Acegi Security System for Spring 书摘(II)
2006-05-13 13:22
417 查看
Four main concerns must be addressed in typical enterprise application:
Authentication:Enterprise applications typicaly need to access a variety of authentication repositories. Depending on the repository, the server may never expose the credentials (in which case authentication is performed only by binding to the repository with the correct credentials) or the credentials may be in a hashed format. Each authentication repository also must track the authorities granted to a principal. Security frameworks must intergrate withe these types of repositories, or new ones, sometimes simultaneously. There my also be a range of client types for an enterprise application. The security framework needs to deal consistently with authentication requests from any such client type.
Web request security: Many enterprise applications are web-based, often using an MVC framework and possibly publishing web services. Security is often required to protect URI patterns. In addtion, web views often require intergration with a security framework so content can be generated based on the authorities held by the principal.
Service layer security:Services(business) layers should be secured in all but the simplest of applications. Security is usually best modeled as an aspect. Using an AOP-based solution allows service layer implementations to be largely or completely unaware of security. It also eliminates the error-prone and tedious approach of enforcing security in user interface tiers via techniques such as URI pattern filtering. Acegi Security can secure an AOP Alliance MethodInvocation, using Spring AOP. It can also secure an AspectJ JoinPoint.
Domain object instance security: Java application also use domain objects to model the problem domain. Different instances of these domain objects may require different security. A principal may have delete permission to one domain object instance but only read permission to a different domain object instance. Permission are assigned to a recipient, which refers to a principal or a role. The list of permissions assigned to different recipients for a given domain object instance is known as access control list , or ACL.
Authentication:Enterprise applications typicaly need to access a variety of authentication repositories. Depending on the repository, the server may never expose the credentials (in which case authentication is performed only by binding to the repository with the correct credentials) or the credentials may be in a hashed format. Each authentication repository also must track the authorities granted to a principal. Security frameworks must intergrate withe these types of repositories, or new ones, sometimes simultaneously. There my also be a range of client types for an enterprise application. The security framework needs to deal consistently with authentication requests from any such client type.
Web request security: Many enterprise applications are web-based, often using an MVC framework and possibly publishing web services. Security is often required to protect URI patterns. In addtion, web views often require intergration with a security framework so content can be generated based on the authorities held by the principal.
Service layer security:Services(business) layers should be secured in all but the simplest of applications. Security is usually best modeled as an aspect. Using an AOP-based solution allows service layer implementations to be largely or completely unaware of security. It also eliminates the error-prone and tedious approach of enforcing security in user interface tiers via techniques such as URI pattern filtering. Acegi Security can secure an AOP Alliance MethodInvocation, using Spring AOP. It can also secure an AspectJ JoinPoint.
Domain object instance security: Java application also use domain objects to model the problem domain. Different instances of these domain objects may require different security. A principal may have delete permission to one domain object instance but only read permission to a different domain object instance. Permission are assigned to a recipient, which refers to a principal or a role. The list of permissions assigned to different recipients for a given domain object instance is known as access control list , or ACL.
相关文章推荐
- Acegi Security System for Spring 书摘(I)
- VS 安装助手,弹出“The security key for this program currently stored on your system does not appear to be ”
- acegi/springsecurity acl 简介
- Can not find the tag library descriptor for "http://www.springframework.org/security/tags"
- The security key for this program currently stored on your system does not appear to be valid for th
- 使用 Acegi Security System 实现基于 URL 的安全性
- Spring Security Filter Chain Registration Using WebApplicationInitializer for Servlet 3.x
- for your security, some settings are controlled by your system administrator (windows 10)
- How to create custom methods for use in spring security expression language annotations
- 微软职位内部推荐-SW Engineer II for Windows System
- Acegi Security System使用 LDAP 目录服务器学习
- System.Web.Security.FormsAuthentication.HashPasswordForStoringInConfigFile(string, string)已过时的解决办法
- WCF:The caller was not authenticated by the service. ---> System.ServiceModel.FaultException: The request for security token could not be satisfied because authentication failed.
- Pathway from ACEGI to Spring Security 2.0
- System.Security.SecurityException: Request for the permission of type 'System.Web.AspNetHostingPermi
- Spring安全系统:Acegi Security Acegi简介
- Failed to resolve base type System.Security.Principal.GenericIdentity for type System.Net.HttpListen
- Security arrangements for extended USB protocol stack of a USB host system
- Pathway from ACEGI to Spring Security 2.0(2)
- 装PADS200X完后,启动软件(如logic等)时提示:Security system wasn't properly initialized: License request for pwrshell feature failed. The progr