+设为首页 +添加到收藏夹
with the upcoming release of j2se 1.5, which includes a lot of enhancements to cryptography, xml security, public key infrastructure (pki), kerberos, and the federating identity, the jaas will play a more important role in j2ee security implementations.
overview of jaas
authenticationauthentication is the process of verifying that a user has the right to use identities established by the enterprise user registry. the authentication mechanism of jaas is built on a set of pluggable modules (see figure 1). jaas allows different authentication models to be plugged in at runtime. the client applications always interact with jaas through the logincontext object.
the authentication process typically involves the following steps: create a logincontext object. the logincontext looks up the configuration file to determine which loginmodule to use. also, optionally, you can pass a callbackhandler to the logincontext. perform authentication by calling the login method of logincontext, which loads the predefined loginmodule to check if the user can be authenticated. associate principals and credentials with the subject if the user is authenticated. or throw a loginexception in case login failed. use the logout method of logincontext to log out. the login in jaas is a two-phase process. the first phase is the "login" phase (as described in step 2). the only task in this phase is authentication. once the process successfully passes this phase, the authentication process enters the "commit" phase (step 3) in which the commit method of loginmodule is called to associate the relevant principals and credentials with the subject.
a subject in jaas represents an authenticated entity, such as
a person or device. it contains a set of principals and
security-related attributes such as a password and cryptographic
keys. in the jaas architecture, the subject, along with the
permission, plays an important role in the authorization pr... 下一页