springSecurity Summary:
A, Spring security framework Introduction
1. Introduction
a declarative able to provide secure access to enterprise applications based on the Spring framework to control security solution of (simply said that access to controls thing), security applications , including user authentication (Authentication) and user authorization (the Authorization) two portions . User authentication refers to verifying whether a user is legitimate principals in the system, so users can access the system. General User Authentication requires users to provide a user name and password. System to complete the certification process by verifying user name and password. User authorization refers to verify that a user has permission to perform an action. In one system, different users have different permissions. For example, for a file, the user can only read some, and some users can modify. In general, the system will assign different roles for different users, and each character corresponds series of permissions. spring security main core functionality for authentication and authorization, all the architecture is based on two core functions to achieve.
2, the framework principle
is well known that you want to protect the resources of the Web, the best solution would Filter, in order to protect the method invocation, the best solution would be AOP. So when we springSecurity user authentication and grant permissions to control permissions access through a variety of interceptors, in order to achieve security.
As its main filter:
WebAsyncManagerIntegrationFilter: The context with a Security Spring Web WebAsyncManager for processing asynchronous requests map integration.
SecurityContextPersistenceFilter
HeaderWriterFilter
CorsFilter
LogoutFilter
RequestCacheAwareFilter
SecurityContextHolderAwareRequestFilter
AnonymousAuthenticationFilter
SessionManagementFilter
ExceptionTranslationFilter
FilterSecurityInterceptor
UsernamePasswordAuthenticationFilter
BasicAuthenticationFilter
3, the frame core components:
SecurityContextHolder: Provides access to the SecurityContext
SecurityContext ,: hold Authentication objects and other information that may be required
AuthenticationManager which may contain multiple AuthenticationProvider
ProviderManager object is a class that implements the interface AuthenticationManager
AuthenticationProvider mainly used for authentication operations like calling authenticate them () approach to authentication operation
authentication: authentication subject Spring Security approach
GrantedAuthority: authorization application level authentication scheme, authority information containing current user, usually the role represented
UserDetails: to build an authentication object information necessary, you can customize it may be necessary access DB obtained
UserDetailsService: Construction UserDetails object by username, by obtaining UserDetail object based userName loadUserByUsername (can be implemented based on their business customize herein, such as by a database, xml, etc. acquired cache)
4, springSecurity works:
This blog has put a very fine: https://blog.csdn.net/u012702547/article/details/89629415