摘要
利用JAAS安全模块,以JBOSS作为应用平台,并借助MySQL数据库中的用户信息,实现了Web应用中用户的身份验证及授权,提高了Web程序的安全性.在J2EE环境下JAAS的验证可采用容器提供的多种方式,并可实现单点登录,其授权由相应配置文件指定,可在布署阶段完成,这种灵活的机制降低了Web程序的应用逻辑与安全逻辑的耦合性、提高了系统的开发效率、增强了系统的维护性.
By using the JAAS security model, making JBOSS as the application platform and by means of the user's information in the MySQL database, the identity authentication and authorization of the user in the Web application is realized and the security of the Web application is enh- anced. In the J2EE environments, some kinds of methods provided by the web container can be used to authenticate, and the SSO (single sign on) can also be realized. The authentication in J2EE is based on the configuration file, which could be created in the deployment phase. The coup- ling of business logic and security logic in web program is reduced by the flexible mechanism, the system's development efficiency and maintainability is also enhanced.
出处
《江汉大学学报(自然科学版)》
2009年第4期60-63,74,共5页
Journal of Jianghan University:Natural Science Edition
基金
盐城师范学院科研项目(05YCKW1067)
