java 什么是好的安全框架或 API?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/4382144/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
What is a good security framework or API?
提问by Demian Kasier
Is there a framework to be used when you build an application with security? (Preferably in Java.)
构建具有安全性的应用程序时是否有框架可以使用?(最好使用 Java。)
采纳答案by Cristian Vrabie
Spring Security - http://static.springsource.org/spring-security/site/- offers pretty much everything you can think of and works perfectly if you're already using Spring for IOC (inversion of control).
Spring Security - http://static.springsource.org/spring-security/site/- 如果您已经将 Spring 用于IOC(控制反转),那么它提供了您能想到的几乎所有内容并且可以完美运行。
回答by mariana soffer
Apache Shirois a powerful and easy-to-use Java security framework that performs authentication, authorization, cryptography, and session management. With Shiro's easy-to-understand API, you can quickly and easily secure any application – from the smallest mobile applications to the largest web and enterprise applications. :http://shiro.apache.org/
Apache Shiro是一个功能强大且易于使用的 Java 安全框架,可执行身份验证、授权、加密和会话管理。借助 Shiro 易于理解的 API,您可以快速轻松地保护任何应用程序——从最小的移动应用程序到最大的 Web 和企业应用程序。:http: //shiro.apache.org/
jGuardis written in Java. Its goal is to provide a security framework based on JAAS(Java authentication and authorization security). This framework is written for web and standalone applications, to resolve simply, access control problems: http://sourceforge.net/projects/jguard/
jGuard是用 Java 编写的。其目标是提供一个基于JAAS(Java认证和授权安全)的安全框架。这个框架是为 web 和独立应用程序编写的,以解决简单的访问控制问题:http: //sourceforge.net/projects/jguard/
The Bouncy Castle, we believe in encryption. That's something that's near and dear to our hearts. We believe so strongly in encryption, that we've gone to the effort to provide something for everybody, and we've now been doing it for over 10 years: http://www.jasypt.org/
在充气城堡,我们相信加密。这是我们内心最亲近的东西。我们非常相信加密,我们已经努力为每个人提供一些东西,我们现在已经这样做了 10 多年:http: //www.jasypt.org/
回答by Les Hazlewood
Apache Shirois probably the most feature-rich open-source security framework for Java when you take into account not just authentication and authorization (which it does extremely well), but also things like robust clusterable (and container independent) sessions and its simplification of cryptography.
Apache Shiro可能是功能最丰富的 Java 开源安全框架,当您不仅考虑身份验证和授权(它做得非常好),而且还考虑到健壮的可集群(和容器独立)会话及其简化密码学。
It also works in any Java application, not just Spring applications, but it has great Spring integration out of the box. The documentation is really good and the API documentation is excellent by open-source standards. The user community is also extremely helpful.
它也适用于任何 Java 应用程序,不仅仅是 Spring 应用程序,但它具有很好的开箱即用的 Spring 集成。文档非常好,API 文档按照开源标准非常出色。用户社区也非常有帮助。
But probably better than anything else: it is super easy to understand and use. Security APIs can be cumbersome and tricky to learn - Shiro probably has the cleanest and easiest to understand API out there.
但可能比其他任何东西都好:它非常容易理解和使用。安全 API 学习起来可能既麻烦又棘手——Shiro 可能拥有最清晰、最容易理解的 API。
