摘要
通过深入研究JAAS安全认证机制,在J2EE Web系统中应用JAAS技术提供的动态、可插拔认证模型实现了用户身份的安全认证,即通过X.509数字证书和用户口令进行双重堆叠认证.在Tomcat服务器上配置实现了服务器与客户端之间的SSL双向认证,并通过建立HTTPS连接,以保护数据的安全传输,进一步提高了系统用户认证的安全性.
The paper studied the JAAS security authentication machanise intensively, found the dynamic and pluggable authentication module provided by JAAS technology could realize the user identity authentication security in the J2EE Web system, that is dual-stack authentication based on X. 509 digital certificate and password. By configuring the Tomcat server to achieve SSL bidirectional authentication between server and client and establishing the HTTPS connection to insure the security transmission of data, moreover which improve the user authentication security furtherly.
出处
《陕西科技大学学报(自然科学版)》
2011年第3期99-104,112,共7页
Journal of Shaanxi University of Science & Technology
关键词
JAAS安全机制
J2EE应用系统
身份认证
JAAS security mechanism
the J2EE application system
identity authentication
