網(wǎng)絡安全導論 實驗2B 網(wǎng)絡投票系統(tǒng)的實現(xiàn)與安全性分析

實驗2B網(wǎng)絡投票系統(tǒng)的實現(xiàn)與安全性分析一、實驗目的1.學會配置JSP運行環(huán)境，初步熟悉WEB應用程序的開發(fā)過程。2.通過對一個投票系統(tǒng)的安全性分析，理解系統(tǒng)的設計者、審核者和相關管理機構的責任。二、實驗準備1．網(wǎng)絡通信中最常見的模式是B/S模式，即用戶使用瀏覽器向某個服務器發(fā)出請求，服務器進行必要的處理后，將有關信息發(fā)給用戶瀏覽器。在B/S模式下，服務器上必須有所謂的WEB應用程序。常用的WEB應用程序技術有JSP和ASP。JSP程序（頁面）需要一個JSP引擎來運行，這個引擎就是JSP的WEB服務器Tomcat。2．在設計WEB應用時，服務器在很多情況下需要將用戶提供的數(shù)據(jù)保存在在服務器端，本實驗需要首先在一臺機器上同時安裝Tomcat服務器和Mysql數(shù)據(jù)庫服務器，本實驗的架構如圖2-2所示：圖2-2本實驗的Web架構3.對于網(wǎng)絡投票系統(tǒng)而言，其安全性相當重要，請讀者參考教材相關內容，分析并給出網(wǎng)絡投票系統(tǒng)的安全性要求，并分析相關實現(xiàn)辦法。三、實驗內容1.在Win10操作系統(tǒng)下下安裝配置JSP運行環(huán)境（1）安裝JDK1.8，設置環(huán)境變量。（2）檢驗安裝配置是否正確。（3）安裝與啟動Tomcat。（4）測試：在瀏覽器中輸入地址：http://localhost:8080,測試服務器是否成功啟動。2、連接mysql數(shù)據(jù)庫利用mysql-connector-java-5.1.14-bin.jar驅動包連接數(shù)據(jù)庫。3.調試、運行和分析一個投票系統(tǒng)。首先需要創(chuàng)建一個數(shù)據(jù)庫vote_db，將該數(shù)據(jù)庫設置為一個數(shù)據(jù)源。該庫有兩張表candidate和user,其中candidate表有id,person和acount三個字段，用來存放候選人的id，名稱和得票數(shù)；user表有id,username,idcard,password和state，用來存放投票者的id，用戶名，身份證，密碼和狀態(tài)。本投票系統(tǒng)由index.jsp和stat.jsp兩個頁面組成，index.jsp按照user表中的候選人生成一個投票表單，用戶使用該表單投票，stat.jsp是投票完成系統(tǒng)頁面。index.jsp//投票頁面<%@pagelanguage="java"contentType="text/html;charset=UTF-8" pageEncoding="UTF-8"%><%@tagliburi="/jsp/jstl/core"prefix="c"%><!DOCTYPEhtml><htmllang="zh-cn"><head><metahttp-equiv="Content-Type"content="text/html;charset=UTF-8"><metaname="viewport" content="width=device-width,initial-scale=1,maximum-scale=1,user-scalable=no"><!--SEO優(yōu)化--><metaname="keywords"content="投票"><metaname="author"content="teamchen"><title>TeamChen投票案例</title><!--導入Bootstrap相關包--><linkrel="stylesheet"href="css/bootstrap.min.css"></head><body> <divclass="container-fluid"> <divclass="jumbotron"> <h1>歡迎參與投票</h1> <br/> <p>組長：陳璐140104300205</p> <p>組員：王春曉140104300123</p> <c:choose> <c:whentest="${user.username==null}"> <p> <aclass="btnbtn-primarybtn-lg"data-toggle="modal" data-target="#loginOrRegister">請驗證您的身份信息</a> <pclass="bg-danger">${unLogin}</p> <pclass="bg-danger">${warning}</p> </p> </c:when> <c:whentest="${user.username!=null}"> <p> <aclass="btnbtn-primarybtn-lg"href="logout">您好！${user.username}。安全退出</a> </p> </c:when> </c:choose> </div> <formid="doVote"action="doVote"method="post"> <tableclass="tabletable-hover"> <trclass="active"> <pclass="lead">您最喜歡的課程？</p> </tr> <c:forEachitems="${canList}"var="candidate"> <tr> <td><labelid="chk_candidate"class="checkbox"><inputtype="radio" name="cid"id="candidate_id"value="${candidate.id}"> ${candidate.person} </label></td> </tr> </c:forEach> </table> <buttontype=submitclass="btnbtn-primary">提交</button> </form> </div> <!--Modal--> <divclass="modalfade"id="loginOrRegister"tabindex="-1" role="dialog"aria-labelledby="myModalLabel"> <divclass="modal-dialog"role="document"> <divclass="modal-content"> <divclass="modal-header"> <buttontype="button"class="close"data-dismiss="modal" aria-label="Close"> <spanaria-hidden="true">×</span> </button> <h4class="modal-title"id="myModalLabel">請驗證您的身份信息</h4> </div> <divclass="modal-body"> <divclass="tab-content"id="userInfoTabContent"> <divclass="tab-panefadeinactive"id="register"> <formaction="register"method="post"> <divclass="form-group"> <labelfor="exampleInputEmail1">姓名</label><inputtype="text" class="form-control"name="username"placeholder="姓名"> </div> <divclass="form-group"> <labelfor="exampleInputPassword1">身份證號碼</label><input type="password"class="form-control"name="idcard" placeholder="身份證號碼"> </div> <divclass="form-group"> <labelfor="exampleInputPassword1">密碼</label><input type="password"class="form-control"name="password" placeholder="密碼"> </div> <buttontype="submit"class="btnbtn-primary">確定</button> </form> </div> </div> </div> <divclass="modal-footer"> <buttontype="button"class="btnbtn-default"data-dismiss="modal">取消</button> </div> </div> </div> </div> <scriptsrc="js/jquery-1.11.1.min.js"></script> <scriptsrc="js/bootstrap.min.js"></script> <script> <%--functionisLoginAndSubmit(){ varusername="<%=session.getAttribute("user.username")%>"; varfmdovote=document.getElementById('doVote'); alert(fmdovote); //username默認為Null if(username==null){ alert("確定？"); }else{ alert("請先登錄！"); fmdovote.onsubmit=function(){ returnfalse; }; } };--%> $("#doVote").submit(function(){ alert("確定提交嗎？") }); </script></body></html>stat.jsp//投票成功頁面<%@pagelanguage="java"contentType="text/html;charset=UTF-8" pageEncoding="UTF-8"%><%@tagliburi="/jsp/jstl/core"prefix="c"%><!DOCTYPEhtml><htmllang="zh-cn"><head><metahttp-equiv="Content-Type"content="text/html;charset=UTF-8"><metaname="viewport" content="width=device-width,initial-scale=1,maximum-scale=1,user-scalable=no"><!--SEO優(yōu)化--><metaname="keywords"content="投票"><metaname="author"content="teamchen"><title>TeamChen投票案例</title><!--導入Bootstrap相關包--><linkrel="stylesheet"href="css/bootstrap.min.css"></head><body> <divclass="container"> 提交成功 </div> <scriptsrc="js/jquery-1.11.1.min.js"></script> <scriptsrc="js/bootstrap.min.js"></script></body></html>edu.bzsecure.pojo/Candidate.java//實體類packageedu.bzsecure.pojo;publicclassCandidate{privateIntegerid;privateStringperson;privateIntegeracount;publicIntegergetId(){returnid;}publicvoidsetId(Integerid){this.id=id;}publicStringgetPerson(){returnperson;}publicvoidsetPerson(Stringperson){this.person=person==null?null:person.trim();}publicIntegergetAcount(){returnacount;}publicvoidsetAcount(Integeracount){this.acount=acount;}}edu.bzsecure.pojo/User.java//實體類packageedu.bzsecure.pojo;publicclassUser{privateIntegerid;privateStringusername;privateStringidcard;privateStringpassword;privateIntegerstate;publicIntegergetId(){returnid;}publicvoidsetId(Integerid){this.id=id;}publicStringgetUsername(){returnusername;}publicvoidsetUsername(Stringusername){this.username=username==null?null:username.trim();}publicStringgetIdcard(){returnidcard;}publicvoidsetIdcard(Stringidcard){this.idcard=idcard==null?null:idcard.trim();}publicStringgetPassword(){returnpassword;}publicvoidsetPassword(Stringpassword){this.password=password==null?null:password.trim();}publicIntegergetState(){returnstate;}publicvoidsetState(Integerstate){this.state=state;}}edu.bzsecure.mapper/CandidateMapper.java//映射類packageedu.bzsecure.mapper;importjava.util.List;importedu.bzsecure.pojo.Candidate;publicinterfaceCandidateMapper{ //投票 voidupdateAcountById(Integercid);}edu.bzsecure.mapper/UserMapper.java//映射類packageedu.bzsecure.mapper;importedu.bzsecure.pojo.User;publicinterfaceUserMapper{intdeleteByPrimaryKey(Integerid);intinsert(Userrecord);intinsertSelective(Userrecord);}edu.bzsecure.controller/UserController.javapackageedu.bzsecure.controller;importjavax.servlet.http.HttpSession;importorg.springframework.beans.factory.annotation.Autowired;importorg.springframework.stereotype.Controller;importorg.springframework.web.bind.annotation.RequestMapping;importorg.springframework.web.bind.annotation.RequestParam;importedu.bzsecure.pojo.User;importedu.bzsecure.service.UserService;@ControllerpublicclassUserController{ @Autowired privateUserServiceuserService; @RequestMapping("/register") publicStringregister(HttpSessionsession, @RequestParam("username")Stringusername, @RequestParam("idcard")Stringidcard, @RequestParam("password")Stringpassword){ Useruser=newUser(); user.setUsername(username); user.setIdcard(idcard); user.setPassword(password); user.setState(1); userService.insertUser(user); session.setAttribute("user",user); return"redirect:/"; } @RequestMapping("/logout") publicStringregister(HttpSessionsession){ session.invalidate(); return"redirect:/"; } }edu.bzsecure.controller/PageController.javapackageedu.bzsecure.controller;importjava.util.ArrayList;importjava.util.List;importorg.springframework.beans.factory.annotation.Autowired;importorg.springframework.stereotype.Controller;importorg.springframework.ui.Model;importorg.springframework.web.bind.annotation.RequestMapping;importedu.bzsecure.pojo.Candidate;importedu.bzsecure.service.CandidateService;@ControllerpublicclassPageController{ @Autowired privateCandidateServicecandidateService; @RequestMapping("/") publicStringgetIndex(Modelmodel){ List<Candidate>canList=newArrayList<>(); canList=candidateService.findAllCandidate(); model.addAttribute("canList",canList); return"index"; } }edu.bzsecure.controller/UserController.javapackageedu.bzsecure.controller;importjavax.servlet.http.HttpServletRequest;importjavax.servlet.http.HttpSession;importorg.apache.solr.client.solrj.response.FacetField.Count;importorg.springframework.beans.factory.annotation.Autowired;importorg.springframework.stereotype.Controller;importorg.springframework.web.bind.annotation.RequestMapping;importorg.springframework.web.bind.annotation.RequestParam;importcom.alibaba.druid.sql.dialect.oracle.ast.stmt.OracleIfStatement.Else;importedu.bzsecure.pojo.User;importedu.bzsecure.service.DoVoteService;@ControllerpublicclassVoteController{ privateintCOUNT=1; @Autowired privateDoVoteServicedoVoteService; @RequestMapping("/doVote") publicStringdoVote(@RequestParam("cid")Stringcid,HttpServletRequestreq){ HttpSessionsession=req.getSession(); Useruser=(User)session.getAttribute("user"); if(user!=null&&COUNT==1){ doVoteService.updateAcountById(Integer.parseInt(cid)); COUNT=0; session.setAttribute("warning","您已經(jīng)投過票了!"); return"stat"; }elseif(COUNT==0){ session.setAttribute("warning","您已經(jīng)投過票了!"); return"redirect:/"; }else{ session.setAttribute("unLogin","←請先進行登錄,再投票！"); return"redirect:/"; } } }edu.bzsecure.service.impl/CandidateService.javapackageedu.bzsecure.service.impl;importjava.util.ArrayList;importjava.util.List;importorg.springframework.beans.factory.annotation.Autowired;importorg.springframework.stereotype.Service;importedu.bzsecure.mapper.CandidateMapper;importedu.bzsecure.pojo.Candidate;importedu.bzsecure.service.CandidateService;@Service("c