首页 | 本学科首页   官方微博 | 高级检索  
     

基于JAAS和J2EE Web容器的验证与授权
引用本文:姜伟,杜平安,李磊. 基于JAAS和J2EE Web容器的验证与授权[J]. 电子科技大学学报(社会科学版), 2007, 0(5)
作者姓名:姜伟  杜平安  李磊
作者单位:电子科技大学机械电子工程学院 成都610054
基金项目:国家863/CIMS主题资助项目(2003AA411210)
摘    要:在Borland应用服务器的基础上,使用JAAS与J2EEWeb容器内在的安全机制,并借助Oracle数据库的用户验证,实现了Web应用中对用户的验证和授权。把用户能访问到的资源控制到页面级,将开发阶段需要考虑的安全问题转移到部署阶段,实现了应用逻辑与安全逻辑的彻底分离。实践表明,使用JAAS可以提高整个系统的开发效率,而Web容器提供的验证与授权可以很好地和数据库安全域相结合。

关 键 词:验证  授权  JAAS  J2EEWeb容器  安全

Implementation of Authentication and Authorization Based on JAAS and J2EE Web Container
JIANG Wei,DU Ping-an,LI Lei. Implementation of Authentication and Authorization Based on JAAS and J2EE Web Container[J]. Journal of University of Electronic Science and Technology of China(Social Sciences Edition), 2007, 0(5)
Authors:JIANG Wei  DU Ping-an  LI Lei
Abstract:To implement the authentication and authorization in a Web application based on Browser/Server model. JAAS and J2EE Web Container's security realm, combining with Oracle's self authentication, are used to authenticate and authorize users who want to access the Web application. The resources that a user can access are limited at Web page level and the security issue considered in development phase is moved to deployment. The business logic and rights management are isolated so that programmers are no need to write codes in each page to examine whether the user have rights to access it. The results show that using Java Authentication and Authorization Service (JAAS) can enhance the entire system's development efficiency and the security mechanism provided by Web Container can work with the database's security realm well.
Keywords:authentication  authorization  JAAS  J2EE Web container  security
本文献已被 CNKI 等数据库收录!
设为首页 | 免责声明 | 关于勤云 | 加入收藏

Copyright©北京勤云科技发展有限公司  京ICP备09084417号