On the "Golden Nine Silver Ten", young graduates are full of hope and anxiety, looking for and competing for a job opportunity. The development students who are already on the job also want to get better treatment and a bigger platform through social recruitment or internal promotion.
However, there are a large number of interviewers, and the technical market is relatively cold. The students who are interviewed have to face the huge competition of N candidates for 1 position.
Q: Under this situation, how can we get more and better offers?
A: Short-term preparation - brushing interview questions; long-term planning - consolidating core skills.
How to brush the interview questions? Brush high-frequency questions, deep questions, and time-sensitive questions.
How to consolidate core skills? First in-depth understanding of the principle, and then systematically apply it to practice.
For developers, how to use various technical systems to solve security problems is a big confusion. **Experienced developers need to be proficient in using the Spring Security framework to meet the needs of business development. For example, fully master the authentication, authorization, methods and security access, OAuth2, JWT and other core functions provided by the Spring Security framework, and build your own knowledge system and solutions for system security design.
For architects, the difficulty lies in how to extend and customize the framework based on the functions provided by the framework and combined with specific business scenarios . This requires them to have a full understanding of the design principles of Spring Security's core functions such as user authentication and access authorization , and be able to analyze the underlying implementation mechanism of the framework from the source code level to meet deeper requirements.
With the continuous occurrence of various security issues, it can be said that security technology is an indispensable part of building a personal technology system, and it is also an important plus for raising your career threshold. However, there are many small partners who always encounter difficulties when learning Spring Security, so I recently compiled these 4 Spring Security advanced study notes to share with those in need!
This note can be divided into the following four parts:
- Part 1: Basic configuration of Spring Security.
- Part 2: Analyse the security problems that web projects may encounter, and explain how to use Spring Security for effective protection.
- Part 3: Introduce OAuth in detail, and use Spring Social to integrate Spring Security to achieve QQ quick login.
- Part 4: Focus on the Spring Security OAuth2 framework and analyze the Spring Security OAuth2 core source code.
part 1
- Chapter 1 Getting to Know Spring Security
- Chapter 2 Form Authentication
- Chapter 3 Authentication and Authorization
Custom form login page
part 2
- Chapter 4 Implementing Graphical Captcha
- Chapter 5 Automatic Login and Logout Login
- Chapter 6 Session Management
- Chapter 7 Password Encryption
- Chapter 8 Cross-domain and CORS
- Chapter 9 Protection against Cross-Origin Request Forgery
- Chapter 10 Single Sign-On and CAS
sign in
- Chapter 11 HTTP Authentication
- Chapter 12 @EnableWebSecurity and the Filter Chaining Mechanism
HTTP Basic Authentication
Part 3
Chapter 13 Implementing OAuth2 Interconnection with Spring Social
Realize QQ quick login
Part 4
Chapter 14 Implementing OAuth2 Interconnection with Spring Seuriy Oauh
Using Spring Security OAuth to achieve QQ quick login
Summarize
**The learning of any technical system is a process of progressing while stepping on the pit. In my career, I have summarized some common and unavoidable pain points when using the Spring Security framework to solve security problems, which can be roughly divided into the following categories.
- It looks simple, but it is actually complicated: A major feature of Spring Security is that it has many built-in basic functions, which are easy to use and make you feel that it is quick and easy to develop, but in fact, most of these built-in functions use the default implementation mechanism, such as User login and logout, password encryption and decryption, etc. It hides the complexity of system development so deeply that if you don't understand the core content of the framework, you can't understand these default implementation mechanisms. Therefore, once there is a problem in the development process, you will feel at a loss, and it will become more difficult to locate and solve the problem.
- Powerful extensibility, but difficult to master: The default implementation mechanism provided in Spring Security may not meet the needs of different business scenarios, which requires us to develop extended functions through the framework . Spring Security provides an open interface for authentication and authorization, as well as a series of extensibility functions such as filters. These functions are very powerful, but in the process of using them, you will find that you can only use them reasonably if you fully understand the design principles behind these functions. Blind use of these extensibility features will only lead to system instability.
- **Many technical systems and components: **Spring Security provides a large number of functional components, which constitute a huge technical system. You will find that if you finally learn a component, you still need to re-learn when you encounter a new component, which leads to low learning efficiency and error-prone. At the same time, many functions in Spring Security are integrated with some open source components and solutions on the market. If you do not understand these components and solutions, some inexplicable problems may occur during use, affecting the development rhythm.
Based on the above problems, the above document has sorted out a set of learning paths from shallow to deep, which can not only take you to master the overall situation of the Spring Security framework, but also help you to master it efficiently from a practical point of view. System security design method and development skills based on Spring Security framework.
