Before reading the following article, let everyone know Spring Security
Spring Security is a security framework that can provide declarative security access control solutions for Spring-based enterprise application systems. It provides a set of Beans that can be configured in the Spring application context, making full use of Spring IoC, DI (Inversion of Control, DI: Dependency Injection) and AOP (Aspect Oriented Programming) functions to provide application systems The declarative security access control function reduces the work of writing a large amount of repetitive code for enterprise system security control.
Overview of Spring Security
Introduction:
The predecessor of Spring Security is Acegi Security, which is a framework used to provide security authentication services in the Spring project group.
Spring Security provides comprehensive security services for J2EE-based enterprise application software. Especially enterprise software projects developed using the leading J2EE solution-Spring framework.
Spring Security actual combat manual
table of Contents:
Why should I show you the catalog first? Because you want to know whether this book is good or not, the catalogue best reflects the overall value of this book. After reading the catalogue, if you think this book is ok, you can continue to read it.
I don’t know if you can see it clearly. This book covers the realization of OAuth docking from the first time Spring Security to the final Spring Security OAuth . The whole set is quite comprehensive. Friends who need to obtain this information can directly forward + follow. After private messaging (learning) to get it for free!
Part of the chapter content:
Why is it called chapter part content? Because there is no way to show everyone the article now, only the part of each chapter can be shown to you.
All the examples in this book are based on the Spring Boot project created by Intellij IDEA, so readers need to have certain Spring related knowledge
In this chapter, we use form authentication to protect URL resources
This chapter will configure Spring Security in more depth and initially use the authorization mechanism.
Two methods of filter and custom authentication will be used to realize the graphic verification code function.
There are usually some contradictions in the security design of the website. As developers of some systems, we are also acting as users of other systems
Session management
Password security is a microcosm of Internet security. While enjoying Internet services, we should also pay more attention to it.
Cross-domain is a browser same-origin security policy, that is, browsers unilaterally restrict cross-domain access to scripts.
Protection against cross-domain request forgery Protection against cross-domain request forgery
Single sign-on and CAS
In addition to the user name and password authentication technologies maintained in the system, Spring Security supports HTTP-level authentication technologies including HTTP basic authentication and HTTP authentication.
@EnableWebSecurity and filter chain mechanism
OAuth solves the problem of giving the third-party application the right to obtain user data and basic information when the user does not provide the password to the third-party application.
Implement OAuth docking with Spring Security OAuth
Friends who need to get this information can directly forward it + follow the private message (learning) to get it for free!