JAAS 学习笔记

JAAS

Resource:http://hintcnuie.iteye.com/blog/245239

 
Authentication, Authorization and Access Control
The primary goal of JAAS is to manage the granting of permissions and performing security checks for those permissions.
 
1.Authentication
1.1 Concept
Principal is one of identifers of a subject.
Subject is a collection of principals.
Credential is a prove of principal, it could be any type of object.  
Authentication:The process to identify subject and attach credentials and principals to a subject.
LoginModule: provide a pluggable way to have system support JAAS.
                    used for authentication(login, and principals, credentials binding)
                    ( authentication technology providers interface)
LoginContext:describes the basic methods used to authenticate Subjects and provides a way to develop an
                    application independent of the underlying authentication technology.
                    ( Application Interface)            
Configuration:determine which LoginModules should be used,
                     and which ones must succeed in order for the overall authentication to succeed(consits of AppConfigurationEntrys).
CallbackHandler: communicate and interact with users to gather identification information
CallBack: store information gathered by CallbackHandler;
  
1.2Authentication Progress
Application employ LoginContext to get a authenticated Subject. At this time, LoginContext will ask the Configuration for the
plugined LoginModules, and call each LoginModule to attach principals and credentials to  Subject(owned by each LoginModule or LoginContext).
Before each LoginModule attach principals and credentials, there will be a chance for LoginModule to judge whether to attach or not,
it employ CallbackHandler to collect informations in the CallBacks. If the collected information is valid, it could do attach now(in LoginContext is commit).
 
2.Authorization && AccessControl
2.1 Concept
Permission defines what kind of actions on a target.
Permission = Permission Type + Target(permission effect on) + Action(Optional)  
Not a subject but principal is assigned to a permission(defined by policy).

 

Policy: defines which permission are granted to a given security context(principal).( Deploying time And RunTime
Authorization: binding permissions to princpals(policy)
Acess Control: access sensitive code employ AccessControler or Security Mananger to check subject have the right to access resources.
ProtectDomain: encapsulates a set of classes whose instances are granted a set of permissions when being executed on behalf of a given
                        set of Principals.
2.2 Acess Control Progress
 

3. Two Extensible Interface
  Subject -- Principals -- Permission: Jaas employs Pricipals to decouple the Subject and Principals.
 
  Configuration: support to dynamicly or staticly add/remove/edit LoginModules which attach pricipals to Subject.
                        It judges which pricipals a Subject could have.
 
   Policy: support to dynamicly or staticly add/remove permissions to a principal.
             It judges which permissions a principal could have.

4. JAAS in Tomcat
   Realm: as LoginModule, authenticate a user based on a username and password, adding “roles” to that user if authentication was successful.
             defined as Realm in server.xml  
   Role: as Principal, defined as security-role in web.xml  
   Authenticator: as access controller to take access control function. defined as login-config in web.xml.
               It look down security-constraint to check.
     
  
 
 
 
 
 

 

  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
资源包主要包含以下内容: ASP项目源码:每个资源包中都包含完整的ASP项目源码,这些源码采用了经典的ASP技术开发,结构清晰、注释详细,帮助用户轻松理解整个项目的逻辑和实现方式。通过这些源码,用户可以学习到ASP的基本语法、服务器端脚本编写方法、数据库操作、用户权限管理等关键技术。 数据库设计文件:为了方便用户更好地理解系统的后台逻辑,每个项目中都附带了完整的数据库设计文件。这些文件通常包括数据库结构图、数据表设计文档,以及示例数据SQL脚本。用户可以通过这些文件快速搭建项目所需的数据库环境,并了解各个数据表之间的关系和作用。 详细的开发文档:每个资源包都附有详细的开发文档,文档内容包括项目背景介绍、功能模块说明、系统流程图、用户界面设计以及关键代码解析等。这些文档为用户提供了深入的学习材料,使得即便是从零开始的开发者也能逐步掌握项目开发的全过程。 项目演示与使用指南:为帮助用户更好地理解和使用这些ASP项目,每个资源包中都包含项目的演示文件和使用指南。演示文件通常以视频或图文形式展示项目的主要功能和操作流程,使用指南则详细说明了如何配置开发环境、部署项目以及常见问题的解决方法。 毕业设计参考:对于正在准备毕业设计的学生来说,这些资源包是绝佳的参考材料。每个项目不仅功能完善、结构清晰,还符合常见的毕业设计要求和标准。通过这些项目,学生可以学习到如何从零开始构建一个完整的Web系统,并积累丰富的项目经验。
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值