zoukankan      html  css  js  c++  java

  • springsecurity入门

    SpringSecurity

    https://docs.spring.io/spring-security/site/docs/current/reference/html5/#prerequisites

    概念

    Spring Security is a framework that provides authentication, authorization, and protection against common attacks. With first class support for both imperative and reactive applications, it is the de-facto standard for securing Spring-based applications.

    Spring Security 是一个提供身份验证、授权和针对常见攻击的保护的框架。凭借对命令式和反应式应用程序的一流支持,它是基于 保护Spring 的应用程序为标准。

    它的核心是一组过滤器链,不同的功能经由不同的过滤器

      org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter //异步方式
  org.springframework.security.web.context.SecurityContextPersistenceFilter //同步方式
  org.springframework.security.web.header.HeaderWriterFilter // 给http响应头(Header)对象添加一些属性,比如X-Frame-Options,X-XSS-Protection*,X-Content-Type-Options。
  org.springframework.security.web.csrf.CsrfFilter //默认开启,用于防止csrf攻击的过滤器
  org.springframework.security.web.authentication.logout.LogoutFilter //处理注销的过滤器
  org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter //对登录post请求中的用户名和密码的校验
 //如果没有配置/login及login page, 系统则会自动配置这两个Filter。
  org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter 
  org.springframework.security.web.authentication.ui.DefaultLogoutPageGeneratingFilter
  
  org.springframework.security.web.authentication.www.BasicAuthenticationFilter
  org.springframework.security.web.savedrequest.RequestCacheAwareFilter //内部维护了一个RequestCache,用于缓存request请求
  org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter //对ServletRequest进行了一次包装,使得request具有更加丰富的API
  org.springframework.security.web.authentication.AnonymousAuthenticationFilter //匿名身份过滤器
  org.springframework.security.web.session.SessionManagementFilter //和session相关的过滤器
  org.springframework.security.web.access.ExceptionTranslationFilter //异常转换过滤器
  org.springframework.security.web.access.intercept.FilterSecurityInterceptor //决定访问特定路径应该具备的权限

    入门示例

    添加依赖

        <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-security</artifactId>
    </dependency>

    编写Controller

    @RestController
public class TestController {

    @GetMapping("/test")
    public String test(){

        return "Hello Security";
    }
}
    View Code

    访问地址:http://localhost:8080/test

     

    security有固定的用户名:User

    生成临时密码:
  • 相关阅读:
    pip不是内部或外部命令也不是可运行的程序或批处理文件的问题
    动态规划 leetcode 343,279,91 & 639. Decode Ways,62,63,198
    动态规划 70.climbing Stairs ,120,64
    (双指针+链表) leetcode 19. Remove Nth Node from End of List,61. Rotate List,143. Reorder List,234. Palindrome Linked List
    建立链表的虚拟头结点 203 Remove Linked List Element,82,147,148,237
    链表 206 Reverse Linked List, 92,86, 328, 2, 445
    (数组,哈希表) 219.Contains Duplicate(2),217 Contain Duplicate, 220(3)
    重装系统
    java常用IO
    端口
  • 原文地址:https://www.cnblogs.com/WarBlog/p/15128700.html
Copyright © 2011-2022 走看看