使用 CDI 时的 EJB 3.1 安全授权
在EJB中,对于安全身份验证和授权,我找到了使用jndi的常用方法,如下所示,
properties.put(Context.SECURITY_PRINCIPAL, "username");
properties.put(Context.SECURITY_CREDENTIALS, "password");
Context ctx = new InitialContext(properties);
Object ref = jndiContext.lookup("SecureBean/remote");
SecureRemoteBusiness remote = (SecureRemoteBusiness)ref;
问题:我想知道是否有任何方法可以在使用DI时实现此目的,而无需使用任何外部CDI框架。如果唯一的选择是使用外部 CDI 框架,请给我提供一个示例或参考。
In EJB, for security authentication and authorization I find a common method using jndi as follows,
properties.put(Context.SECURITY_PRINCIPAL, "username");
properties.put(Context.SECURITY_CREDENTIALS, "password");
Context ctx = new InitialContext(properties);
Object ref = jndiContext.lookup("SecureBean/remote");
SecureRemoteBusiness remote = (SecureRemoteBusiness)ref;
Question: I would like to know if there are any methods to achieve this while using DI possibly without using any external CDI frameworks. If the only choice is using external CDI frameworks, kindly provide me an example or a reference.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
任何 Java EE 规范中都没有真正解决完整的身份验证和授权漏洞,这就是 Spring Security、Apache Shiro、JBoss Picketlink 等存在的原因。
至于你的问题,不,没有任何方法可以在不使用外部框架的情况下通过 DI 实现这一目标。正如 Gonzalo Garcia Lasurtegui 提到的,您找到的任何内容都将属于服务器专有。
There is nothing in any of the Java EE specs that really address the full authentication and authorization hole, that's the reason things like Spring Security, Apache Shiro, JBoss Picketlink, etc. exist.
As for your question, no, there is not any way to achieve this with DI without using an external framework. Anything that you will find will be proprietary to the server, as Gonzalo Garcia Lasurtegui mentioned.