堆栈内存溢出
  简体   繁体   English

核心Java应用程序中的安全身份验证和授权

[英]Secure Authentication and Authorization in core Java Application

 原文  2014-05-03 13:00:37       java/ swing/ authentication/ authorization/ jaas

问题描述

I asked this question two days before and I got no answer, thats why I am posting this question again. 两天前我问了这个问题而我没有回答,这就是我再次发布这个问题的原因。 Please try to help, 请尽力帮忙,

I am developing a core java application which works with file system most. 我正在开发一个最适合文件系统的核心java应用程序。 But I am stuck with one question. 但我坚持一个问题。 How to provide secure Authentication and Authorization to my application. 如何为我的应用程序提供安全的身份验证和授权。 The basic thing comes in my mind is either Singleton or Factory Pattern. 在我看来,基本的东西是Singleton或Factory Pattern。 I have heard about two more API's which is 我听说过两个以上的API

JAAS - Java Authentication and Authorization Service JAAS - Java身份验证和授权服务
JCA - Java Cryptography Architecture JCA - Java密码体系结构

But I am not aware of these two API's and also that whether they support to core Java or not. 但我不知道这两个API以及它们是否支持核心Java。 So I have some final question which is, 所以我有一些最后的问题,

Q1. Q1。 Do I need to implement JAAS/JCA to make Authentication and Authorization secure? 我是否需要实施JAAS / JCA以确保身份验证和授权安全?
Q2. Q2。 OR any design pattern can solve my this Authentication and Authorization issue? 或任何设计模式可以解决我的身份验证和授权问题?
Q3. Q3。 OR there can any other simpler way to do this? 或者还有其他更简单的方法吗?

Some Information related to my project:- It is a bank project which should perform file reconciliation(ie checking of two different files, so that they contain proper report or not). 与我的项目相关的一些信息: - 这是一个银行项目,应该执行文件协调(即检查两个不同的文件,以便它们包含或不包含正确的报告)。
UI - Swing UI - Swing
Business logic - core java 业务逻辑 - 核心java
DB - Oracle DB - Oracle

If anyone finds any issue in this question please try to correct. 如果有人在此问题中发现任何问题,请尝试纠正。

1 个解决方案

解决方案1
 2 已采纳  2014-05-03 13:43:33

But I am not aware of these two API's and also that whether they support to core Java or not. 但我不知道这两个API以及它们是否支持核心Java。

  1. There is lots of information on the Web on these APIs. Web上有很多关于这些API的信息。 JAAS is more directly relevant to your problem. JAAS与您的问题更直接相关。

  2. JCA and JAAS APIs are part of Java SE class library. JCA和JAAS API是Java SE类库的一部分。

So I have some final question which is, 所以我有一些最后的问题,

Q1. Q1。 Do I need to implement JAAS/JCA to make Authentication and Authorization secure? 我是否需要实施JAAS / JCA以确保身份验证和授权安全?

Not necessarily. 不必要。 There are lots of other ways to implement authentication and authorization that do not involve JAAS or (directly) JCA. 有许多其他方法可以实现不涉及JAAS或(直接)JCA的身份验证和授权。

Q2. Q2。 OR any design pattern can solve my this Authentication and Authorization issue? 或任何设计模式可以解决我的身份验证和授权问题?

Erm ... no. 呃......不。

Q3. Q3。 OR there can any other simpler way to do this? 或者还有其他更简单的方法吗?

There are lots of alternatives, especially if you are talking about securing a web-based service. 有很多替代方案,特别是如果您正在讨论保护基于Web的服务。 Whether they are simpler depends on what your actual requirements are. 它们是否更简单取决于您的实际要求。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 通过Java应用程序使用Apache进行证书认证和授权 - Certificate Authentication and Authorization with Apache from a Java Application 多帐户Web应用程序中的Java Spring身份验证,授权和所有权 - Java Spring Authentication, Authorization, and Ownership in multiple accounts web application Java中的安全LDAP认证 - Secure LDAP Authentication in Java 使用Java进行安全的用户身份验证 - Secure User Authentication with Java Java身份验证和授权 - Java Authentication and Authorization Java Web身份验证和授权 - Java Web Authentication and Authorization JSF Web应用程序中的身份验证/授权? - Authentication / Authorization in JSF web application? 创建安全的Java应用程序 - Creating secure java application Java安全套接字无需身份验证? - java secure socket without authentication? Java安全应用程序关闭 - Java secure application closing
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM