1. Security-related concepts
Recognition (identification) is the process of recognizing an entity in the system.
Authentication (authentication) is the process of verifying an entity's identity in the system.
Authorization (Authorizatioin), also known as access control, controls the access of an entity to resources in the system.
Realm is the security policy domain defined in the server. A realm defines a user, a user group, and the relationships between them.
Role is the general designation of the license to access certain resources defined in the application.
Principal is a system authentication and authorization of an entity, is the user in the System agent.
Credential has a set of security-related attributes that are used to authenticate a specific principal with certain role (access to the corresponding resource).
Security mechanism provided by 2.Java SE (abbreviated)
Java authentication and Authorization Service (JAAS)
javageneric Security Services (Java Gss-api)
javacryptography Extension (JCE)
javasecure Sockets Extension (JSSE)
simpleauthentication and Security Layer (SASL)
3. Java EE-Provided security mechanisms
The security mechanism of Java EE is based on the security mechanism provided by the Java SE. On this basis, the Java EE container is responsible for the application security in the following two ways:
Declarative security declaration security through a deployment descriptor or annotation in code
Code-Safe
Often a complement to declarative security, the method of calling the Javax.ejb.EJBContext interface in code or the method of the Javax.servlet.http.HttpServletRequest interface is implemented.