Question about Kerberos in J2EE
=?gb2312?B?ZHJjbnM=?=
drcns at 163.com
Thu Apr 22 02:20:31 EDT 2004
hi,all
I have read through the Java GSS examples in sun's website and run it perfectly.My question is as flowing:
1.When GSSContext is established between GSS client and GSS Server,message can be sent upon the security context and the message is integrity protected. It is Ok. But how about method invocation? I mean that how to protect the method invocation from the GSSClient to the GSSServer using the established GSSContext.
2.In J2EE environment with Kerberos, we should take the Web Application as the GSSClient and other external kerberized service as the GSSServer.That is when client browser access the web application,UID and Password are sent to the Web Application over SSL and the Web Application get TGT from KDC.Then Web Aplication retrieve Service Ticket for the external kerberized service from the KDC and thus the GSSContext is built between the Web Application and the external kerberized service.This is what I think about kerberos in J2EE Application. Is it right? If it is right, how can I cache the TGT(Credential ) in such scenario when so many different brower client access the Web Application?
Is it the right place to post my message.Your help will be greatly appreciated.Thanks!
========================================================
ÊÇÓʼþÄãÊÕ Óв¡¶¾ÎÒÉÏ£¡VIPÓÊÏä È«Ãæ±£»¤£¡ http://vip.163.com
Öйú×î´óµÄÃâ·ÑÓÊÏäÔÚµÈÄã 25Õ׿ռä4Õ׸½¼þ£¡¡¡¡¡¡¡¡¡¡¡ http://mail.163.com
µã»÷ÍøÒ×ÅÝÅݾªÏ²ÎÞÏÞ È«Ãâ·ÑÊÖ»ú¶ÌÐÅÈÎÄã·¢!¡¡¡¡¡¡¡¡¡¡¡¡http://popo.163.com
More information about the krbdev
mailing list