sso与acegi

acegi为基于j2ee的企业应用提供了全面的安全解决方案，具有很好的使用性并且具有灵活的安全配置

(一) Introduction

layers of securiy 分层安全机制

可以直接打包到war or ear ，在新的目标环境中无需重新配置，可以带给我们很多有用的，完全客户化的安全特性

 安全包括两个操作："authentication" 认证 "authorization"授权

认证级别支持的第三方技术：

? HTTP BASIC authentication headers (an IEFT RFC-based standard)
? HTTP Digest authentication headers (an IEFT RFC-based standard)
? HTTP X.509 client certificate exchange (an IEFT RFC-based standard)
? LDAP (a very common approach to cross-platform authentication needs, especially in large
environments)
? Form-based authentication (for simple user interface needs)
? Computer Associates Siteminder
? JA-SIG Central Authentication Service (otherwise known as CAS, which is a popular open
source single sign on system)
? Transparent authentication context propagation for Remote Method Invocation (RMI) and
HttpInvoker (a Spring remoting protocol)
? Automatic "remember-me" authentication (so you can tick a box to avoid re-authentication for
a predetermined period of time)
? Anonymous authentication (allowing every call to automatically assume a particular security
identity)
? Run-as authentication (which is useful if one call should proceed with a different security
identity)
? Java Authentication and Authorization Service (JAAS)
Acegi Security 1.0.5 2
? Container integration with JBoss, Jetty, Resin and Tomcat (so you can still use Container
Manager Authentication if desired)
? Your own authentication systems (see below)

授权级别包含三方面主要的领域：

authorizing web requests，authorizing methods，authorizing access to
individual domain object instances

To help you understand the differences, consider the authorization
capabilities found in the Servlet Specification web pattern security, EJB Container Managed Security
and file system security respectively.

(二) Technical Overview

1 运行时环境：不需要添加配置文件到java运行时路径，不需要配置特殊的jaas policy file 或 acegi到类路径。

                           也不需要添加配置文件到ejb 或servlet 容器的server classloader;

1、采用何种方式结合比较简单