What is Spring Security
Spring Security is Spring’s top-level project in the security field. It supports many mainstream authentication standards in user authentication, including but not limited to HTTP basic authentication, HTTP form authentication, HTTP digest authentication, OpenID and LDAP. In terms of user authorization, Spring Security is not only Support the most commonly used URL-based Web request authorization, as well as role-based access control (Role-Based Access Control, RBAC) and access control lists (Access Control List, ACL), etc.
Spring Security learning map
However, many people have not found very thorough learning and explanation materials when studying Spring Security. They may not find them after reading through the major platform websites. Therefore, I share this very comprehensive Spring Security study notes here. The notes comprehensively explain Spring Security related knowledge. From the basics of Spring Security to the filter chain to the use of custom authentication pages by Spring Security to the integrated SpringBoot centralized version of Spring Security, etc.
Spring Security Notes Part One
Due to space reasons, in order to avoid affecting everyone’s reading experience, only part of the content is shown in screenshots. Friends in need quickly repost it, only repost + follow, and then scan the QR code below me to get the following 4 A copy of Spring Security notes document
List
- 1. Case introduction
- Second, first acquainted with authority management
Three, first met Spring Security
Spring Security is a security framework implemented by spring using AOP ideas and based on servlet filters. It provides a complete authentication mechanism and method-level authorization functions. Is a very good authority management framework.
Four, Spring Security filter chain
Filter is a typical AOP idea. I won’t go into details about what a filter is. Who doesn’t know that all web projects can use filters? In this section, let's take a look at what these filters are used in Spring Security.
Five, Spring Security uses a custom authentication page
Six, Spring Security uses database data to complete authentication
Spring Security Notes Part 2
Content display
Spring Security Notes Part 3-Integrating SpringBoot
The third part mainly explains the integration of SpringSecurity and SpringBoot centralized version and distributed version, let's take a look at the catalog first!
Spring Security integrates SpringBoot centralized version
Spring Security integrates SpringBoot distributed version
- Distributed authentication concept description
- Distributed authentication flow chart
- JWT introduction
- Analysis of Spring Security+JWT+RSA distributed authentication ideas
- Spring Security+JWT+RSA distributed authentication implementation
Spring Security Notes Part IV-OAuth
The OAuth protocol provides a safe, open and simple standard for user resource authorization. The difference from previous authorization methods is that OAuth authorization does not allow third parties to touch the user’s account information (such as user name and password), that is, third parties can apply for the user’s resource without using the user’s user name and password. Authorization, so OAuth is safe. This note has an explanation of OAuth, first look at the directory!
Content display
Due to space reasons, in order to avoid affecting everyone's reading experience, only part of the content is shown in screenshots. Friends in need quickly forward it, **** only forward + follow, and then scan the QR code below. Get these 4 Spring Security notes documents
At last
Regardless of learning any technology, there should be a systematic study! ****Why do we have to learn systematically? Whether you do IT or not, there is actually a need for systematic learning. Systematic learning of a knowledge point allows us to consider more comprehensively when we encounter problems. This is also a characteristic that a mature engineer should have; fragmented learning can easily lead us to draw some one-sided or even wrong in conclusion.
However, systematic learning requires a lot of time and energy. Some people may feel that it is not worth it, so they give up systematic learning, and instead believe in copy and paste to change the seven-character mantra, and plunge into the sea of CURD.