Guo Jia
Email: [Email protected]
Blog: http://blog.csdn.net/allenwells
Github:https://github.com/allenwell
In J2SE, the core classes and interfaces of the jars framework are distributed in the following packages:
- JAVAX.SECURITY.AUFH.: Contains the base classes and interfaces for authentication and authorization mechanisms.
- Javax.security.auth.callback: *: Contains classes and interfaces for defining authentication credentials for an app.
- Javax.security.auth.login.: Contains classes for logging in and exiting the application domain.
- Javax.security.auth.spi. *: Contains the interface used by the jars provider to implement the Jars module.
These classes and interfaces can be further divided into 3 categories: generic, authentication, and authorization. Some of the important classes and interfaces in these 3 classes are described below.
A general class 1.1 Javax.security.auth.Subject
Subject (Principal class, Javax.security.auth.Subject): Represents a group of related entities, such as individuals, organizations, or services that have a set of security credentials. Once certified, you can populate subject with relevant identities or principals and make authorization decisions based on subject.
1.2 Java.security.Security
Principal (Java.security.Security): An interface that represents an entity that has passed certification, such as individuals, organizations, and services.
Second Authentication Class 2.1 Javax.security.auth.login.LoginContext
Logncontext (Login Context class, Javax.security.auth.login.LoginContext): Provides the basic method of authentication subjects. Once the caller instantiates Logingontext, login context invokes the login method to authenticate the subject. In addition, it is responsible for loading the configuration and instantiating the appropriate loginntodulesa.
2.2 Javax.security.auth.login.LoginModule
Loganmodule (Login module class, Javax.security.auth.login.LoginModule): This interface is primarily provided for JAAS providers, allowing the jars provider to implement the authentication mechanism as a login module and insert it into the user. The login module plug-in application environment is designed to provide specific types of authentication. During the authentication process, each loginmodule is initialized with a subject, a callbackhandler, shared loginmodule status, and Login module-specific options. The login module uses CallbackHandler to communicate with the user. J2SE 1.4 provides many login modules, which are located in the Com.sun.security.auth.module package.
2.3 javax.security.auth.login.Configuration
Configuration (config class, javax.security.auth.login.Configuration): Represents the Login module configuration for a specific login application.
2.4 Javax.security.auth.login.CallbackHandler
CallbackHandler (Callback handler class, Javax.security.auth.login.CallbackHandler): Defines an interface that allows interaction with the user to obtain authentication-related data, such as user name an code, Biometric samples and smart card-based credentials. The application implements Callbackhandle: and passes it to Loingcontext, loingcontext forwards it directly to the underlying Loginmoduleo.
Three Authorized Class 3.1 Java.security.Policy
Policies (Policy class, Java.security.Policy): Represents a system-level access control policy that is used to authorize based on an authenticated principal.
3.2 javax.security.auth.AuthPermission
Authpernussion (Authorization class, javax.security.auth.AuthPermission): Encapsulates the basic permissions required for Jaas authorization, and controls the object policy, Subject; Access to LoginContext and configuration.
3.3 Javax.security.auth.PrivateCreclentialsPermission
Privatecredenti address Pang Xia Jia rission (private credential permission class, javax.security.auth.PrivateCreclentialsPermission): Encapsulates the permissions for private credentials that are used to access subject.
"Java Security Technology Exploration Path series: Java Extensible Security Architecture" XV: Jaas (ii): Jaas Classes and interfaces