【作者】 陈志军；

【导师】 张运凯；

【作者基本信息】 河北师范大学 ， 计算机应用技术， 2008， 硕士

【摘要】 随着网络门户技术的飞速发展,门户中的应用系统越来越多,而每个应用系统往往都有自己的一套用户认证方法,用户管理往往非常困难。为了对用户进行统一的管理,有必要将不同系统的各种认证方法集中到一个框架中,来完成对整个系统用户的身份认证管理,因此,建立统一的身份认证管理系统,对各个应用系统的用户实现统一管理,成为门户信息安全系统建设中的重要环节。为了解决传统集成系统效率不高,用户信息不能实现跨平台共享,使用复杂等缺点,本文结合JAAS, LDAP和单点登录(SSO)等技术特点,提出了一个基于JAAS的身份认证和授权框架,在此框架上实现的基于JAAS的统一身份认证系统可以较好的解决对身份认证和访问控制的统一管理问题,克服传统的开发模式下身份认证的诸多弊端。首先,系统实现了用户信息的统一管理,保证了数据的完整性,同时避免了各个应用系统的重复开发;其次,系统实现了基于多个应用系统的单点登录,这将极大的方便用户使用,提高系统的易用性。另外,系统采用分布式的LDAP目录信息树结构存储用户和应用信息,对用户认证信息进行有效组织和管理,提供高效安全的目录访问。总之,基于JAAS的统一身份认证系统是一种较为通用的统一用户身份认证模型,创新之处在于:1.采用JAVA语言,将统一身份认证模块封装为Web服务,向客户端提供统一的接口,具有通用、跨平台、易扩展以及安全认证可插拔式等优点,有效的实现了应用系统的集成。2.基于JAAS框架,采用改进的单点登录模型,把原来分散的用户集中管理,通过一次身份验证,自动完成用户对所有授权应用的登录,提高用户登录效率。3.运用LDAP目录服务器存储用户的信息,对用户认证信息进行有效组织和管理,可以提供高效安全的目录访问,为系统的实现提供了便利的条件。本文设计的统一身份认证系统已经在河北科技基础条件网络平台上得到了很好的实践和应用,目前运行良好。更多还原

【Abstract】 Along with the portal rapid development, the application system which the user needs to use more and more, but each application system often has an own set of users authentication and the authorized method, in order to carries on the unification to the user the authentication to manage, therefore has the necessity to concentrate the different system each authentication method to a frame in, also is needs to have to be independent, the high security and the reliable status authentication and the jurisdiction management system, completes to the entire portal user’s status authentication and jurisdiction management. Therefore establishes a unified status authentication management system, to each application system user realization unified authentication, the unification management and the unification authorization also becomes in the portal information security system construction the important link.To solve the problems discussed above, this paper puts forward a universal uniform identity authentication system based on JAAS model with JAAS, LDAP and SSO technologies, and implements the JAAS-SSO component by the model. Uses the frame which this article proposed to be possible the good solution to the status authentication and the access control unification management question. First of all, the system has realize the unified management of user’s information, has guaranteed the integrality of the data, avoided the repeated development of each application system at the same time. Secondly, the system has realized the Single Sign On based on the number of applications, which will facilitate the user to use this system, improved the efficiency of using. Moreover, the system uses distributed LDAP directory tree structure to memory authentication information of users and applications for effective organization and management, which provide highly efficient and safe in accessing information.In short the uniform identity authentication system based on JAAS is a more common user authentication model. Several innovations are the following: First, Using JAVA programming language, the uniform identity authentication module packaged in Web services for the client to provide a unified interface. the platform have many merit such as common, cross-platform, extensible, Pluggable and Security Authentication etc.Second, Based on JAAS framework, the system adopt SSO model that improved, make the original dispersed users come together to execute unify management, accomplishes automatically logging on, improve using efficiency.Third, this strategy make use of the catalogues information tree structure of the LDAP distribute type, carry on the valid organization and managements to an information of the customer body and system control information, can provide the efficiently safe catalogue interview.The design of the system has been practiced and applied on the subject of Hebei science and technology foundation condition network platform, and Running well.更多还原