SpringBoot+Spring Security is based on memory user authentication

Others 2020-10-26 15:29:27 views: null

One, Spring Security framework

1. Introduction to the Framework

        Official introduction: Spring Security is a powerful and highly customizable authentication and access control framework. It is the de facto standard for protecting Spring-based applications. Spring Security is a framework that focuses on providing authentication and authorization for Java applications. Like all Spring projects, the real power of Spring Security is that it can be easily extended to meet custom requirements.

        Spring Security is a security framework that provides a declarative security access control solution for Spring-based enterprise application systems (in short, it controls access permissions). Application security includes user authentication (Authentication) and user authorization (Authorization) Two parts. The main core functions of Spring Security are authentication and authorization, and all architectures are also implemented based on these two core functions.

        User authentication refers to verifying whether a user is a legal subject in the system, that is, whether the user can access the system. User authentication generally requires the user to provide a user name and password. The system completes the authentication process by verifying the user name and password.

        User authorization refers to verifying whether a user has the authority to perform a certain operation. In a system, different users have different permissions. For example, for a file, some users can only read it, and some users can modify it. Generally speaking, the system assigns different roles to different users, and each role corresponds to a series of permissions.

feature:

  • Comprehensive and scalable support for authentication and authorization
  • Prevent attacks such as session fixation, clickjacking, and cross-site request forgery
  • Servlet API integration
  • Optional integration with Spring Web MVC

2. Framework Principle

        The best way to protect Web resources is Filter, and the best way to protect method calls is AOP. Therefore, when we authenticate users and grant permissions, Spring Security uses various interceptors to control access to permissions to achieve security.

The main filters of the Spring Security framework (Filter): 

  • WebAsyncManagerIntegrationFilter 
  • SecurityContextPersistenceFilter 
  • HeaderWriterFilter 
  • CorsFilter 
  • LogoutFilter
  • RequestCacheAwareFilter
  • SecurityContextHolderAwareRequestFilter
  • AnonymousAuthenticationFilter
  • SessionManagementFilter
  • ExceptionTranslationFilter
  • FilterSecurityInterceptor
  • UsernamePasswordAuthenticationFilter
  • BasicAuthenticationFilter

  The core components of the Spring Security framework:

  • SecurityContextHolder : Provides access to SecurityContext
  • SecurityContext : Holds the Authentication object and other information that may be needed
  • AuthenticationManager can contain multiple AuthenticationProviders
  • The ProviderManager object is the implementation class of the AuthenticationManager interface
  • The AuthenticationProvider is mainly used for authentication operations. The class calls the authenticate() method to perform authentication operations.
  • Authentication: Authentication subject in Spring Security mode
  • GrantedAuthority : The application-level authorization of the authentication subject, including the authorization information of the current user, usually represented by a role
  • UserDetails : The necessary information for constructing the Authentication object, which can be customized, and may need to be obtained by accessing the DB
  • UserDetailsService : Construct UserDetails object through username, and obtain UserDetail object according to userName through loadUserByUsername (you can customize the implementation based on your own business here, such as through database, xml, cache, etc.)  

Two, SpringBoot integrates Spring Security

1. Project Environment

(1) JDK version: 1.8

(2)Spring Boot:2.1.2.RELEASE

(3)Spring Security 5.1.3

(4)IntelliJ IDEA 2016.3.4

2.  Add dependencies and configure

  Add Spring Security's dependency in the pom.xml file:

<!--Spring Security-->
<dependency>
	<groupId>org.springframework.boot</groupId>
	<artifactId>spring-boot-starter-security</artifactId>
</dependency

  Configure Spring Security's username and password in application.yml:

server:
  port: 8082

# spring security
spring:
    security:
        user:
          name: ouyang
          password: 123456

3.  Write Controller

package com.oycbest.controller;

import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/**
 * @Author: oyc
 * @Date: 2019/1/29 10:49
 * @Description: Hello 测试控制类
 */
@RestController
public class HelloController {
    @GetMapping("hello")
    public String hello(HttpServletRequest request, HttpServletResponse response) throws Exception {
        return "hello";
    }
}

Three, test results

 

Guess you like

Origin blog.csdn.net/u014553029/article/details/86685971
Recommended
The “35-year-old curse” of Chinese coders
蘭雅 CorelDRAW 插件 2024.5.1 国际劳动节版,免费下载
Ranking
Methods and Practices of Manufacturing Data Quality Improvement
Serial port upgrade program for efficient transmission of large firmware
Use KITTI to run LIOSAM and complete the EVO evaluation
Calling methods on string literals (Java)
ActiveMQ and Spring integration (4)
You have to know the HTTPS! ! !
PAT whether Structures and Algorithms 7-4 with a binary search tree (40 rows streamlined structure)
el-upload brings request background
UVA - 1204 Fun Game-like pressure dp
2019-12-28
Daily
More
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)
2024-04-27(29)
2024-04-26(22)
2024-04-25(32)

Code World

© 2018 codetd.com