zoukankan      html  css  js  c++  java

  • springsecurity入门

    SpringSecurity

    https://docs.spring.io/spring-security/site/docs/current/reference/html5/#prerequisites

    概念

    Spring Security is a framework that provides authentication, authorization, and protection against common attacks. With first class support for both imperative and reactive applications, it is the de-facto standard for securing Spring-based applications.

    Spring Security 是一个提供身份验证、授权和针对常见攻击的保护的框架。凭借对命令式和反应式应用程序的一流支持,它是基于 保护Spring 的应用程序为标准。

    它的核心是一组过滤器链,不同的功能经由不同的过滤器

      org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter //异步方式
  org.springframework.security.web.context.SecurityContextPersistenceFilter //同步方式
  org.springframework.security.web.header.HeaderWriterFilter // 给http响应头(Header)对象添加一些属性,比如X-Frame-Options,X-XSS-Protection*,X-Content-Type-Options。
  org.springframework.security.web.csrf.CsrfFilter //默认开启,用于防止csrf攻击的过滤器
  org.springframework.security.web.authentication.logout.LogoutFilter //处理注销的过滤器
  org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter //对登录post请求中的用户名和密码的校验
 //如果没有配置/login及login page, 系统则会自动配置这两个Filter。
  org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter 
  org.springframework.security.web.authentication.ui.DefaultLogoutPageGeneratingFilter
  
  org.springframework.security.web.authentication.www.BasicAuthenticationFilter
  org.springframework.security.web.savedrequest.RequestCacheAwareFilter //内部维护了一个RequestCache,用于缓存request请求
  org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter //对ServletRequest进行了一次包装,使得request具有更加丰富的API
  org.springframework.security.web.authentication.AnonymousAuthenticationFilter //匿名身份过滤器
  org.springframework.security.web.session.SessionManagementFilter //和session相关的过滤器
  org.springframework.security.web.access.ExceptionTranslationFilter //异常转换过滤器
  org.springframework.security.web.access.intercept.FilterSecurityInterceptor //决定访问特定路径应该具备的权限

    入门示例

    添加依赖

        <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-security</artifactId>
    </dependency>

    编写Controller

    @RestController
public class TestController {

    @GetMapping("/test")
    public String test(){

        return "Hello Security";
    }
}
    View Code

    访问地址:http://localhost:8080/test

     

    security有固定的用户名:User

    生成临时密码:
  • 相关阅读:
    定时任务
    heat创建stack失败
    python-ceilometerclient命令行(终结)
    python-ceilometerclient命令行(2)
    python-ceilometerclient命令行(1)
    类属性与对象实现,init方法的作用,绑定方法,绑定方法与普通函数的区别,继承,抽象与继承,派生与覆盖
    XML模块,面向对象思想与类的定义
    configparser模块 subprocess 模块,xlrd 模块(表格处理)
    re 正则匹配的非贪婪匹配
    login 模块,re 模块
  • 原文地址:https://www.cnblogs.com/WarBlog/p/15128700.html
Copyright © 2011-2022 走看看