Spring Security

2016-07-08 17:08:18   0  举报





仅支持查看

Spring Security是一个强大且可高度自定义的身份验证和访问控制框架。它为基于Java的应用程序提供了全面的安全服务，包括身份验证、授权、攻击防护等。Spring Security可以轻松集成到任何Spring应用程序中，提供了一系列预设的安全功能，如表单登录、HTTP基本认证等。同时，它还支持多种安全标准和协议，如OAuth2、OpenID Connect等。此外，Spring Security还提供了一套强大的安全表达式语言，可以用于定义复杂的访问控制规则。通过使用Spring Security，开发者可以更专注于业务逻辑的开发，而无需担心安全问题。

作者其他创作

大纲/内容

authenticationManager

AffirmativeBased

AccessDecisionVoter

UnanimousBased

GrantedAuthority

ConsensusBased

AbstractUserDetailsAuthenticationProvider

sessionStrategy

FilterInvocationSecurityMetadataSource

securityMetadataSource

ExpressionBasedFilterInvocationSecurityMetadataSource

springSecurityFilterChain

FilterInvocationSecurityMetadataSourceParser

providers:AuthenticationProvider.authenticate()

ConfigAttribute

CoreUserDetailsService

loadUserByUsername()将User(jalo) mapping成Spring Role

RoleVoter

HttpConfigurationBuilder

AbstractAccessDecisionManager

filters: DelegatingFilterProxy

web.xml

DaoAuthenticationProvider

accessDecisionManager

AuthenticationConfigBuilder

FilterSecurityInterceptor

CoreAuthenticationProvider

X509AuthenticationFilterBasicAuthenticationFilterRememberMeAuthenticationFilterJeeFilterSecurityContextHolderAwareRequestFilter

AuthenticatedVoter

ProviderManager

UsernamePasswordAuthenticationFilterOpenIDAuthenticationFilter

DefaultFilterInvocationSecurityMetadataSource

100\tChannelProcessingFilter200\tConcurrentSessionFilter300\tSecurityContextPersistenceFilter400\tLogoutFilter500\tX509AuthenticationFilter600\tRequestHeaderAuthenticationFilter700\tCasAuthenticationFilter800\tUsernamePasswordAuthenticationFilter900\tOpenIDAuthenticationFilter1000\tDefaultLoginPageGeneratingFilter1100\tDigestAuthenticationFilter1200\tBasicAuthenticationFilter1300\tRequestCacheAwareFilter1400\tSecurityContextHolderAwareRequestFilter1500\tRememberMeAuthenticationFilter1600\tAnonymousAuthenticationFilter1700\tSessionManagementFilter1800\tExceptionTranslationFilter1900\tFilterSecurityInterceptor2000\tSwitchUserFilter

HttpSecurityBeanDefinitionParser

访问资源需要的属性

AcceleratorAuthenticationProvider

用户自身的权限