Quality attributes and tactical - Safety

　　Security tactics website divided into: resistance to attack and related tactics, attack detection and related tactics and recover from attacks related tactics.

　　Resist attack

　　Verify the user's identity. Simple user login can be added.

　　Modification of the original project using spring security as the authentication and permissions granted SpringBoot plug.

　　Added in pom.xml

<dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-security</artifactId>
</dependency>

　　Wait idea automatically add plug-ins.

　　Because SpringBoot After completing installation accessories has been completed simple configuration, so at present it has completed a simple authentication is configured, but are all the current default configuration.

　　The default login screen -

 

 　　After login with the default password to enter the normal site.

 

　　The user is authorized.

　　Configuration can be done the following access permissions assigned to the site

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.password.PasswordEncoder;

@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
  //配置URL权限过滤规则，登录页等等
   @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
                .authorizeRequests()
                .antMatchers("/admin//**").hasRole("ADMIN")
                .antMatchers("/index//**").hasAnyRole("ADMIN")
                .antMatchers("/index").hasAnyRole("ADMIN")
                .antMatchers("/static_rbg*//**").permitAll()
                .antMatchers("/ricky*//**").permitAll()
                .anyRequest().authenticated()
                .and()
                .formLogin()
                .loginPage("/login")
                .loginProcessingUrl("/ricky-login")
                .defaultSuccessUrl("/index")
                .successForwardUrl ( "/ index") 
                . .usernameParameter ( "username") passwordParameter ( "password") 
                .permitAll () 
                .. .AND () CSRF () disable (); 
    } 
    @Autowired 
    Private CustomUserService myAppUserDetailsService; // verify MyBatis class 
    @Autowired 
    public void configureGlobal (AuthenticationManagerBuilder the auth) throws Exception { 
        // injection mybatis query class and a cryptographic checksum based 
        auth.userDetailsService (myAppUserDetailsService) 
        .passwordEncoder (PasswordEncoder ()); 
    } 
    / ** 
    password validation rule 
    * / 
    @Bean ( name = "passwordEncoder") 
    public PasswordEncoder The PasswordEncoder () { 
        return new new MyPasswordEncoder () ; 
    } 
}

　　Restrict access.

　　The deployment project to the cloud using the cloud server firewall port isolation.

　　

 

 　　 Detect attacks.

　　Provided by the cloud.