堆栈内存溢出
  简体   繁体   English

用户登录Java - JAAS / JNDI / GSSAPI

[英]User Login in Java - JAAS/JNDI/GSSAPI

 原文  2008-10-24 05:48:21       java/ security

问题描述

What is the best way to design a user login mechanism using Java? 使用Java设计用户登录机制的最佳方法是什么? What are the best practices to be followed to architect a secure and robust login mechanism? 构建安全可靠的登录机制需要遵循哪些最佳实践?

What is the difference between JAAS, JNDI and GSSAPI? JAAS,JNDI和GSSAPI有什么区别? How do you decide which one to choose? 你如何决定选择哪一个?

3 个解决方案

解决方案1
 3  2008-10-24 06:36:31

Single sign on (SSO) is one of hte best practices. 单点登录(SSO)是最佳实践之一。 Using one set of credentials for authentication (not necessarily authorization) for a group of applications. 使用一组凭据进行一组应用程序的身份验证(不一定是授权)。 Sun's java based open source -- OpenSSO solution is available at https://opensso.dev.java.net/ . Sun的基于Java的开源 - OpenSSO解决方案可以在https://opensso.dev.java.net/上找到 This includes OpenDS, an open source LDAP server. 这包括OpenDS,一个开源LDAP服务器。

few things you need to consider is 你需要考虑的一些事情是
1) is it OK to let the user login simultaneously from multiple computers 1)让用户同时从多台计算机登录是否可以
2) how to mix authentication and authorization info in the same LDAP server 2)如何在同一LDAP服务器中混合身份验证和授权信息

Some patterns in this area can be obtained from the book : http://www.coresecuritypatterns.com/patterns.htm 这方面的一些模式可以从这本书中获得: http//www.coresecuritypatterns.com/patterns.htm

解决方案2
 0  2008-10-24 06:19:32

It depends on your user referential. 这取决于您的用户参考。

You need to be able to connect your login java module with that base. 您需要能够将登录java模块与该基础连接。 it is is LDAP, you might consider framework like OpenLDAP . 它是LDAP,您可以考虑像OpenLDAP这样的框架。

Plus you have to consider what is include in your "login" perimeter: It is is an "habilitation" login process, you need to have more that just the user name, but also other parameters helping your java module to grant him access (its group, which might be in LDAP, but also the kind of action he wants to make, in order to check if he has the required accreditation level) 此外,你必须考虑你的“登录”外围包含的内容:这是一个“habilitation”登录过程,你需要更多的只是用户名,还有其他参数帮助你的java模块授予他访问权限( group,可能在LDAP中,但也是他想要的行为,以检查他是否具有所需的认证级别)

解决方案3
 0  2008-10-24 13:18:28

I really like Spring Security . 我真的很喜欢Spring Security It's pretty easy to set up if you've got a Spring project, of course, but I've seen parts of it integrated into other implementations. 如果你有一个Spring项目,那么设置起来非常容易,但我已经看到它的一部分集成到其他实现中。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 了解和探索 JAAS-GSSAPI-JNDI 如何在幕后协同工作 - Understanding and exploring how JAAS-GSSAPI-JNDI work together behind the hood 通过JAAS以编程方式登录用户 - Login a user programmatically via JAAS 通过JAAS手动登录用户到JBoss WIldfly - Manually login user via JAAS into JBoss WIldfly GSSAPI之后(使用Kerberos身份验证),JNDI搜索不起作用 - JNDI search not working after GSSAPI (Authenticate with Kerberos) 使用 JAAS 登录模块注销 - Logout with JAAS login module Hawtio / Jaas ldap登录 - Hawtio/Jaas ldap login JAAS自定义登录模块 - JAAS custom login module JAVA和GSSAPI:清除缓存 - JAVA & GSSAPI: Clearing cache Java JSF应用程序,使用JAAS登录用户的动态角色 - Java JSF app, dynamic roles for logged user with JAAS JAAS错误:登录失败 - JAAS Error: Login failed
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM