SpringSecurity
https://docs.spring.io/spring-security/site/docs/current/reference/html5/#prerequisites
概念
Spring Security is a framework that provides authentication, authorization, and protection against common attacks. With first class support for both imperative and reactive applications, it is the de-facto standard for securing Spring-based applications.
Spring Security 是一个提供身份验证、授权和针对常见攻击的保护的框架。凭借对命令式和反应式应用程序的一流支持,它是基于 保护Spring 的应用程序为标准。
它的核心是一组过滤器链,不同的功能经由不同的过滤器
org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter //异步方式 org.springframework.security.web.context.SecurityContextPersistenceFilter //同步方式 org.springframework.security.web.header.HeaderWriterFilter // 给http响应头(Header)对象添加一些属性,比如X-Frame-Options,X-XSS-Protection*,X-Content-Type-Options。 org.springframework.security.web.csrf.CsrfFilter //默认开启,用于防止csrf攻击的过滤器 org.springframework.security.web.authentication.logout.LogoutFilter //处理注销的过滤器 org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter //对登录post请求中的用户名和密码的校验 //如果没有配置/login及login page, 系统则会自动配置这两个Filter。 org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter org.springframework.security.web.authentication.ui.DefaultLogoutPageGeneratingFilter org.springframework.security.web.authentication.www.BasicAuthenticationFilter org.springframework.security.web.savedrequest.RequestCacheAwareFilter //内部维护了一个RequestCache,用于缓存request请求 org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter //对ServletRequest进行了一次包装,使得request具有更加丰富的API org.springframework.security.web.authentication.AnonymousAuthenticationFilter //匿名身份过滤器 org.springframework.security.web.session.SessionManagementFilter //和session相关的过滤器 org.springframework.security.web.access.ExceptionTranslationFilter //异常转换过滤器 org.springframework.security.web.access.intercept.FilterSecurityInterceptor //决定访问特定路径应该具备的权限
入门示例
添加依赖
<dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-security</artifactId> </dependency>
编写Controller
@RestController public class TestController { @GetMapping("/test") public String test(){ return "Hello Security"; } }
访问地址:http://localhost:8080/test
security有固定的用户名:User
生成临时密码: