網(wǎng)絡(luò)安全導(dǎo)論 實(shí)驗(yàn)2B 網(wǎng)絡(luò)投票系統(tǒng)的實(shí)現(xiàn)與安全性分析

實(shí)驗(yàn)2B網(wǎng)絡(luò)投票系統(tǒng)的實(shí)現(xiàn)與安全性分析一、實(shí)驗(yàn)?zāi)康?.學(xué)會(huì)配置JSP運(yùn)行環(huán)境，初步熟悉WEB應(yīng)用程序的開發(fā)過程。2.通過對(duì)一個(gè)投票系統(tǒng)的安全性分析，理解系統(tǒng)的設(shè)計(jì)者、審核者和相關(guān)管理機(jī)構(gòu)的責(zé)任。二、實(shí)驗(yàn)準(zhǔn)備1．網(wǎng)絡(luò)通信中最常見的模式是B/S模式，即用戶使用瀏覽器向某個(gè)服務(wù)器發(fā)出請(qǐng)求，服務(wù)器進(jìn)行必要的處理后，將有關(guān)信息發(fā)給用戶瀏覽器。在B/S模式下，服務(wù)器上必須有所謂的WEB應(yīng)用程序。常用的WEB應(yīng)用程序技術(shù)有JSP和ASP。JSP程序（頁面）需要一個(gè)JSP引擎來運(yùn)行，這個(gè)引擎就是JSP的WEB服務(wù)器Tomcat。2．在設(shè)計(jì)WEB應(yīng)用時(shí)，服務(wù)器在很多情況下需要將用戶提供的數(shù)據(jù)保存在在服務(wù)器端，本實(shí)驗(yàn)需要首先在一臺(tái)機(jī)器上同時(shí)安裝Tomcat服務(wù)器和Mysql數(shù)據(jù)庫服務(wù)器，本實(shí)驗(yàn)的架構(gòu)如圖2-2所示：圖2-2本實(shí)驗(yàn)的Web架構(gòu)3.對(duì)于網(wǎng)絡(luò)投票系統(tǒng)而言，其安全性相當(dāng)重要，請(qǐng)讀者參考教材相關(guān)內(nèi)容，分析并給出網(wǎng)絡(luò)投票系統(tǒng)的安全性要求，并分析相關(guān)實(shí)現(xiàn)辦法。三、實(shí)驗(yàn)內(nèi)容1.在Win10操作系統(tǒng)下下安裝配置JSP運(yùn)行環(huán)境（1）安裝JDK1.8，設(shè)置環(huán)境變量。（2）檢驗(yàn)安裝配置是否正確。（3）安裝與啟動(dòng)Tomcat。（4）測(cè)試：在瀏覽器中輸入地址：http://localhost:8080,測(cè)試服務(wù)器是否成功啟動(dòng)。2、連接mysql數(shù)據(jù)庫利用mysql-connector-java-5.1.14-bin.jar驅(qū)動(dòng)包連接數(shù)據(jù)庫。3.調(diào)試、運(yùn)行和分析一個(gè)投票系統(tǒng)。首先需要?jiǎng)?chuàng)建一個(gè)數(shù)據(jù)庫vote_db，將該數(shù)據(jù)庫設(shè)置為一個(gè)數(shù)據(jù)源。該庫有兩張表candidate和user,其中candidate表有id,person和acount三個(gè)字段，用來存放候選人的id，名稱和得票數(shù)；user表有id,username,idcard,password和state，用來存放投票者的id，用戶名，身份證，密碼和狀態(tài)。本投票系統(tǒng)由index.jsp和stat.jsp兩個(gè)頁面組成，index.jsp按照user表中的候選人生成一個(gè)投票表單，用戶使用該表單投票，stat.jsp是投票完成系統(tǒng)頁面。index.jsp//投票頁面<%@pagelanguage="java"contentType="text/html;charset=UTF-8" pageEncoding="UTF-8"%><%@tagliburi="/jsp/jstl/core"prefix="c"%><!DOCTYPEhtml><htmllang="zh-cn"><head><metahttp-equiv="Content-Type"content="text/html;charset=UTF-8"><metaname="viewport" content="width=device-width,initial-scale=1,maximum-scale=1,user-scalable=no"><!--SEO優(yōu)化--><metaname="keywords"content="投票"><metaname="author"content="teamchen"><title>TeamChen投票案例</title><!--導(dǎo)入Bootstrap相關(guān)包--><linkrel="stylesheet"href="css/bootstrap.min.css"></head><body> <divclass="container-fluid"> <divclass="jumbotron"> <h1>歡迎參與投票</h1> <br/> <p>組長(zhǎng)：陳璐140104300205</p> <p>組員：王春曉140104300123</p> <c:choose> <c:whentest="${user.username==null}"> <p> <aclass="btnbtn-primarybtn-lg"data-toggle="modal" data-target="#loginOrRegister">請(qǐng)驗(yàn)證您的身份信息</a> <pclass="bg-danger">${unLogin}</p> <pclass="bg-danger">${warning}</p> </p> </c:when> <c:whentest="${user.username!=null}"> <p> <aclass="btnbtn-primarybtn-lg"href="logout">您好！${user.username}。安全退出</a> </p> </c:when> </c:choose> </div> <formid="doVote"action="doVote"method="post"> <tableclass="tabletable-hover"> <trclass="active"> <pclass="lead">您最喜歡的課程？</p> </tr> <c:forEachitems="${canList}"var="candidate"> <tr> <td><labelid="chk_candidate"class="checkbox"><inputtype="radio" name="cid"id="candidate_id"value="${candidate.id}"> ${candidate.person} </label></td> </tr> </c:forEach> </table> <buttontype=submitclass="btnbtn-primary">提交</button> </form> </div> <!--Modal--> <divclass="modalfade"id="loginOrRegister"tabindex="-1" role="dialog"aria-labelledby="myModalLabel"> <divclass="modal-dialog"role="document"> <divclass="modal-content"> <divclass="modal-header"> <buttontype="button"class="close"data-dismiss="modal" aria-label="Close"> <spanaria-hidden="true">×</span> </button> <h4class="modal-title"id="myModalLabel">請(qǐng)驗(yàn)證您的身份信息</h4> </div> <divclass="modal-body"> <divclass="tab-content"id="userInfoTabContent"> <divclass="tab-panefadeinactive"id="register"> <formaction="register"method="post"> <divclass="form-group"> <labelfor="exampleInputEmail1">姓名</label><inputtype="text" class="form-control"name="username"placeholder="姓名"> </div> <divclass="form-group"> <labelfor="exampleInputPassword1">身份證號(hào)碼</label><input type="password"class="form-control"name="idcard" placeholder="身份證號(hào)碼"> </div> <divclass="form-group"> <labelfor="exampleInputPassword1">密碼</label><input type="password"class="form-control"name="password" placeholder="密碼"> </div> <buttontype="submit"class="btnbtn-primary">確定</button> </form> </div> </div> </div> <divclass="modal-footer"> <buttontype="button"class="btnbtn-default"data-dismiss="modal">取消</button> </div> </div> </div> </div> <scriptsrc="js/jquery-1.11.1.min.js"></script> <scriptsrc="js/bootstrap.min.js"></script> <script> <%--functionisLoginAndSubmit(){ varusername="<%=session.getAttribute("user.username")%>"; varfmdovote=document.getElementById('doVote'); alert(fmdovote); //username默認(rèn)為Null if(username==null){ alert("確定？"); }else{ alert("請(qǐng)先登錄！"); fmdovote.onsubmit=function(){ returnfalse; }; } };--%> $("#doVote").submit(function(){ alert("確定提交嗎？") }); </script></body></html>stat.jsp//投票成功頁面<%@pagelanguage="java"contentType="text/html;charset=UTF-8" pageEncoding="UTF-8"%><%@tagliburi="/jsp/jstl/core"prefix="c"%><!DOCTYPEhtml><htmllang="zh-cn"><head><metahttp-equiv="Content-Type"content="text/html;charset=UTF-8"><metaname="viewport" content="width=device-width,initial-scale=1,maximum-scale=1,user-scalable=no"><!--SEO優(yōu)化--><metaname="keywords"content="投票"><metaname="author"content="teamchen"><title>TeamChen投票案例</title><!--導(dǎo)入Bootstrap相關(guān)包--><linkrel="stylesheet"href="css/bootstrap.min.css"></head><body> <divclass="container"> 提交成功 </div> <scriptsrc="js/jquery-1.11.1.min.js"></script> <scriptsrc="js/bootstrap.min.js"></script></body></html>edu.bzsecure.pojo/Candidate.java//實(shí)體類packageedu.bzsecure.pojo;publicclassCandidate{privateIntegerid;privateStringperson;privateIntegeracount;publicIntegergetId(){returnid;}publicvoidsetId(Integerid){this.id=id;}publicStringgetPerson(){returnperson;}publicvoidsetPerson(Stringperson){this.person=person==null?null:person.trim();}publicIntegergetAcount(){returnacount;}publicvoidsetAcount(Integeracount){this.acount=acount;}}edu.bzsecure.pojo/User.java//實(shí)體類packageedu.bzsecure.pojo;publicclassUser{privateIntegerid;privateStringusername;privateStringidcard;privateStringpassword;privateIntegerstate;publicIntegergetId(){returnid;}publicvoidsetId(Integerid){this.id=id;}publicStringgetUsername(){returnusername;}publicvoidsetUsername(Stringusername){this.username=username==null?null:username.trim();}publicStringgetIdcard(){returnidcard;}publicvoidsetIdcard(Stringidcard){this.idcard=idcard==null?null:idcard.trim();}publicStringgetPassword(){returnpassword;}publicvoidsetPassword(Stringpassword){this.password=password==null?null:password.trim();}publicIntegergetState(){returnstate;}publicvoidsetState(Integerstate){this.state=state;}}edu.bzsecure.mapper/CandidateMapper.java//映射類packageedu.bzsecure.mapper;importjava.util.List;importedu.bzsecure.pojo.Candidate;publicinterfaceCandidateMapper{ //投票 