uTools-Manuals/docs/java/org/ietf/jgss/package-summary.html

158 lines
8.6 KiB
HTML
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<div class="header">
<h1 class="title" title="Package">Package org.ietf.jgss</h1>
<div class="docSummary">
<div class="block">
该软件包提供了一个框架允许应用程序开发人员使用诸如Kerberos等各种基础安全机制使用统一API的身份验证数据完整性和数据机密性等安全服务。
</div>
</div>
<p>See: <a href="#package.description">描述</a></p>
</div><div class="contentContainer">
<ul class="blockList">
<li class="blockList">
<table border="0" cellpadding="3" cellspacing="0" class="typeSummary" summary="Interface Summary table, listing interfaces, and an explanation">
<caption>
<span>接口摘要</span>
<span class="tabEnd"> </span>
</caption>
<tbody>
<tr>
<th class="colFirst" scope="col">接口</th>
<th class="colLast" scope="col">描述</th>
</tr>
</tbody>
<tbody>
<tr class="altColor">
<td class="colFirst"><a href="../../../org/ietf/jgss/GSSContext.html" title="interface in org.ietf.jgss">GSSContext</a></td>
<td class="colLast">
<div class="block">
该接口封装了GSS-API安全上下文并提供了可用于上下文的安全服务。
</div> </td>
</tr>
<tr class="rowColor">
<td class="colFirst"><a href="../../../org/ietf/jgss/GSSCredential.html" title="interface in org.ietf.jgss">GSSCredential</a></td>
<td class="colLast">
<div class="block">
该接口封装了实体的GSS-API凭据。
</div> </td>
</tr>
<tr class="altColor">
<td class="colFirst"><a href="../../../org/ietf/jgss/GSSName.html" title="interface in org.ietf.jgss">GSSName</a></td>
<td class="colLast">
<div class="block">
该接口封装了单个GSS-API主体实体。
</div> </td>
</tr>
</tbody>
</table> </li>
<li class="blockList">
<table border="0" cellpadding="3" cellspacing="0" class="typeSummary" summary="Class Summary table, listing classes, and an explanation">
<caption>
<span>类摘要</span>
<span class="tabEnd"> </span>
</caption>
<tbody>
<tr>
<th class="colFirst" scope="col"></th>
<th class="colLast" scope="col">描述</th>
</tr>
</tbody>
<tbody>
<tr class="altColor">
<td class="colFirst"><a href="../../../org/ietf/jgss/ChannelBinding.html" title="class in org.ietf.jgss">ChannelBinding</a></td>
<td class="colLast">
<div class="block">
该类封装了主叫方提供的通道绑定信息的概念。
</div> </td>
</tr>
<tr class="rowColor">
<td class="colFirst"><a href="../../../org/ietf/jgss/GSSManager.html" title="class in org.ietf.jgss">GSSManager</a></td>
<td class="colLast">
<div class="block">
该类作为其他重要GSS-API类的工厂并提供有关支持的机制的信息。
</div> </td>
</tr>
<tr class="altColor">
<td class="colFirst"><a href="../../../org/ietf/jgss/MessageProp.html" title="class in org.ietf.jgss">MessageProp</a></td>
<td class="colLast">
<div class="block">
这是在每消息GSSContext方法中使用的实用程序类用于传递每消息属性。
</div> </td>
</tr>
<tr class="rowColor">
<td class="colFirst"><a href="../../../org/ietf/jgss/Oid.html" title="class in org.ietf.jgss">Oid</a></td>
<td class="colLast">
<div class="block">
该类表示通用对象标识符Oid及其相关联的操作。
</div> </td>
</tr>
</tbody>
</table> </li>
<li class="blockList">
<table border="0" cellpadding="3" cellspacing="0" class="typeSummary" summary="Exception Summary table, listing exceptions, and an explanation">
<caption>
<span>异常摘要</span>
<span class="tabEnd"> </span>
</caption>
<tbody>
<tr>
<th class="colFirst" scope="col">异常</th>
<th class="colLast" scope="col">描述</th>
</tr>
</tbody>
<tbody>
<tr class="altColor">
<td class="colFirst"><a href="../../../org/ietf/jgss/GSSException.html" title="class in org.ietf.jgss">GSSException</a></td>
<td class="colLast">
