spring-security

码农世界 2024-05-27 后端 84 次浏览 0个评论

Spring Security概念

Spring Security是Spring采用 `AOP`思想，基于 `servlet过滤器`实现的安全框架。它提供了完善的认证机制和方法级的授权功能。是一款非常优秀的权限管理框架。

Spring Security是一个功能强大且高度可定制的身份验证和访问控制框架。它是用于保护基于Spring的应用程序的事实上的标准。

Spring Security是一个框架，致力于为Java应用程序提供身份验证和授权。像所有Spring项目一样，Spring Security的真正强大之处在于它可以轻松扩展以满足定制需求的能力。

快速入门案例

jdk版本我们可以后续修改，选择下一步

下一步选择保存地址后便会自动创建项目。

创建项目后，如果maven下载不成功，我们可以修改一下相关版本，比如


    org.springframework.boot
    spring-boot-starter-parent
    2.1.13.RELEASE
    


    1.8

下面是一个简单的启动类和接入点

@SpringBootApplication
@RestController
public class DemoApplication {
    public static void main(String[] args) {
        SpringApplication.run(DemoApplication.class, args);
    }
    @GetMapping("/hello")
    public String hello(@RequestParam(value = "name", defaultValue = "World") String name) {
        return String.format("Hello %s!", name);
    }
}

运行main方法后，控制台会输出登录的初始密码

"C:\Program Files\Java\jdk1.8.0_202\bin\java.exe" -XX:TieredStopAtLevel=1 -noverify -Dspring.output.ansi.enabled=always -Dcom.sun.management.jmxremote -Dspring.jmx.enabled=true -Dspring.liveBeansView.mbeanDomain -Dspring.application.admin.enabled=true -javaagent:D:\yzm\soft\ideaIU-2019.2.3.win\lib\idea_rt.jar=13822:D:\yzm\soft\ideaIU-2019.2.3.win\bin -Dfile.encoding=UTF-8 -classpath "C:\Program Files\Java\jdk1.8.0_202\jre\lib\charsets.jar;C:\Program Files\Java\jdk1.8.0_202\jre\lib\deploy.jar;C:\Program Files\Java\jdk1.8.0_202\jre\lib\ext\access-bridge-64.jar;C:\Program Files\Java\jdk1.8.0_202\jre\lib\ext\cldrdata.jar;C:\Program Files\Java\jdk1.8.0_202\jre\lib\ext\dnsns.jar;C:\Program Files\Java\jdk1.8.0_202\jre\lib\ext\jaccess.jar;C:\Program Files\Java\jdk1.8.0_202\jre\lib\ext\jfxrt.jar;C:\Program Files\Java\jdk1.8.0_202\jre\lib\ext\localedata.jar;C:\Program Files\Java\jdk1.8.0_202\jre\lib\ext\nashorn.jar;C:\Program Files\Java\jdk1.8.0_202\jre\lib\ext\sunec.jar;C:\Program Files\Java\jdk1.8.0_202\jre\lib\ext\sunjce_provider.jar;C:\Program Files\Java\jdk1.8.0_202\jre\lib\ext\sunmscapi.jar;C:\Program Files\Java\jdk1.8.0_202\jre\lib\ext\sunpkcs11.jar;C:\Program Files\Java\jdk1.8.0_202\jre\lib\ext\zipfs.jar;C:\Program Files\Java\jdk1.8.0_202\jre\lib\javaws.jar;C:\Program Files\Java\jdk1.8.0_202\jre\lib\jce.jar;C:\Program Files\Java\jdk1.8.0_202\jre\lib\jfr.jar;C:\Program Files\Java\jdk1.8.0_202\jre\lib\jfxswt.jar;C:\Program Files\Java\jdk1.8.0_202\jre\lib\jsse.jar;C:\Program Files\Java\jdk1.8.0_202\jre\lib\management-agent.jar;C:\Program Files\Java\jdk1.8.0_202\jre\lib\plugin.jar;C:\Program Files\Java\jdk1.8.0_202\jre\lib\resources.jar;C:\Program Files\Java\jdk1.8.0_202\jre\lib\rt.jar;D:\yzm\soft\workspace-idea\demo-spring-security\target\classes;D:\maven\repo\org\springframework\boot\spring-boot-starter-security\2.1.13.RELEASE\spring-boot-starter-security-2.1.13.RELEASE.jar;D:\maven\repo\org\springframework\boot\spring-boot-starter\2.1.13.RELEASE\spring-boot-starter-2.1.13.RELEASE.jar;D:\maven\repo\org\springframework\boot\spring-boot\2.1.13.RELEASE\spring-boot-2.1.13.RELEASE.jar;D:\maven\repo\org\springframework\boot\spring-boot-autoconfigure\2.1.13.RELEASE\spring-boot-autoconfigure-2.1.13.RELEASE.jar;D:\maven\repo\org\springframework\boot\spring-boot-starter-logging\2.1.13.RELEASE\spring-boot-starter-logging-2.1.13.RELEASE.jar;D:\maven\repo\ch\qos\logback\logback-classic\1.2.3\logback-classic-1.2.3.jar;D:\maven\repo\ch\qos\logback\logback-core\1.2.3\logback-core-1.2.3.jar;D:\maven\repo\org\apache\logging\log4j\log4j-to-slf4j\2.11.2\log4j-to-slf4j-2.11.2.jar;D:\maven\repo\org\apache\logging\log4j\log4j-api\2.11.2\log4j-api-2.11.2.jar;D:\maven\repo\org\slf4j\jul-to-slf4j\1.7.30\jul-to-slf4j-1.7.30.jar;D:\maven\repo\javax\annotation\javax.annotation-api\1.3.2\javax.annotation-api-1.3.2.jar;D:\maven\repo\org\yaml\snakeyaml\1.23\snakeyaml-1.23.jar;D:\maven\repo\org\springframework\spring-aop\5.1.14.RELEASE\spring-aop-5.1.14.RELEASE.jar;D:\maven\repo\org\springframework\spring-beans\5.1.14.RELEASE\spring-beans-5.1.14.RELEASE.jar;D:\maven\repo\org\springframework\security\spring-security-config\5.1.8.RELEASE\spring-security-config-5.1.8.RELEASE.jar;D:\maven\repo\org\springframework\spring-context\5.1.14.RELEASE\spring-context-5.1.14.RELEASE.jar;D:\maven\repo\org\springframework\security\spring-security-web\5.1.8.RELEASE\spring-security-web-5.1.8.RELEASE.jar;D:\maven\repo\org\springframework\spring-expression\5.1.14.RELEASE\spring-expression-5.1.14.RELEASE.jar;D:\maven\repo\org\springframework\boot\spring-boot-starter-web\2.1.13.RELEASE\spring-boot-starter-web-2.1.13.RELEASE.jar;D:\maven\repo\org\springframework\boot\spring-boot-starter-json\2.1.13.RELEASE\spring-boot-starter-json-2.1.13.RELEASE.jar;D:\maven\repo\com\fasterxml\jackson\core\jackson-databind\2.9.10.3\jackson-databind-2.9.10.3.jar;D:\maven\repo\com\fasterxml\jackson\core\jackson-annotations\2.9.10\jackson-annotations-2.9.10.jar;D:\maven\repo\com\fasterxml\jackson\core\jackson-core\2.9.10\jackson-core-2.9.10.jar;D:\maven\repo\com\fasterxml\jackson\datatype\jackson-datatype-jdk8\2.9.10\jackson-datatype-jdk8-2.9.10.jar;D:\maven\repo\com\fasterxml\jackson\datatype\jackson-datatype-jsr310\2.9.10\jackson-datatype-jsr310-2.9.10.jar;D:\maven\repo\com\fasterxml\jackson\module\jackson-module-parameter-names\2.9.10\jackson-module-parameter-names-2.9.10.jar;D:\maven\repo\org\springframework\boot\spring-boot-starter-tomcat\2.1.13.RELEASE\spring-boot-starter-tomcat-2.1.13.RELEASE.jar;D:\maven\repo\org\apache\tomcat\embed\tomcat-embed-core\9.0.31\tomcat-embed-core-9.0.31.jar;D:\maven\repo\org\apache\tomcat\embed\tomcat-embed-el\9.0.31\tomcat-embed-el-9.0.31.jar;D:\maven\repo\org\apache\tomcat\embed\tomcat-embed-websocket\9.0.31\tomcat-embed-websocket-9.0.31.jar;D:\maven\repo\org\hibernate\validator\hibernate-validator\6.0.18.Final\hibernate-validator-6.0.18.Final.jar;D:\maven\repo\javax\validation\validation-api\2.0.1.Final\validation-api-2.0.1.Final.jar;D:\maven\repo\org\jboss\logging\jboss-logging\3.3.3.Final\jboss-logging-3.3.3.Final.jar;D:\maven\repo\com\fasterxml\classmate\1.4.0\classmate-1.4.0.jar;D:\maven\repo\org\springframework\spring-web\5.1.14.RELEASE\spring-web-5.1.14.RELEASE.jar;D:\maven\repo\org\springframework\spring-webmvc\5.1.14.RELEASE\spring-webmvc-5.1.14.RELEASE.jar;D:\maven\repo\org\slf4j\slf4j-api\1.7.30\slf4j-api-1.7.30.jar;D:\maven\repo\org\springframework\spring-core\5.1.14.RELEASE\spring-core-5.1.14.RELEASE.jar;D:\maven\repo\org\springframework\spring-jcl\5.1.14.RELEASE\spring-jcl-5.1.14.RELEASE.jar;D:\maven\repo\org\springframework\security\spring-security-core\5.1.8.RELEASE\spring-security-core-5.1.8.RELEASE.jar" com.example.demo.DemoApplication
  .   ____          _            __ _ _
 /\\ / ___'_ __ _ _(_)_ __  __ _ \ \ \ \
( ( )\___ | '_ | '_| | '_ \/ _` | \ \ \ \
 \\/  ___)| |_)| | | | | || (_| |  ) ) ) )
  '  |____| .__|_| |_|_| |_\__, | / / / /
 =========|_|==============|___/=/_/_/_/
 :: Spring Boot ::       (v2.1.13.RELEASE)
2024-02-25 23:08:40.307  INFO 6940 --- [           main] com.example.demo.DemoApplication         : Starting DemoApplication on 王小荣 with PID 6940 (D:\yzm\soft\workspace-idea\demo-spring-security\target\classes started by 45188 in D:\yzm\soft\workspace-idea\demo-spring-security)
2024-02-25 23:08:40.309  INFO 6940 --- [           main] com.example.demo.DemoApplication         : No active profile set, falling back to default profiles: default
2024-02-25 23:08:40.908  INFO 6940 --- [           main] o.s.b.w.embedded.tomcat.TomcatWebServer  : Tomcat initialized with port(s): 8080 (http)
2024-02-25 23:08:40.923  INFO 6940 --- [           main] o.apache.catalina.core.StandardService   : Starting service [Tomcat]
2024-02-25 23:08:40.923  INFO 6940 --- [           main] org.apache.catalina.core.StandardEngine  : Starting Servlet engine: [Apache Tomcat/9.0.31]
2024-02-25 23:08:41.007  INFO 6940 --- [           main] o.a.c.c.C.[Tomcat].[localhost].[/]       : Initializing Spring embedded WebApplicationContext
2024-02-25 23:08:41.007  INFO 6940 --- [           main] o.s.web.context.ContextLoader            : Root WebApplicationContext: initialization completed in 674 ms
2024-02-25 23:08:41.134  INFO 6940 --- [           main] o.s.s.concurrent.ThreadPoolTaskExecutor  : Initializing ExecutorService 'applicationTaskExecutor'
2024-02-25 23:08:41.249  INFO 6940 --- [           main] .s.s.UserDetailsServiceAutoConfiguration : 
Using generated security password: f4eb9662-ce1a-480a-aeab-4029f554e42f
2024-02-25 23:08:41.299  INFO 6940 --- [           main] o.s.s.web.DefaultSecurityFilterChain     : Creating filter chain: any request, [org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@56781d96, org.springframework.security.web.context.SecurityContextPersistenceFilter@31ff1390, org.springframework.security.web.header.HeaderWriterFilter@1d01dfa5, org.springframework.security.web.csrf.CsrfFilter@23eee4b8, org.springframework.security.web.authentication.logout.LogoutFilter@53667cbe, org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter@272a179c, org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter@6b410923, org.springframework.security.web.authentication.ui.DefaultLogoutPageGeneratingFilter@5173200b, org.springframework.security.web.authentication.www.BasicAuthenticationFilter@a619c2, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@781a9412, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@60f2e0bd, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@25c5e994, org.springframework.security.web.session.SessionManagementFilter@d400943, org.springframework.security.web.access.ExceptionTranslationFilter@73d69c0f, org.springframework.security.web.access.intercept.FilterSecurityInterceptor@69eb86b4]
2024-02-25 23:08:41.339  INFO 6940 --- [           main] o.s.b.w.embedded.tomcat.TomcatWebServer  : Tomcat started on port(s): 8080 (http) with context path ''
2024-02-25 23:08:41.341  INFO 6940 --- [           main] com.example.demo.DemoApplication         : Started DemoApplication in 1.255 seconds (JVM running for 1.878)
2024-02-25 23:08:59.036  INFO 6940 --- [nio-8080-exec-1] o.a.c.c.C.[Tomcat].[localhost].[/]       : Initializing Spring DispatcherServlet 'dispatcherServlet'
2024-02-25 23:08:59.037  INFO 6940 --- [nio-8080-exec-1] o.s.web.servlet.DispatcherServlet        : Initializing Servlet 'dispatcherServlet'
2024-02-25 23:08:59.044  INFO 6940 --- [nio-8080-exec-1] o.s.web.servlet.DispatcherServlet        : Completed initialization in 7 ms

