ISSN 
Implementation of Authentication and Authorization Based on JAAS and J2EE Web Container
-
摘要: 在Borland应用服务器的基础上,使用JAAS与J2EE Web容器内在的安全机制,并借助Oracle数据库的用户验证,实现了Web应用中对用户的验证和授权。把用户能访问到的资源控制到页面级,将开发阶段需要考虑的安全问题转移到部署阶段,实现了应用逻辑与安全逻辑的彻底分离。实践表明,使用JAAS可以提高整个系统的开发效率,而Web容器提供的验证与授权可以很好地和数据库安全域相结合。
-
关键词:
- 验证 /
- 授权 /
- JAAS /
- J2EE Web容器 /
- 安全
Abstract: To implement the authentication and authorization in a Web application based on Browser/Server model. JAAS and J2EE Web Container's security realm, combining with Oracle's self authentication, are used to authenticate and authorize users who want to access the Web application. The resources that a user can access are limited at Web page level and the security issue considered in development phase is moved to deployment. The business logic and rights management are isolated so that programmers are no need to write codes in each page to examine whether the user have rights to access it. The results show that using Java Authentication and Authorization Service (JAAS) can enhance the entire system's development efficiency and the security mechanism provided by Web Container can work with the database's security realm well.-
Keywords:
- authentication /
- authorization /
- JAAS /
- J2EE Web container /
- security
-
计量
- 文章访问数: 4482
- HTML全文浏览量: 127
- PDF下载量: 54
下载: