Java EE 安全领域

Question

阅读 Java EE 安全文档，他们在其中定义了一个安全领域:

An access channel for the application server to storage containing user's authentication and grouping information.

“访问 channel ”是什么意思？这是一个端口号，还是某种网络术语？ “认证/分组信息”是什么意思？权限？

我只是在这里寻找一些具体的(非模糊的)例子!提前致谢!

Answer 1

领域是一种凭据存储，可实现基于身份或角色的访问控制。

http://docs.oracle.com/javaee/5/tutorial/doc/bnbxj.html#bnbxm

What is a realm?

For a web application, a realm is a complete database of users and groups that identify valid users of a web application (or a set of web applications) and are controlled by the same authentication policy.

The Java EE server authentication service can govern users in multiple realms. In this release of the Application Server, the file, admin-realm, and certificate realms come preconfigured for the Application Server.

In the file realm, the server stores user credentials locally in a file named keyfile. You can use the Admin Console to manage users in the file realm.

When using the file realm, the server authentication service verifies user identity by checking the file realm. This realm is used for the authentication of all clients except for web browser clients that use the HTTPS protocol and certificates.

In the certificate realm, the server stores user credentials in a certificate database. When using the certificate realm, the server uses certificates with the HTTPS protocol to authenticate web clients. To verify the identity of a user in the certificate realm, the authentication service verifies an X.509 certificate. For step-by-step instructions for creating this type of certificate, see Working with Digital Certificates. The common name field of the X.509 certificate is used as the principal name.

The admin-realm is also a FileRealm and stores administrator user credentials locally in a file named admin-keyfile. You can use the Admin Console to manage users in this realm in the same way you manage users in the file realm. For more information, see Managing Users and Groups on the Application Server.