理解Subjects Principals and Credentials

馃挩馃巿

馃挩馃巿

2016-02-19 14:15

get新技能是需要付出行动的,即使看得再多也还是要动手试一试。今天图老师小编跟大家分享的是理解Subjects Principals and Credentials,一起来学习了解下吧!

  摘自:Inside Java 2 Platform Security - 2nd Ed,published by Addison Wesley,2003
  
  8.4.1 Subjects and Principals
  Users often depend on computing services to assist them in performing work. Furthermore, services themselves might subsequently interact with other services.

(本文来源于图老师网站,更多请访问http://m.tulaoshi.com/bianchengyuyan/)

  JAAS uses the term subject to refer to a system entity, sUCh as a user or a computing service.
  JAAS用术语subject来表示系统实体,比如一个用户或者一个计算服务。

  To identify the subjects with which it interacts, a computing service typically relies on names. However, a subject might not have the same name for each service and, in fact, may even have a different name for each individual service.
  服务通常以来名字来标识那些和它交互的subject.然而一个subject一般不会用同一个名字面向每个服务,实际上,甚至subject会用各不相同的名字面向每个服务。

  The term principal represents a name associated with a subject [71]. Because a subject may have multiple names, potentially one for each service with which it interacts, a subject in JAAS comprises a set of principals.
  术语principal表示和一个subject关联的名字。因为一个subject可以有多个名字,以便和不同的服务交互时采用不同的名字,一个subject由一组principal组成。

  Once a subject is authenticated, an instance of javax.security.auth.Subject is created to represent that subject and is populated with objects that implement the java.security.Principal interface.
  一旦subject通过了认证,系统就会生成一个javax.security.auth.Subject的实例来表示该subject,并且加入一些实现java.security.Principal接口的对象到Subject实例中。

(本文来源于图老师网站,更多请访问http://m.tulaoshi.com/bianchengyuyan/)

  Authentication represents the process by which one system entity verifies the identity of another and must be performed in a secure fashion; otherwise, an intruder may impersonate others to gain Access to a system.
  认证就是一个系统实体验证另一个实体的身份的过程,并且必须在安全的方式下进行;否则入侵者就会伪装成别的实体进入系统。

  Authentication typically involves the subject demonstrating possession of some form of evidence to prove its identity. Such evidence may be information only the subject would be likely to know or have, such as a passWord or smart card, or that only the subject could produce, such as signed data using a private key.
  认证时,通常是一个subject出示其某种证据来证实它的身份。这些证据可以是这个subject知道或者拥有的信息,比如密码或者智能卡。。。

  When it attempts to authenticate to a service, a subject typically provides the proof of its identity along with its name. If the authentication attempt succeeds, the service associates a service-specific Principal, using the given name, with the Subject. Applications and services can determine the identity of the Subject simply by referencing the relevant Principal associated with that Subject.
  当它试图通过某个服务的认证时,subject通常随它的名字一起提供它身份的证实。假如认证通过了,服务会将一个特属于该服务的Principal和Subject关联,名字和subject请求认证时的名字相同。应用程序和服务可以通过参考Subject关联的Principal来识别Subject的身份。

  Reliance on named principals usually derives from the fact that a service implements a conventional access control model of security [69]. This model allows a service to define a set of protected resources and the conditions under which named principals may access those resources.
  

展开更多 50%)
分享

猜你喜欢

理解Subjects Principals and Credentials

编程语言 网络编程
理解Subjects Principals and Credentials

深入理解 ViewState

Web开发
深入理解 ViewState

s8lol主宰符文怎么配

英雄联盟 网络游戏
s8lol主宰符文怎么配

理解流媒体开发

Linux Linux命令 Linux安装 Linux编程 Linux桌面 Linux软件 Linux内核 Linux管理
理解流媒体开发

如何理解孕妇打鼾

孕期
如何理解孕妇打鼾

lol偷钱流符文搭配推荐

英雄联盟 网络游戏
lol偷钱流符文搭配推荐

理解Windows消息机制

编程语言 网络编程
理解Windows消息机制

深入理解sizeof

C语言教程 C语言函数
深入理解sizeof

lolAD刺客新符文搭配推荐

英雄联盟
lolAD刺客新符文搭配推荐

基于MVC模式的Struts框架研究与应用

基于MVC模式的Struts框架研究与应用

jQuery的强大选择器小结

jQuery的强大选择器小结
下拉加载更多内容 ↓