| The security issure of J2EE is greatly important as J2EE is a environment running enterprise applications.The security model advocated by the J2EE specification is a declarative, thick granularity model.There are a lot of security issues in enterprise applications can not be resolved by virtue of this model. JAAS is a Pluggable Authenication Module ( PAM ) and flexible authorization programming required framework. JAAS compatibly extends the Java 2 Platform's access control architecture and it provides a quantity of interfaces to extend its function by programmers.The paper describes this extendibility of JAAS Authenication and Authorization to using JAAS in a complex multi-users J2EE environment. This extendibility permits Java applications to remain independent from underlying authentication technologies and allows the security manager to work in different security infrastructures using configuration type. The paper also provides a integrated solution combining RBAC (Role-based Access Control) model and JAAS to implement user authorization. Security logic is apart from business logic in the application built by this framewrok.This method greatly increases flexibility and extendibility of business logic module. The paper uses some design patterns such as facade, singleton, observer to extend JAAS model, according with object-oriented thought.This framework has been used in KSMIS project. Comparing between this project and a project didn't use JAAS, we analysed the code complexity, the code flexibilty and the runtime efficiency of them. |
PDF Full Text Request