现在，你可以试着点击一个端点，看看会发生什么。如果你没有凭证的情况下请求一个端点，像这样：

$ curl -i http://localhost:8080/some/path
HTTP/1.1 401
...

那么 Spring Security 就会以 401 Unauthorized 拒绝访问。

如果你在浏览器中访问这个URL，它将重定向到一个默认的登录页面。

而如果你带有凭证请求一个端点（凭证可以在控制台输出中发现），如下：

$ curl -i -u user:f4eb9662-ce1a-480a-aeab-4029f554e42f http://localhost:8080/some/path
HTTP/1.1 404
...

那么 Spring Boot 将为该请求提供服务，在这种情况下返回 404 Not Found，因为 /some/path 不存在。

如果我们访问正常的url，如下成功完成认证并返回结果

curl -i -u user:f4eb9662-ce1a-480a-aeab-4029f554e42f http://localhost:8080/hello
HTTP/1.1 200
...
Hello World!

认证

我们可以通过官网的例子来看下，表单登录的流程。

表单登录（Form Login） :: Spring Security Reference

授权

以下是官方对http授权的相关介绍

授权 HttpServletRequest :: Spring Security Reference

后续我会按图索骥，看下如何实现自定义的认证和授权方法

转载请注明来自码农世界，本文标题：《spring-security》

码农世界 37815篇文章站点微博

每一天，每一秒，你所做的决定都会改变你的人生！

发表评论取消回复

评论列表（暂无评论，84人围观）参与讨论

码农世界管理员

spring-security

Spring Security概念

快速入门案例

认证

授权

发表评论取消回复

还没有评论，来说两句吧...

文章目录

码农世界管理员

spring-security

Spring Security概念

快速入门案例

认证

授权

Visual Studio 连接 MySQL 数据库 实现数据库的读写（C++）

[工业自动化-1]：PLC架构与工作原理

网络编程（六）TCP并发服务器

Vue3、Element Plus使用v-for循环el-form表单进行校验

Ceph: vdbench 测试ceph存储rbd块设备

linux如何部署前端项目和安装nginx

Windows OpenVPN的安装之服务器自动启动连接

服务器数据恢复—KVM虚拟机被误删除如何恢复虚拟磁盘文件？

发表评论取消回复

还没有评论，来说两句吧...

文章目录

Visual Studio 连接 MySQL 数据库实现数据库的读写（C++）