过去几周我一直在学习 Java,我想为我的脚本添加更好的安全性。基本上我想要完成的是让用户使用一些论坛凭据登录。登录后,他们可以访问一些在线托管的 java .class,他们可以运行但不能下载。
我并不是要求提供代码或片段,只是要求更好地了解如何实现这一目标。 IE。链接到我需要的一些有用的 Java 文档。
我一直在 Stackoverflow 上搜索,但对不同的主题几乎迷失/困惑。
感谢所有帮助。
谢谢。
最佳答案
如果您在过去几周才这样做,那么就不要尝试完成此任务。要建立一个真正安全的环境需要大量的经验。如果您真的想尝试,您应该考虑网络服务。
正如 Karthik Ramachandran 在 his answer to this question 中所述,你应该时刻记住:
First secure the transport using SSL. If you control both the clients and the server then you can require 2-way SSL which would ensure that only trusted clients can connect.
Second you can implement WS security protocols. Web service security standards tend to deal with three things: Authentication, Digital Signatures and Encyption/Decyption (from the Spring-WS docs):
Authentication. This is the process of determining whether a principal is who they claim to be. In this context, a "principal" generally means a user, device or some other system which can perform an action in your application.
Digital signatures. The digital signature of a message is a piece of information based on both the document and the signer's private key. It is created through the use of a hash function and a private signing function (encrypting with the signer's private key).
Encryption and Decryption. Encryption is the process of transforming data into a form that is impossible to read without the appropriate key. It is mainly used to keep information hidden from anyone for whom it is not intended. Decryption is the reverse of encryption; it is the process of transforming of encrypted data back into an readable form.
There are a number of protocols/standards for each of these functions, and there are a number of Java OSS projects that implement the various security protocols/standards in a reasonable, usable ways.
In particular I'd look at Sun's XWSS and APACHE WSS4J. Spring WS has implementations of both of these APIs, they also do a good job of describing the various components: http://static.springsource.org/spring-ws/sites/2.0/reference/html/security.html
关于java - 登录和访问类(class)?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/15999448/