| With development of Internet, most people must deal with different system, but each of these systems has its proprietary security policy and authentication mechanism unknown from others. It is urgent to converge them into one framework. Pluggable Authentication Module (PAM) is just this framework and the Java Authentication and Authorization Service (JAAS) implements a Java version of the standard PAM. Earlier Java security frameworks focused on protecting the user from mobile code, based on the code's origins and who created it, JAAS protects the system from users, based on who runs the code and their permissions.The JAAS technology is analyzed in detail in this paper. The paper specifies an architecture of Identity Authentication Server based on JAAS. Moreover, JAAS is extended with the adapter pattern to make programming easy and quick. The architecture gives a satisfactory solution for authentication and authorization management.The organization of this paper is as follow. At the beginning, the basic technologies about authentication are introduced, which include Authentication Mechanism, Access Control Policy, Data Encryption Techniques and Security Socket Layer. Next the PAM framework and JAAS architecture are discussed in detail. The research includes PAM Module Interface, PAM Framework Interface, PAM Configuration Management, JAAS Principal, JAAS Authentication Mechanism and JAAS Authorization Mechanism. Then the architecture design of JAAS-based Identity Authentication Server is provided, which includes safety authenticator, access controller, session manager, safety information manager and audit server. Finally, the implementation issues of design is investigated. Some program codes are attached for demonstration. |
PDF Full Text Request