应用程序的安全是一个外部表单，并依赖于Java EE容器提供安全管理机制。With programmatic security, your classes, entities, servlets, and page views manage security themselves. In this case, security logic is integrated directly into your application, and is used to handle authentication and authorization, and ensure that data is sent over a secure network protocol when necessary.使用编程式安全，类、实体、servlet和页面视图自己管理安全事务。在这种情况下，安全逻辑集成在应用程序中，并用来处理验证和授权，确保需要时数据在安全网络协议上传输。For the AffableBean application, well use declarative security by declaring all security information in the web.xml deployment descriptor.对于AffableBean应用程序，将通过在web.xml布署描述符中声明安全信息来使用声明式安全。For more information on declarative and programmatic security types, see the Java EE 6 Tutorial: Overview of Web Application Security.关于声明式和编程式安全类型，参阅Java EE6 教程：web应用程序安全概述。Choosing an Authentication Mechanism选择验证机制An authentication mechanism is used to determine how a user gains access to restricted content. The Java EE platform supports various authentication mechanisms, such as HTTP basic authentication, form-based authentication, and client authentication. The authentication mechanism behind our login form will be form-based authentication. Youll learn what form-based authentication is when you begin setting up the login form for the AffableBean administration console below.验证机制用于决定如何控制用户访问受限内容。Java EE平台提供了多种不同的验证机制，如HTTP基本验证、基于表单的验证和客户端验证。藏在登录表单后面的验证机制是基于表单的验证。在下面开始为AffableBean管理控制台设置登录表单时，将学习什么是基于表单的验证。See the Java EE 6 Tutorial: Specifying Authentication Mechanisms for further information.更多信息请参阅Java EE 6教程：指定验证机制。Form-based authentication has the advantage of enabling the developer to design the appearance of the login form so that it better suits the application which it belongs to. Our implementation for the form-based authentication mechanism can be divided into two steps. Begin by creating page views for the required login form and error message. Then add entries to the web.xml deployment descriptor to inform the servlet container that the application requires form-based authentication for access to the resources that comprise the administration console.基于表单的验证有个优点是开发者可以设计登录表单的外观，更适于所属的应用程序。我们实现的具于表单的验证机制分为两步。首先创建所需的登录表单和错误消息的页面视图。然后在web.xml布署描述符中添加项目通知servlet容器应用程序要求有基于表单的验证来控制对管理控制台所含资源的访问。1. Create Pages for Login and Login Failure 创建登录和登录失败页面2. Add Security Entries to the Deployment Descriptor 在布署描述符中添加安全项Create Pages for Login and Login Failure创建登录和登录失败页面In form-based authentication, the process of authentication and authorization is shown in the following four steps:在基于表单的验证中，验证和授权过程有如下4步：1. The client sends a request to the server for a protected resource. 客户端向服务器发送请求访问受保护资源。2. The server recognizes that a protected resource has been requested, and returns the login page to the client. 服务器检测到请求的是受保护资源，向客户端返回登录页面。3. The client sends username and password credentials using the provided form. 客户端用所提供的表单发送用户名和密码凭据。4. The server processes the credentials, and if an authorized user is identified the protected resource is returned, otherwise the error page is returned. 服务器处理凭据，如果用户通过验证，返回受保护资源，否则返回错误页面。For more information on form-based authentication, see the Java EE 6 Tutorial: Form-Based Authentication.更多的基于表单的验证信息，请参阅Java EE 6教程：基于表单的验证。The j_security_check keyword represents the destination in the servlet container that handles authentication and authorization. When implementing the HTML login form, you apply it as the value for the forms action attribute. You also apply the j_username and j_password keywords, as in the following template:关键字j_security_check代表的目的地在servlet容器中负责处理验证和授权。在实现HTML登录表单时，可用它作为表单的action属性值。还可以象下面模板一样使用“j_username”和“j_password”关键字。 username: password: Perform the following steps.完成下面步骤1. In the Projects window, right-click the admin folder node and choose New JSP. 在项目窗口Projects，右击admin文件夹节点，选择新建JSPNewJSP。2. Name the file login, then click Finish. The new login.jsp file is created and opens in the editor. 将文件命名为login，然后点击完成Finish。创建了一个新的login.jsp文件，并在编辑器中打开了它。3. Repeat the previous two steps to create a new error.jsp file. In the New JSP wizard, name the file error. When you finish, youll have two new files listed in the Projects window. 重复以上两步创建新的error.jsp文件。在新JSP向导中将文件命名为error。完成后，在项目窗口Projects中列出了两个新文件。4. Open the projects web deployment descriptor. Press Alt-Shift-O (Ctrl-Shift-O on Mac) and in the Go to File dialog, type web, then click OK. 打开项目的web布署描述符。按Alt-Shift-O(Ctrl-Shift-O on Mac)并在Go to File对话框中键入“web”，然后点击OK。5. In the editor, scroll to the bottom of the web.xml file and note the entry created for JSP pages in the administration console. Add the new login and error JSP pages as entries. (Changes in bold.) 在编辑器中，滚动到web.xml文件的底部，注意为管理控制台中的JSP页面创建项。用标签添加新的登录和错误JSP页面。（修改如黑体所示） JSP configuration for the admin console /admin/index.jsp /admin/login.jsp /admin/error.jsp /admin/jspf/header.jspf /admin/jspf/footer.jspfThis step ensures that when these two pages are returned to a client, they will be prepended and appended with the defined header.jspf and footer.jspf fragments, respectively. 这个步骤确保这两个页面返回给客户端时会附加上定义好的header.jspf和footer.jspf。You can equally configure the entry from the web.xmls visual editor. Click the Pages tab along the top of the editor, and enter the URL patterns into the respective JSP Property Group.可以在可视化编辑器中配置web.xml的项。在编辑器顶部点击页面Pages标签页，输入URL模式到各自的JSP属性组Property Group。6. Press Ctrl-Tab to switch to the login.jsp file in the editor. Delete the entire template contents for the file, then enter the following HTML form. 按Ctrl-Tab在编辑器中切换到login.jsp文件。删除模板中的内容，输入下面下面HTML表单。 username: password: Note that the HTML form is based on the template provided above. Here, you use the j_security_check keyword as the value for the forms action attribute, and the j_username and j_password keywords as the values for the name attribute of the username and password text fields. Also note that we define the style of the form by encapsulating the form widgets within a element that has st