问题
I need to create a user authorization with different user's roles (admin and simple user). Admin will have more functional abilities.
So, what classes or engines should I use to implement user authorization to my destkop application?
Should I use classes in javax.security.auth.login?
回答1:
The two most common ways to implement authorization in a desktop application are:
- Java Authentication and Authorization Service (JAAS)
- Roll your own, either entirely from scratch or using something like LDAP for storing and checking user credentials.
回答2:
If you haven't already, check out Apache Shiro. It's MUCH easier to work with than JAAS and will work with any kind of application, whether it's desktop, web based, or mobile.
回答3:
Bouncy Castle have a good password encryption system. You can use a database or an XML file to store the users and roles data. The password must be encrypted. Then work around your JMenuBar and JMenu's to enable/disable or set to visible/not-visible what every role is supposed to see. With this solution you only need the Bouncy-Castle jar.
来源:https://stackoverflow.com/questions/5051191/user-authorization-java-se