[英]Is JAAS really required for authentication?
If this is one of the best ways to authenticate a user in Java EE 6. 如果这是在Java EE 6中验证用户身份的最佳方法之一。
Are there any good reasons to use JAAS in authentication/user login? 有没有充分的理由在身份验证/用户登录中使用JAAS? Talking about package:
谈论包装:
javax.security.auth
JAAS application to a simple webapp isn't trivial so that's why I'm asking. JAAS应用于一个简单的webapp并不是一件容易的事情,所以这就是我要问的原因。 Here is an example.
这是一个例子。
It might be needed for authorization anyways. 无论如何,可能需要授权。
If you're going to rely on the container to enforce authorization through the use of @RolesAllowed
annotations, then the answer is yes, you will need JAAS. 如果您将依靠容器通过使用
@RolesAllowed
注释来强制执行授权,那么答案是肯定的,您将需要JAAS。
As to whether it is complex or not, it really depends on the LoginModule
implementation that you'll be using. 至于它是否复杂,它实际上取决于您将使用的
LoginModule
实现。 Containers do come with LoginModule
implementations out of the box, especially to authenticate against identity stores like files, LDAP servers or databases. 容器确实带有开箱即用的
LoginModule
实现,尤其是对文件,LDAP服务器或数据库等身份存储进行身份验证。 If that is all you require, you could be using those instead of wiring up your own implementation. 如果这就是您所需要的,那么您可以使用它们而不是连接您自己的实现。
If you really want to write a LoginModule
like Antonio Goncalves has done, you'll need to understand the role of a LoginModule
and JAAS. 如果你真的想写一个类似Antonio Goncalves的
LoginModule
,你需要了解LoginModule
和JAAS的作用。 His module uses the CustomerService
built into his app during the authentication process. 他的模块在身份验证过程中使用内置于其应用程序中的
CustomerService
。 The module simply looks up the CustomerService
bean through the CDI BeanManager
and delegates all authentication requests to the findCustomer(username, password)
method. 该模块只是通过CDI
BeanManager
查找CustomerService
bean,并将所有身份验证请求委托给findCustomer(username, password)
方法。 A LoginException
is thrown if no customer is found for the provided credentials. 如果找不到提供的凭据的客户,则抛出
LoginException
。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.