authentication and authorization in web applications n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Authentication and Authorization in web applications PowerPoint Presentation
Download Presentation
Authentication and Authorization in web applications

Loading in 2 Seconds...

play fullscreen
1 / 8

Authentication and Authorization in web applications - PowerPoint PPT Presentation


  • 122 Views
  • Uploaded on

Authentication and Authorization in web applications. Presentation by : Kaushal Kumar kk2457@columbia.edu. Need of “Auth & Auth” services. To allow only genuine users To check for security risks like sql - injection To generate various roles for various users

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Authentication and Authorization in web applications' - brandice-james


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
authentication and authorization in web applications

Authentication and Authorizationin web applications

Presentation by:

Kaushal Kumar

kk2457@columbia.edu

slide2

Need of “Auth & Auth” services

  • To allow only genuine users
  • To check for security risks like sql - injection
  • To generate various roles for various users
  • To enforce role-based access control
  • To make “auth & auth” independent of actual web-app development
slide3

“Auth & Auth” frameworks as pluggable components !!!

most widely used:

“auth & auth” frameworks built on JAAS APIs

slide4

JAAS

(Java Authentication and Authorization Service)

  • Set of APIs provided by SUN, present in “javax.security. xxx” package
  • a relatively new API
    • was an extension in J2SE 1.3
    • became a core API in J2SE 1.4
    • now also a part of J2EE 1.3 specs
  • an abstraction layer between application level code and disparate underlying auth & auth mechanisms
slide5

A high-level overview of how JAAS achieves this pluggability

Taken from:

Article by: J. Musser and P. Feuer on JavaWorld.com, 09/13/02

slide7

Overall Workflow of an “auth & auth” framework

2. AUTHORIZATION :

Step 1:

User is authenticated

Step 2:

Principal-based entries are read

from the policy file

Step 3:

The subject is associated with

Access-controls

Step 4:

Each subsequent security-checks

Java runtime checks for

access-controls

access granted

access denied

slide8

What a web-app developer needs to do ?

  • Choose the login-modules based on the web-app specs
  • Get the jars, put in the lib/classpath
  • Specify the login-modules in the java security policy file
  • Specify roles and role-based access controls in the policy file
  • DONE !!!
  • Move on with the actual web-app development.