foreword
Spring Security is currently one of the most common security authentication frameworks used in Java background management systems. It's not as intuitive to use as Shiro. Shiro can directly open a javaSE application verification, but Spring Security basically requires that it be associated with the web. At first I didn't even know where to start. Recently, I decided to calm down and learn about the use of Spring Security.
quick start
Spring Security does not require as much configuration as Shiro. It has many default settings, even the default login page is prepared for the user. As a quick start, let's take a look at the default effects of Spring Security, and then gradually change the default settings to custom methods.
New Project
Create a new maven project, the pom is as follows.
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>com.sadoshi.springsecurity</groupId>
<artifactId>test1</artifactId>
<version>0.0.1-SNAPSHOT</version>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.6.8</version>
<relativePath /> <!-- lookup parent from repository -->
</parent>
<properties>
<java.version>1.8</java.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
</project>Create a new startup app
package com.sadoshi.springsecurity;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
@SpringBootApplication
public class App {
public static void main(String[] args) {
SpringApplication.run(App.class, args);
}
}
New control class HelloController
package com.sadoshi.springsecurity.controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
@RestController
public class HelloController {
@RequestMapping("/hello")
public String hello() {
return "hello";
}
}
Then we start the App class, and enter in the browser address bar: http://localhost:8080/hello . Then you will find that the browser redirects to http://localhost:8080/login
The above is the default login page of Spring Security. It intercepts the user's access request and redirects to the default login page. Then we need to log in. The default username is user, and the password is randomly generated at startup. Look at the console output when the program starts:
The red box is the password. We enter the account name and password to open the /hello page.
Add configuration file
At present, our project does not have a configuration file. In order to facilitate subsequent configurations, we add the application.yml configuration file in the resource directory:
server:
port: 8082We set the port to 8082.
Architecture of Spring Security
Spring Security uses filters to complete interception operations. Post a picture on the official website:
You can see that from the customer access system, through the filter chain. And Spring Security is a string of SecurityFilterChain. We can see which filters Spring Security has added through source code breakpoint debugging:
Through the breakpoint, you can see that Spring Security has added 15 filters. From the name, the fifth UsernamePasswordAuthenticationFilter should be the filter for verifying username and password. Learning Spring Security is also learning around these filters
summary
In this article, we found that it is very fast to introduce Spring Security. Spring Security has many default configurations, including the default login interface and default username and password. This also makes us have a lot of questions, such as how to replace the default login page, how to set it to read the username and password saved in the database, how to set Spring Security to only intercept some pages, etc. These will be learned in later articles.