springsecurity笔记

[dengdaiyemanren]

前言

介绍

"Authentication" is the process of establishing a principal is who they claim to be (a "principal" generally means a user, device or some other system which can perform an action in your application)."Authorization" refers to the process of deciding whether a principal is allowed to perform an action within your application.

支持认证标准

• HTTP

  • BASIC authentication headers (an IETF RFC-based standard)
• HTTP Digest authentication headers (an IETF RFC-based standard)
• HTTP X.509 client certificate exchange (an IETF RFC-based standard)
• LDAP (a very common approach to cross-platform authentication needs, especially in large environments)
• Form-based authentication (for simple user interface needs)
• OpenID authentication
• Authentication based on pre-established request headers (such as Computer Associates Siteminder)
• Jasig Central Authentication Service (otherwise known as CAS, which is a popular open source single sign-on system)
• Transparent authentication context propagation for Remote Method Invocation (RMI) and HttpInvoker (a Spring remoting protocol)
• Automatic "remember-me" authentication (so you can tick a box to avoid re-authentication for a predetermined period of time)
• Anonymous authentication (allowing every unauthenticated call to automatically assume a particular security identity)
• Run-as authentication (which is useful if one call should proceed with a different security identity)
• Java Authentication and Authorization Service (JAAS)
• Java EE container authentication (so you can still use Container Managed Authentication if desired) Kerberos
• Java Open Source Single Sign-On (JOSSO) *
• OpenNMS Network Management Platform *
• AppFuse *
• AndroMDA *
• Mule ESB *
• Direct Web Request (DWR) *
• Grails *
• Tapestry *
• JTrac *
• Jasypt *
• Roller *
• Elastic Path *
• Atlassian Crowd *
• Your own authentication systems (see below)

  支持的授权模式

  authorizing web requests, authorizing whether methods can be invoked and authorizing access to individual domain object instances.

基本的POM依赖

<dependencies>
<!-- ... other dependency elements ... -->
<dependency>
    <groupId>org.springframework.security</groupId>
    <artifactId>spring-security-web</artifactId>
    <version>4.2.1.RELEASE</version>
</dependency>
<dependency>
    <groupId>org.springframework.security</groupId>
    <artifactId>spring-security-config</artifactId>
    <version>4.2.1.RELEASE</version>
</dependency>
</dependencies>

java 配置化

[dengdaiyemanren]

体系和实现

[dengdaiyemanren]

测试

[dengdaiyemanren]

web应用安全

[dengdaiyemanren]

认证