<div class="block">
发生GSS-API错误时会抛出此异常包括任何机制特定的错误。
</div> </td>
</tr>
</tbody>
</table> </li>
</ul>
<a name="package.description">
<!-- --> </a>
<h2 title="Package org.ietf.jgss Description">Package org.ietf.jgss Description</h2>
<div class="block">
<span>该软件包提供了一个框架允许应用程序开发人员使用诸如Kerberos等各种基础安全机制使用统一API的身份验证数据完整性和数据机密性等安全服务。</span>
<span>应用程序可以选择使用的安全机制用唯一对象标识符标识。</span>
<span>这种机制的一个例子是Kerberos v5 GSS-API机制对象标识符1.2.840.113554.1.2.2)。</span>
<span>该机制可通过GSSManager类的默认实例获得。</span>
<p> <span>GSS-API在RFC 2743中以<a href="http://www.ietf.org/rfc/rfc2743.txt">独立</a>于语言的方式<a href="http://www.ietf.org/rfc/rfc2743.txt">定义</a></span> <span>Java语言绑定在<a href="http://www.ietf.org/rfc/rfc2853.txt">RFC 2853</a>中定义</span> </p>
<p> <span>应用程序通过实例化一个开出<code>GSSManager</code> ,然后作为工厂的安全上下文。</span> <span>应用程序可以使用也使用GSSManager创建的特定主体名称和凭据;</span> <span>或者可以使用系统默认值实例化上下文。</span> <span>然后通过上下文建立循环。</span> <span>一旦与对等体建立上下文,则认证完成。</span> <span>然后可以从这个上下文获得数据保护,如完整性和机密性。</span> </p>
<p> <span>GSS-API不与对等体进行任何通信。</span> <span>它只是产生令牌,应用程序必须以某种方式运输到另一端。</span> </p>
<p></p>
<h3> <span>凭证收购</span> </h3>
<span><a name="useSubjectCredsOnly">The GSS-API itself does not dictate how an underlying mechanism obtains the credentials that are needed for authentication. It is assumed that prior to calling the GSS-API, these credentials are obtained and stored in a location that the mechanism provider is aware of. However, the default model in the Java platform will be that mechanism providers must obtain credentials only from the private or public credential sets associated with the</a> <a href="../../../javax/security/auth/Subject.html" title="javax.security.auth中的类"><code>Subject</code></a>在当前的访问控制上下文中。</span>
<span>Kerberos v5机制将在私有凭证集中搜索所需的INITIATE和ACCEPT凭证 <a href="../../../javax/security/auth/kerberos/KerberosTicket.html" title="javax.security.auth.kerberos中的类"><code>KerberosTicket</code></a><a href="../../../javax/security/auth/kerberos/KerberosKey.html" title="javax.security.auth.kerberos中的类"><code>KerberosKey</code></a> ),其中可以在其他机制中查看公共集或两者。</span>
<span>如果所需凭证不存在于当前主题的适当集合中则GSS-API调用必须失败。</span>
<p> <span>这种模式的优点是从应用的角度来看,凭据管理是简单和可预测的。</span> <span>给予正确权限的应用程序可以清除主题中的凭据或者使用标准的Java API来更新它们。</span> <span>如果它清除了凭据那么确保JGSS机制将失败或者如果它重新启动基于时间的凭证那么将确保JGSS机制能够成功。</span> </p>
<p> <span>该模型确实要求执行<a href="../../../javax/security/auth/login/package-summary.html"><code>JAAS login</code></a>以验证和填充JGSS机制以后可以使用的主题。</span> <span>然而,应用程序有能力通过系统属性来放宽此限制: <code>javax.security.auth.useSubjectCredsOnly</code></span> <span>默认情况下,该系统属性将被假定为<code>true</code> (即使未设置),表示提供程序只能使用当前主题中存在的凭据。</span> <span>但是如果应用程序将此属性显式设置为false则表示提供程序可以自由使用其选择的任何凭据缓存。</span> <span>这样的凭证缓存可以是磁盘高速缓存,内存中高速缓存,甚至是当前的主题本身。</span> </p>
<h2> <span>相关文档</span> </h2>
<p> <span>有关使用Java GSS-API的在线教程请参阅<a href="../../../../technotes/guides/security/jgss/tutorials/index.html">Introduction to JAAS and Java GSS-API</a></span> </p>
<!--
<h2>Package Specification</h2>
##### FILL IN ANY SPECS NEEDED BY JAVA COMPATIBILITY KIT #####
<ul>
<li><a href="">##### REFER TO ANY FRAMEMAKER SPECIFICATION HERE #####</a>
</ul>
<h2>Related Documentation</h2>
For overviews, tutorials, examples, guides, and tool documentation, please see:
<ul>
<li><a href="">##### REFER TO NON-SPEC DOCUMENTATION HERE #####</a>
</ul>
-->
</div>
<dl>
<dt>
<span class="simpleTagLabel">从以下版本开始:</span>
</dt>
<dd>
1.4
</dd>
</dl>
</div>