voidupdateAcountById(Integercid);}edu.bzsecure.mapper/UserMapper.java//映射類packageedu.bzsecure.mapper;importedu.bzsecure.pojo.User;publicinterfaceUserMapper{intdeleteByPrimaryKey(Integerid);intinsert(Userrecord);intinsertSelective(Userrecord);}edu.bzsecure.controller/UserController.javapackageedu.bzsecure.controller;importjavax.servlet.http.HttpSession;importorg.springframework.beans.factory.annotation.Autowired;importorg.springframework.stereotype.Controller;importorg.springframework.web.bind.annotation.RequestMapping;importorg.springframework.web.bind.annotation.RequestParam;importedu.bzsecure.pojo.User;importedu.bzsecure.service.UserService;@ControllerpublicclassUserController{ @Autowired privateUserServiceuserService; @RequestMapping("/register") publicStringregister(HttpSessionsession, @RequestParam("username")Stringusername, @RequestParam("idcard")Stringidcard, @RequestParam("password")Stringpassword){ Useruser=newUser(); user.setUsername(username); user.setIdcard(idcard); user.setPassword(password); user.setState(1); userService.insertUser(user); session.setAttribute("user",user); return"redirect:/"; } @RequestMapping("/logout") publicStringregister(HttpSessionsession){ session.invalidate(); return"redirect:/"; } }edu.bzsecure.controller/PageController.javapackageedu.bzsecure.controller;importjava.util.ArrayList;importjava.util.List;importorg.springframework.beans.factory.annotation.Autowired;importorg.springframework.stereotype.Controller;importorg.springframework.ui.Model;importorg.springframework.web.bind.annotation.RequestMapping;importedu.bzsecure.pojo.Candidate;importedu.bzsecure.service.CandidateService;@ControllerpublicclassPageController{ @Autowired privateCandidateServicecandidateService; @RequestMapping("/") publicStringgetIndex(Modelmodel){ List<Candidate>canList=newArrayList<>(); canList=candidateService.findAllCandidate(); model.addAttribute("canList",canList); return"index"; } }edu.bzsecure.controller/UserController.javapackageedu.bzsecure.controller;importjavax.servlet.http.HttpServletRequest;importjavax.servlet.http.HttpSession;importorg.apache.solr.client.solrj.response.FacetField.Count;importorg.springframework.beans.factory.annotation.Autowired;importorg.springframework.stereotype.Controller;importorg.springframework.web.bind.annotation.RequestMapping;importorg.springframework.web.bind.annotation.RequestParam;importcom.alibaba.druid.sql.dialect.oracle.ast.stmt.OracleIfStatement.Else;importedu.bzsecure.pojo.User;importedu.bzsecure.service.DoVoteService;@ControllerpublicclassVoteController{ privateintCOUNT=1; @Autowired privateDoVoteServicedoVoteService; @RequestMapping("/doVote") publicStringdoVote(@RequestParam("cid")Stringcid,HttpServletRequestreq){ HttpSessionsession=req.getSession(); Useruser=(User)session.getAttribute("user"); if(user!=null&&COUNT==1){ doVoteService.updateAcountById(Integer.parseInt(cid)); COUNT=0; session.setAttribute("warning","您已經(jīng)投過票了!"); return"stat"; }elseif(COUNT==0){ session.setAttribute("warning","您已經(jīng)投過票了!"); return"redirect:/"; }else{ session.setAttribute("unLogin","←請(qǐng)先進(jìn)行登錄,再投票！"); return"redirect:/"; } } }edu.bzsecure.service.impl/CandidateService.javapackageedu.bzsecure.service.impl;importjava.util.ArrayList;importjava.util.List;importorg.springframework.beans.factory.annotation.Autowired;importorg.springframework.stereotype.Service;importedu.bzsecure.mapper.CandidateMapper;importedu.bzsecure.pojo.Candidate;importedu.bzsecure.service.CandidateService;@Service("c