ch09s15.html

详细介绍了jboss3.0的配置等

<html><head>
      <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
   <title>The Secure Remote Password(SRP) Protocol</title><link rel="stylesheet" href="styles.css" tppabs="http://www.huihoo.org/jboss/online_manual/3.0/styles.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets Vimages/callouts/"><link rel="home" href="index.html" tppabs="http://www.huihoo.org/jboss/online_manual/3.0/index.html" title="JBoss 3.0 Documentation"><link rel="up" href="ch09.html" tppabs="http://www.huihoo.org/jboss/online_manual/3.0/ch09.html" title="Chapter 9. JBossSX Security Extension Framework"><link rel="previous" href="ch09s09.html" tppabs="http://www.huihoo.org/jboss/online_manual/3.0/ch09s09.html" title="The JBossSX Default Security Manager: JaasSecurityManager"><link rel="next" href="ch09s17.html" tppabs="http://www.huihoo.org/jboss/online_manual/3.0/ch09s17.html" title="Custom LoginModules"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><table border="0" cellpadding="0" cellspacing="0" height="65"><tr height="65"><td rowspan="2"><img src="jboss.gif" tppabs="http://www.huihoo.org/jboss/online_manual/3.0/jboss.gif" border="0"></td><td rowspan="2" background="gbar.gif" tppabs="http://www.huihoo.org/jboss/online_manual/3.0/gbar.gif" width="100%" align="right" valign="top"><a href="index.html" tppabs="http://www.huihoo.org/jboss/online_manual/3.0/index.html"><img src="doc.gif" tppabs="http://www.huihoo.org/jboss/online_manual/3.0/doc.gif" border="0"></a><a href="ch09.html" tppabs="http://www.huihoo.org/jboss/online_manual/3.0/ch09.html"><img src="toc.gif" tppabs="http://www.huihoo.org/jboss/online_manual/3.0/toc.gif" border="0"></a><a href="ch09s09.html" tppabs="http://www.huihoo.org/jboss/online_manual/3.0/ch09s09.html"><img src="prev.gif" tppabs="http://www.huihoo.org/jboss/online_manual/3.0/prev.gif" border="0"></a><a href="ch09s17.html" tppabs="http://www.huihoo.org/jboss/online_manual/3.0/ch09s17.html"><img src="next.gif" tppabs="http://www.huihoo.org/jboss/online_manual/3.0/next.gif" border="0"></a></td></tr><tr></tr></table><div class="section"><a name="sx.SRP"></a><div class="titlepage"><div><h2 class="title" style="clear: both"><a name="sx.SRP"></a>The Secure Remote Password(SRP) Protocol</h2></div></div><p>The SRP protocol is an implementation of a public key exchange handshake described in RFC2945. The RFC2945 abstract states: &#8220;This document describes a cryptographically strong network authentication mechanism known as the Secure Remote Password (SRP) protocol. This mechanism is suitable for negotiating secure connections using a user-supplied password, while eliminating the security problems traditionally associated with reusable passwords. This system also performs a secure key exchange in the process of authentication, allowing security layers (privacy and/or integrity protection) to be enabled during the session. Trusted key servers and certificate infrastructures are not required, and clients are not required to store or manage any long-term keys. SRP offers both security and deployment advantages over existing challenge-response techniques, making it an ideal drop-in replacement where secure password authentication is needed.&#8221;
		</p><p>SRP is similar in concept and security to other public key exchange algorithms like Diffie-Hellman and RSA.  It does this using a simple passwords in a way that does not require a clear text password to exist on the server. This is in contrast to requiring client certificates and the corresponds certificate management infrastructure.</p><p>The JBossSX framework includes an implementation of SRP that consists of the following elements:</p><div class="itemizedlist"><ul><li><p><a name="d0e6421"></a>An implementation of the SRP handshake protocol that is independent of any particular client/server protocol</p></li><li><p><a name="d0e6424"></a>An RMI implementation of the handshake protocol as the default client/server SRP implementation</p></li><li><p><a name="d0e6427"></a>A client side JAAS LoginModule implementation that uses the RMI implimentation for use in authenticating clients in a secure fashion</p></li><li><p><a name="d0e6430"></a>A JMX MBean for managing the RMI server implementation. The mbean allows the RMI server implementation to be plugged into a JMX framework and externalizes the configuration of the verification information store. It also establishes a authentication cache that is bound into the JBoss server JNDI namespace.</p></li><li><p><a name="d0e6433"></a>A server side JAAS LoginModule implementation that uses the authentication cache managed by the SRP JMX MBean.</p></li></ul></div><p>
			<a href="ch09s15.html#sx.SRP.diagram" tppabs="http://www.huihoo.org/jboss/online_manual/3.0/ch09s15.html#sx.SRP.diagram" title="Figure 9.7. Components of the SRP Client-Server Framework">Figure 9.7</a> gives a diagram of the key components involved in the SRP client/server framework.</p><div class="figure"><p><a name="sx.SRP.diagram"></a><b>Figure 9.7. Components of the SRP Client-Server Framework</b></p><div class="mediaobject"><img src="SRPComponents.gif" tppabs="http://www.huihoo.org/jboss/online_manual/3.0/SRPComponents.gif"></div></div><div class="section"><a name="sx.Configuring.SRP"></a><div class="titlepage"><div><h3 class="title"><a name="sx.Configuring.SRP"></a>Configuring SRP</h3></div></div><p>Configuring JBoss to enable the use of the SRP implementation consists of:</p></div></div><table border="0" cellpadding="0" cellspacing="0" height="65"><tr height="65"><td rowspan="2"><img src="gbar.gif" tppabs="http://www.huihoo.org/jboss/online_manual/3.0/gbar.gif" width="432" height="79"></td><td rowspan="2" background="gbar.gif" tppabs="http://www.huihoo.org/jboss/online_manual/3.0/gbar.gif" width="100%" align="right" valign="top"><a href="index.html" tppabs="http://www.huihoo.org/jboss/online_manual/3.0/index.html"><img src="doc.gif" tppabs="http://www.huihoo.org/jboss/online_manual/3.0/doc.gif" border="0"></a><a href="ch09.html" tppabs="http://www.huihoo.org/jboss/online_manual/3.0/ch09.html"><img src="toc.gif" tppabs="http://www.huihoo.org/jboss/online_manual/3.0/toc.gif" border="0"></a><a href="ch09s09.html" tppabs="http://www.huihoo.org/jboss/online_manual/3.0/ch09s09.html"><img src="prev.gif" tppabs="http://www.huihoo.org/jboss/online_manual/3.0/prev.gif" border="0"></a><a href="ch09s17.html" tppabs="http://www.huihoo.org/jboss/online_manual/3.0/ch09s17.html"><img src="next.gif" tppabs="http://www.huihoo.org/jboss/online_manual/3.0/next.gif" border="0"></a></td></tr><tr></tr></table></body></html>