摘要
在Borland应用服务器的基础上,使用JAAS与J2EEWeb容器内在的安全机制,并借助Oracle数据库的用户验证,实现了Web应用中对用户的验证和授权。把用户能访问到的资源控制到页面级,将开发阶段需要考虑的安全问题转移到部署阶段,实现了应用逻辑与安全逻辑的彻底分离。实践表明,使用JAAS可以提高整个系统的开发效率,而Web容器提供的验证与授权可以很好地和数据库安全域相结合。
To implement the authentication and authorization in a Web application based on Browser/Server model. JAAS and J2EE Web Container's security realm, combining with Oracle's self authentication, are used to authenticate and authorize users who want to access the Web application. The resources that a user can access are limited at Web page level and the security issue considered in development phase is moved to deployment. The business logic and rights management are isolated so that programmers are no need to write codes in each page to examine whether the user have rights to access it. The results show that using Java Authentication and Authorization Service (JAAS) can enhance the entire system's development efficiency and the security mechanism provided by Web Container can work with the database's security realm well.
出处
《电子科技大学学报》
EI
CAS
CSCD
北大核心
2007年第5期969-972,共4页
Journal of University of Electronic Science and Technology of China
基金
国家863/CIMS主题资助项目(2003AA411210)
