JAAS 学习笔记

JAAS

Resource:http://hintcnuie.iteye.com/blog/245239

 
Authentication, Authorization and Access Control
The primary goal of JAAS is to manage the granting of permissions and performing security checks for those permissions.
 
1.Authentication
1.1 Concept
Principal is one of identifers of a subject.
Subject is a collection of principals.
Credential is a prove of principal, it could be any type of object.  
Authentication:The process to identify subject and attach credentials and principals to a subject.
LoginModule: provide a pluggable way to have system support JAAS.
                    used for authentication(login, and principals, credentials binding)
                    ( authentication technology providers interface)
LoginContext:describes the basic methods used to authenticate Subjects and provides a way to develop an
                    application independent of the underlying authentication technology.
                    ( Application Interface)            
Configuration:determine which LoginModules should be used,
                     and which ones must succeed in order for the overall authentication to succeed(consits of AppConfigurationEntrys).
CallbackHandler: communicate and interact with users to gather identification information
CallBack: store information gathered by CallbackHandler;
  
1.2Authentication Progress
Application employ LoginContext to get a authenticated Subject. At this time, LoginContext will ask the Configuration for the
plugined LoginModules, and call each LoginModule to attach principals and credentials to  Subject(owned by each LoginModule or LoginContext).
Before each LoginModule attach principals and credentials, there will be a chance for LoginModule to judge whether to attach or not,
it employ CallbackHandler to collect informations in the CallBacks. If the collected information is valid, it could do attach now(in LoginContext is commit).
 
2.Authorization && AccessControl
2.1 Concept
Permission defines what kind of actions on a target.
Permission = Permission Type + Target(permission effect on) + Action(Optional)  
Not a subject but principal is assigned to a permission(defined by policy).

 

Policy: defines which permission are granted to a given security context(principal).( Deploying time And RunTime
Authorization: binding permissions to princpals(policy)
Acess Control: access sensitive code employ AccessControler or Security Mananger to check subject have the right to access resources.
ProtectDomain: encapsulates a set of classes whose instances are granted a set of permissions when being executed on behalf of a given
                        set of Principals.
2.2 Acess Control Progress
 

3. Two Extensible Interface
  Subject -- Principals -- Permission: Jaas employs Pricipals to decouple the Subject and Principals.
 
  Configuration: support to dynamicly or staticly add/remove/edit LoginModules which attach pricipals to Subject.
                        It judges which pricipals a Subject could have.
 
   Policy: support to dynamicly or staticly add/remove permissions to a principal.
             It judges which permissions a principal could have.

4. JAAS in Tomcat
   Realm: as LoginModule, authenticate a user based on a username and password, adding “roles” to that user if authentication was successful.
             defined as Realm in server.xml  
   Role: as Principal, defined as security-role in web.xml  
   Authenticator: as access controller to take access control function. defined as login-config in web.xml.
               It look down security-constraint to check.
     
  
 
 
 
 
 

 

内容概要:本文档详细介绍了基于Google Earth Engine (GEE) 构建的阿比让绿地分析仪表盘的设计与实现。首先,定义了研究区域的几何图形并将其可视化。接着,通过云掩膜函数和裁剪操作预处理Sentinel-2遥感影像,筛选出高质量的数据用于后续分析。然后,计算中值图像并提取NDVI(归一化差异植被指数),进而识别绿地及其面积。此外,还实现了多个高级分析功能,如多年变化趋势分析、人口-绿地交叉分析、城市热岛效应分析、生物多样性评估、交通可达性分析、城市扩张分析以及自动生成优化建议等。最后,提供了数据导出、移动端适配和报告生成功能,确保系统的实用性和便捷性。 适合人群:具备一定地理信息系统(GIS)和遥感基础知识的专业人士,如城市规划师、环境科学家、生态学家等。 使用场景及目标:①评估城市绿地分布及其变化趋势;②分析绿地与人口的关系,为城市规划提供依据;③研究城市热岛效应及生物多样性,支持环境保护决策;④评估交通可达性,优化城市交通网络;⑤监测城市扩张情况,辅助土地利用管理。 其他说明:该系统不仅提供了丰富的可视化工具,还集成了多种空间分析方法,能够帮助用户深入理解城市绿地的空间特征及其对环境和社会的影响。同时,系统支持移动端适配,方便随时随地进行分析。用户可以根据实际需求选择不同的分析模块,生成定制化的报告,为城市管理提供科学依据。
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值