The application authorization ID therefore becomes a security bottleneck; if it is ever compromised, then all enterprise resources will be exposed.
因此应用程序授权ID成为了安全瓶颈,它的泄漏将造成所有企业资源的曝光。
So the question is: how does this impact J2EE application server security, and in particular, how does it affect authorization in this space?
因此,所面临的问题是:这将如何影响J2EE应用服务器的安全性,特别是它如何影响在此领域内的授权?
This typically means that the authorization rules have to be embedded into the data access logic of the application itself.
这通常意味着必须将授权规则嵌入到应用程序本身的数据访问逻辑之中。
The current practice is to embed authorization logic in the application.
当前实践是在应用程序中嵌入授权逻辑。
The "tiny little" authentication and authorization system for this "tiny little" blog application is now in place.
这个“微型”博客应用程序的“微型”身份验证和授权系统现在已经初具雏形。
Any authorization framework of substantial capability will enable an application to implement a complex and rich set of authorization rules.
任何具有强大功能的授权框架都将使应用程序能够实现一组复杂且丰富的授权规则。
The extraction of authentication and authorization services out of the application layer can help with scalability, maintainability, and re-usability for multi-tenant transactions.
从应用程序层提取认证和授权服务有助于提高多租户事务的可伸缩性、可维护性和重用性。
Such a mapping between application and user ID is only possible if each user has a separate database authorization ID.
只有当每个用户都有一个单独的数据库授权ID时,才可能出现那样的应用程序与用户ID之间的映射。
Database-level security measures including authentication and authorization might also be used to enhance application security.
数据库级的安全措施,包括身份验证和授权,也可以用于加强应用程序的安全性。
This works even when those users are connecting to DB2 through an application that itself provides a single generic authorization id when establishing connections to DB2.
即使这些用户通过应用程序连接到DB2也可以正常工作,在建立与DB2的链接时这些应用程序本身可以提供一个通用授权id。
Historically, this has resulted in applications having to reinvent existing database level authorization and auditing functions inside the application layer.
从历史的角度而言,这导致了应用程序不得不在应用层内重新进行现有的数据库级别的授权和审核功能。
Authentication and authorization of the application.
应用程序的验证和授权。
Be aware that authentication and authorization relies on WebSphere Application Server global security.
请注意,身份验证和授权依赖于WebSphereApplicationServer全局安全性。
This solution provides only coarse-grained authorization by the WebSphere Application Server front-end that exposes the party's business functions as web services.
这种解决方案只是通过WebSphereApplicationServer的前端(它将此方的业务功能作为Web服务公开)提供了粗粒度的授权。
Our goal is to demonstrate how to enable the integration of the message-level security tokens for use with the JEE authorization framework on WebSphere Application Server.
我们的目标是演示如何支持消息级安全令牌的集成,以在WebSphereApplication Server上结合使用JEE授权框架。
Here is the authorization model for this virtual campus application.
下面是此虚拟校园应用程序的授权模型。
Almost every web application has to deal with authorization and authentication.
—几乎每个web应用都必须去处理授权和认证。
Can make authorization decisions for Application Server.
为ApplicationServer进行授权决策。
In general, servlet filters are used to control the flow of the application based on user type (or authentication and authorization) or page functionality.
通常,基于用户类型(或身份验证和授权)或页面功能将servlet过滤器用于控制应用程序流。
As a result, WebSphere Application Server only provides coarse-grain authorization based on the digital signature's success.
结果,基于数字签名的成功,WebSphereApplicationServer只提供粗粒度的授权。
In this way, a single static class declares the entire extended authorization policy of an EAz application.
通过这种方法,单个静态类可以声明EAz应用程序的完整扩展授权策略。
The authorization model of a WebSphere Commerce application has three primary concepts: users, actions, and resources.
WebSphereCommerce应用程序的授权模型有三个主要概念:用户、操作和资源。
EJB component authorization is managed and enforced in the application server where the MDM server is hosted.
EJB组件授权是在MDMServer所在的应用服务器中管理和实施的。
Filter conditions, such as application id, application name, or authorization id.
过滤条件,如应用程序标识、应用程序名称或授权标识。
At this point, you have created a properties file realm, configured a Web application to authenticate against this security realm, and verified the authorization for resources in the application.
此时,您已经创建了一个属性文件域,并将Web应用程序配置为根据这个安全领域进行身份验证,还验证了该应用程序中对资源的授权。
In doing so, it would only need to use the Android device's web browser for purposes of authorization, but the rest of the application may be completely native.
这时,在需要授权时只需调用Android设备中的浏览器即可,应用中的其余部分完全可以是基于本地化开发的。
Web application security consists of authentication and authorization.
Web应用程序安全包括身份验证和授权两方面。
Many other WebSphere application Server resources, such as Work Areas, do not provide for application level authorization.
很多其他WebSphereApplicationServer资源(如工作区)并不提供应用程序级别的授权。
You can define roles in this record as well provide authorization for your application.
您可以在这个记录内定义角色以及为应用程序提供授权。
In a short amount of time you have set up a skeleton application that implements authorization.
在很短的时间里,您就已经建立了一个能实现授权的骨架应用程序。
应用推荐