开发者

Java Authentication Library

开发者 https://www.devze.com 2023-04-03 03:01 出处:网络
I am developing a server/client Java application where I need to authent开发者_JAVA百科icate the client before sending data, also I need to encrypt the sent data after authentication and to ensure its

I am developing a server/client Java application where I need to authent开发者_JAVA百科icate the client before sending data, also I need to encrypt the sent data after authentication and to ensure its freshness

I am wondering what is the best library that I could use to do that?


Take a look at the security module in the Spring framework. Pretty much covers all the common authentication and authorisation services


Java Authentication and Authorization Service is a part of Java spec since SE 1.4. The API is fairly well-defined, but as it has been written with goal of covering every possible auth backend (including LDAP, smart card and similar stuff) it may bring too much functionality overhead.

Apache Shiro is one of libraries/frameworks that I am aware of, that build upon JAAS, abstracting it's concepts and making them generally easier to use. The second one is jGuard, but as of Dec 2013 it seems to not being maintained anymore.


You could integrate with an existing LDAP (or Active Directory) registry using OpenLDAP ( http://www.openldap.org/jldap/ ).


You could use Public Key Encryption and do client authentication based on certificates.
Check out JSSE of SUN on secure sockets


If you are not using Spring and you are using some off-the-shelf server framework, look there - most include authorization modules.

0

精彩评论

暂无评论...
验证码 换一张
取 消