zoukankan      html  css  js  c++  java
  • Spring Security 验证流程

     Authentication in a Web Application

    Now let's explore the situation where you are using Spring Security in a web application (without web.xml security enabled). How is a user authenticated and the security context established?

    Consider a typical web application's authentication process:

    1. You visit the home page, and click on a link.

    2. A request goes to the server, and the server decides that you've asked for a protected resource.

    3. As you're not presently authenticated, the server sends back a response indicating that you must authenticate. The response will either be an HTTP response code, or a redirect to a particular web page.

    4. Depending on the authentication mechanism, your browser will either redirect to the specific web page so that you can fill out the form, or the browser will somehow retrieve your identity (via a BASIC authentication dialogue box, a cookie, a X.509 certificate etc.).

    5. The browser will send back a response to the server. This will either be an HTTP POST containing the contents of the form that you filled out, or an HTTP header containing your authentication details.

    6. Next the server will decide whether or not the presented credentials are valid. If they're valid, the next step will happen. If they're invalid, usually your browser will be asked to try again (so you return to step two above).

    7. The original request that you made to cause the authentication process will be retried. Hopefully you've authenticated with sufficient granted authorities to access the protected resource. If you have sufficient access, the request will be successful. Otherwise, you'll receive back an HTTP error code 403, which means "forbidden".

  • 相关阅读:
    Webbrowser 取消下载提示框
    The service ‘xxx’ configured for WCF is not registered with the Autofac container
    Code First 中的 TPH TPT TPC
    SQL Server 之 解锁
    导入 github 步骤
    初试 pyhton 简易采集
    js 一些小技巧
    linux 学习笔记
    lnmp 环境搭建后,pathinfo 模式支持的配制。
    windows 快捷键相关命令
  • 原文地址:https://www.cnblogs.com/lostpaddle/p/2833433.html
Copyright © 2011-2022 走看看