⭐ 欢迎来到虫虫下载站! | 📦 资源下载 📁 资源专辑 ℹ️ 关于我们
⭐ 虫虫下载站
📤 上传资源

📄 ch12s68.html

📁 详细介绍了jboss3.0的配置等
💻 HTML
字号:
🔍 
<html><head>
      <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
   <title>Security</title><link rel="stylesheet" href="styles.css" tppabs="http://www.huihoo.org/jboss/online_manual/3.0/styles.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets Vimages/callouts/"><link rel="home" href="index.html" tppabs="http://www.huihoo.org/jboss/online_manual/3.0/index.html" title="JBoss 3.0 Documentation"><link rel="up" href="ch12.html" tppabs="http://www.huihoo.org/jboss/online_manual/3.0/ch12.html" title="Chapter 12. Container architecture - design notes"><link rel="previous" href="ch12s63.html" tppabs="http://www.huihoo.org/jboss/online_manual/3.0/ch12s63.html" title=" Transaction support "><link rel="next" href="ch12s72.html" tppabs="http://www.huihoo.org/jboss/online_manual/3.0/ch12s72.html" title="Tracing the call through container"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><table border="0" cellpadding="0" cellspacing="0" height="65"><tr height="65"><td rowspan="2"><img src="jboss.gif" tppabs="http://www.huihoo.org/jboss/online_manual/3.0/jboss.gif" border="0"></td><td rowspan="2" background="gbar.gif" tppabs="http://www.huihoo.org/jboss/online_manual/3.0/gbar.gif" width="100%" align="right" valign="top"><a href="index.html" tppabs="http://www.huihoo.org/jboss/online_manual/3.0/index.html"><img src="doc.gif" tppabs="http://www.huihoo.org/jboss/online_manual/3.0/doc.gif" border="0"></a><a href="ch12.html" tppabs="http://www.huihoo.org/jboss/online_manual/3.0/ch12.html"><img src="toc.gif" tppabs="http://www.huihoo.org/jboss/online_manual/3.0/toc.gif" border="0"></a><a href="ch12s63.html" tppabs="http://www.huihoo.org/jboss/online_manual/3.0/ch12s63.html"><img src="prev.gif" tppabs="http://www.huihoo.org/jboss/online_manual/3.0/prev.gif" border="0"></a><a href="ch12s72.html" tppabs="http://www.huihoo.org/jboss/online_manual/3.0/ch12s72.html"><img src="next.gif" tppabs="http://www.huihoo.org/jboss/online_manual/3.0/next.gif" border="0"></a></td></tr><tr></tr></table><div class="section"><a name="d0e8668"></a><div class="titlepage"><div><h2 class="title" style="clear: both"><a name="d0e8668"></a>Security</h2></div></div><div class="section"><a name="d0e8671"></a><div class="titlepage"><div><h3 class="title"><a name="d0e8671"></a>Authentication - checking credentials</h3></div></div><p>
				<tt>Credential</tt> is an object that the client supplies to
authenticate himself to the
      system. <tt>Credential</tt> might be a password, a digital
signature, or another identifier.
      It might also be a wrapper of that credential to indicate that the jboss
      server trusts the invoker about the principal and no authentication is
      necessary (e.g. for in-VM invocations, or invocations from a web
      container).</p><p>The authentication interface is:</p><p>
				<pre class="programlisting">public interface org.jboss.system.SecurityManager
      {
              public boolean isValid( Principal principal,
                                      Object credential );
      }</pre>
			</p><p>Judgments about validity are based on the<tt>Principal</tt> class type,
      <tt>Principal</tt> name, and credential. Typically, one
implementation
      exists per security realm.</p><p>The security manager implementation is registered in the JNDI
      namespace as "SecurityManager." and is shared between containers.
      This system level implementation would only delegate to the realm-level
      implementations to see if the Principal/credential pair were
      valid.</p></div><div class="section"><a name="d0e8699"></a><div class="titlepage"><div><h3 class="title"><a name="d0e8699"></a>Authorization - checking access to resources</h3></div></div><p>Authorization interface is defined as follows:</p><p>
				<pre class="programlisting">public interface RealmMapping
      {
              public boolean doesUserHaveRole( Principal principal,
                                               Set roleNames );
      }</pre>
			</p><p>A <tt>RealmMapping</tt> describes a relation between a
list of principals,
      and a set of roles assigned to each principal.  Unlike
      SecurityManagers, RealmMappings are specific to a particular
      J2EE application.  So the relationship is the following:
      J2EE app has many realms, a realm has many principals,
      and a principal has many roles.</p><p>The <tt>RealmMapping</tt> interface is used in
conjunction with the
      authorization information in the EJB 1.1 or 2.0 deployment
      descriptor.  It is also used for the implementation of
      <tt>isCallerInRole</tt> call. Set of roleNames would have
only one role in
      that case.</p><p>A <tt>CacheRealmMapping</tt> is a "meta-level"
implementation of
      RealmMapping that handles lists of realms for a particular J2EE
      application.  It is called <tt>CacheRealmMapping</tt>because we cache
      information about a particular principal if access to the
      persistent mapping is expensive.</p></div><div class="section"><a name="d0e8730"></a><div class="titlepage"><div><h3 class="title"><a name="d0e8730"></a>SecurityInterceptor</h3></div></div><p>The <tt>SecurityInterceptor's</tt> first task would be
to use the
      SecurityManager to authenticate the <tt>Principal</tt>,
based on the
      credential available in <tt>MethodInvocation</tt>.</p><p>Then, <tt>SecurityInterceptor</tt>, given a method that
has to be invoked,
      retrieves methodPermissions (set of roles) from the container and checks
      if caller's principal has any of those retreived roles.</p></div></div><table border="0" cellpadding="0" cellspacing="0" height="65"><tr height="65"><td rowspan="2"><img src="gbar.gif" tppabs="http://www.huihoo.org/jboss/online_manual/3.0/gbar.gif" width="432" height="79"></td><td rowspan="2" background="gbar.gif" tppabs="http://www.huihoo.org/jboss/online_manual/3.0/gbar.gif" width="100%" align="right" valign="top"><a href="index.html" tppabs="http://www.huihoo.org/jboss/online_manual/3.0/index.html"><img src="doc.gif" tppabs="http://www.huihoo.org/jboss/online_manual/3.0/doc.gif" border="0"></a><a href="ch12.html" tppabs="http://www.huihoo.org/jboss/online_manual/3.0/ch12.html"><img src="toc.gif" tppabs="http://www.huihoo.org/jboss/online_manual/3.0/toc.gif" border="0"></a><a href="ch12s63.html" tppabs="http://www.huihoo.org/jboss/online_manual/3.0/ch12s63.html"><img src="prev.gif" tppabs="http://www.huihoo.org/jboss/online_manual/3.0/prev.gif" border="0"></a><a href="ch12s72.html" tppabs="http://www.huihoo.org/jboss/online_manual/3.0/ch12s72.html"><img src="next.gif" tppabs="http://www.huihoo.org/jboss/online_manual/3.0/next.gif" border="0"></a></td></tr><tr></tr></table></body></html>

⌨️ 快捷键说明

复制代码 Ctrl + C
搜索代码 Ctrl + F
全屏模式 F11
切换主题 Ctrl + Shift + D
显示快捷键 ?
增大字号 Ctrl + =
减小字号 Ctrl + -