没有合适的资源?快使用搜索试试~ 我知道了~
温馨提示
试读
95页
Acegi Security provides a comprehensive security solution for J2EE-based enterprise software applications. As you will discover as you venture through this reference guide, we have tried to provide you a useful and highly configurable security system.
资源详情
资源评论
资源推荐
Acegi Security
Reference Documentation
1.0.7
Ben Alex
Table of Contents
Preface ............................................................................................................................................v
I. Overall Architecture ...................................................................................................................1
1. Introduction ........................................................................................................................2
1.1. What is Acegi Security? ..........................................................................................2
1.2. History .....................................................................................................................3
1.3. Release Numbering .................................................................................................4
2. Technical Overview ...........................................................................................................5
2.1. Runtime Environment .............................................................................................5
2.2. Shared Components ................................................................................................5
2.3. Authentication .........................................................................................................7
2.4. Secure Objects ........................................................................................................9
2.5. Conclusion ............................................................................................................11
3. Supporting Infrastructure .................................................................................................12
3.1. Localization ...........................................................................................................12
3.2. Filters ....................................................................................................................13
4. Channel Security ..............................................................................................................16
4.1. Overview ...............................................................................................................16
4.2. Configuration ........................................................................................................16
4.3. Conclusion ............................................................................................................17
5. Tag Libraries ....................................................................................................................19
5.1. Overview ...............................................................................................................19
5.2. Configuration ........................................................................................................19
5.3. Usage .....................................................................................................................19
II. Authentication .........................................................................................................................20
6. Common Authentication Services ...................................................................................21
6.1. Mechanisms, Providers and Entry Points .............................................................21
6.2. UserDetails and Associated Types ........................................................................23
6.2.1. In-Memory Authentication ........................................................................24
6.2.2. JDBC Authentication .................................................................................25
6.3. Concurrent Session Handling ...............................................................................25
6.4. Authentication Tag Libraries ................................................................................26
7. DAO Authentication Provider .........................................................................................27
7.1. Overview ...............................................................................................................27
7.2. Configuration ........................................................................................................27
8. Java Authentication and Authorization Service (JAAS) Provider ...................................29
8.1. Overview ...............................................................................................................29
8.2. Configuration ........................................................................................................29
8.2.1. JAAS CallbackHandler ..............................................................................29
8.2.2. JAAS AuthorityGranter .............................................................................30
9. Siteminder Authentication Mechanism ............................................................................31
9.1. Overview ...............................................................................................................31
9.2. Configuration ........................................................................................................31
10. Run-As Authentication Replacement ............................................................................33
10.1. Overview .............................................................................................................33
10.2. Configuration ......................................................................................................33
11. Form Authentication Mechanism ..................................................................................35
11.1. Overview .............................................................................................................35
Acegi Security 1.0.7 ii
11.2. Configuration ......................................................................................................35
12. BASIC Authentication Mechanism ...............................................................................36
12.1. Overview .............................................................................................................36
12.2. Configuration ......................................................................................................36
13. Digest Authentication ....................................................................................................37
13.1. Overview .............................................................................................................37
13.2. Configuration ......................................................................................................38
14. Anonymous Authentication ...........................................................................................39
14.1. Overview .............................................................................................................39
14.2. Configuration ......................................................................................................39
15. Remember-Me Authentication .......................................................................................41
15.1. Overview .............................................................................................................41
15.2. Configuration ......................................................................................................41
16. X509 Authentication ......................................................................................................43
16.1. Overview .............................................................................................................43
16.2. Using X509 with Acegi Security ........................................................................43
16.3. Configuration ......................................................................................................44
17. LDAP Authentication ....................................................................................................45
17.1. Overview .............................................................................................................45
17.2. Using LDAP with Acegi Security .......................................................................45
17.2.1. LdapAuthenticator Implementations .......................................................45
17.2.2. Connecting to the LDAP Server ..............................................................46
17.2.3. LDAP Search Objects ..............................................................................46
17.3. Configuration ......................................................................................................47
18. CAS Authentication .......................................................................................................48
18.1. Overview .............................................................................................................48
18.2. How CAS Works ................................................................................................48
18.3. Optional CAS Server Setup ................................................................................51
18.3.1. CAS Version 2.0 ......................................................................................51
18.3.2. CAS Version 3.0 ......................................................................................52
18.4. Configuration of CAS Client ..............................................................................53
18.5. Advanced Issues ..................................................................................................56
19. Container Adapter Authentication .................................................................................57
19.1. Overview .............................................................................................................57
19.2. Adapter Authentication Provider ........................................................................57
19.3. Jetty .....................................................................................................................58
19.4. JBoss ...................................................................................................................59
19.5. Resin ...................................................................................................................60
19.6. Tomcat ................................................................................................................61
III. Authorization .........................................................................................................................63
20. Common Authorization Concepts ..................................................................................64
20.1. Authorities ...........................................................................................................64
20.2. Pre-Invocation Handling .....................................................................................64
20.3. After Invocation Handling ..................................................................................67
20.3.1. ACL-Aware AfterInvocationProviders ....................................................68
20.3.2. ACL-Aware AfterInvocationProviders (old ACL module) .....................69
20.4. Authorization Tag Libraries ................................................................................69
21. Secure Object Implementations .....................................................................................71
21.1. AOP Alliance (MethodInvocation) Security Interceptor ....................................71
21.2. AspectJ (JoinPoint) Security Interceptor ............................................................73
21.3. FilterInvocation Security Interceptor ..................................................................75
22. Domain Object Security .................................................................................................78
Acegi Security
Acegi Security 1.0.7 iii
22.1. Overview .............................................................................................................78
22.2. Key Concepts ......................................................................................................79
23. Domain Object Security (old ACL module) ..................................................................80
23.1. Overview .............................................................................................................80
23.2. Basic ACL Package ............................................................................................81
IV. Other Resources .....................................................................................................................87
24. Sample Applications ......................................................................................................88
24.1. Contacts ...............................................................................................................88
24.2. Tutorial Sample ...................................................................................................89
25. Community Support .......................................................................................................90
25.1. Use JIRA for Issue Tracking ...............................................................................90
25.2. Becoming Involved .............................................................................................90
25.3. Further Information .............................................................................................90
Acegi Security
Acegi Security 1.0.7 iv
Preface
Acegi Security provides a comprehensive security solution for J2EE-based enterprise software
applications. As you will discover as you venture through this reference guide, we have tried to
provide you a useful and highly configurable security system.
Security is an ever-moving target, and it's important to pursue a comprehensive, system-wide
approach. In security circles we encourage you to adopt "layers of security", so that each layer tries to
be as secure as possible in its own right, with successive layers providing additional security. The
"tighter" the security of each layer, the more robust and safe your application will be. At the bottom
level you'll need to deal with issues such as transport security and system identification, in order to
mitigate man-in-the-middle attacks. Next you'll generally utilise firewalls, perhaps with VPNs or IP
security to ensure only authorised systems can attempt to connect. In corporate environments you may
deploy a DMZ to separate public-facing servers from backend database and application servers. Your
operating system will also play a critical part, addressing issues such as running processes as
non-privileged users and maximising file system security. An operating system will usually also be
configured with its own firewall. Hopefully somewhere along the way you'll be trying to prevent
denial of service and brute force attacks against the system. An intrusion detection system will also be
especially useful for monitoring and responding to attacks, with such systems able to take protective
action such as blocking offending TCP/IP addresses in real-time. Moving to the higher layers, your
Java Virtual Machine will hopefully be configured to minimize the permissions granted to different
Java types, and then your application will add its own problem domain-specific security configuration.
Acegi Security makes this latter area - application security - much easier.
Of course, you will need to properly address all security layers mentioned above, together with
managerial factors that encompass every layer. A non-exhaustive list of such managerial factors
would include security bulletin monitoring, patching, personnel vetting, audits, change control,
engineering management systems, data backup, disaster recovery, performance benchmarking, load
monitoring, centralised logging, incident response procedures etc.
With Acegi Security being focused on helping you with the enterprise application security layer, you
will find that there are as many different requirements as there are business problem domains. A
banking application has different needs from an ecommerce application. An ecommerce application
has different needs from a corporate sales force automation tool. These custom requirements make
application security interesting, challenging and rewarding.
This reference guide has been largely restructured for the 1.0.0 release of Acegi Security. Please read
Part I, Overall Architecture, in its entirety. The remaining parts of the reference guide are structured in
a more traditional reference style, designed to be read on an as-required basis.
We hope that you find this reference guide useful, and we welcome your feedback and suggestions.
Finally, welcome to the Acegi Security community.
Acegi Security 1.0.7 v
剩余94页未读,继续阅读
alcorluna
- 粉丝: 1
- 资源: 21
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功
评论0