`

Spring Security的filter配置及说明

阅读更多

以前在PA关注过用户登录授权的过程,看过JAAS的规范,看过WEBLOGIC的实现代码,看过Spring Security的源代码,这么久都忘了。。现在开始,把以前丢掉的技术日记能记得记下来,以后也开始写日记了~~:)

 

----

 

验证

使用 opends ldap 数据库,(运行的脚本在该目录的 ldap.ldif 下)

上下文参数:

http://localhost:389

o=company.com.cn

cn=orcladmin

pwd: hhxxttxs

 



 

创建 ou 用的 opends 的图形工具创建, groups 下面的条目用 ldif 导入创建的, ldif 如下:

dn:cn=staffRole,ou=groups,o= company.com.cn

objectClass:groupOfUniqueNames

cn:staffRole

uniquemember:uid=zhuoyueping790,ou=staff,ou=people,o= company.com.cn

 

dn:cn=clientRole,ou=groups,o= company.com.cn

objectClass:groupOfUniqueNames

cn:clientRole

uniquemember:uid=chenshengli532,ou=client,ou=people,o= company.com.cn

staffRole 角色的用户可以访问 /staff.* 资源;

clientRole 角色的用户可以访问 /client.* 资源

 

例子中所有密码均为: hhxxttxs

所有标有页数的地方为《敏捷 Acegi CAS ——构建安全的 java 系统》的页码。

红色 表示待解决的问题,蓝色 表示有特别说明或者代码解释的语句。

该项目的全部文件(包括 jar 包,在该目录下的 ss 目录中)

斜体 bena 的名字 表示即将要解释的调用的 bean.

web.xml

<?xml version="1.0" encoding="UTF-8"?>

<web-app version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee"

    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

    xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee

    http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">

 

    <display-name>Contacts Sample Application</display-name>

    <context-param>

        <param-name>contextConfigLocation</param-name>

        <param-value>/WEB-INF/applicationContextsecurity.xml </param-value>

    </context-param>

    <!-- /WEB-INF/applicationContext*.xml 加了* ,报错listener-->

    <listener>

       <listener-class>

           org.springframework.web.context.ContextLoaderListener 1

       </listener-class>

    </listener>  

    <filter>

       <filter-name>springSecurityFilterChain</filter-name>

       <filter-class>

           org.springframework.security.util.FilterToBeanProxy 2

       </filter-class>

       <init-param>

           <param-name>targetBean</param-name>

           <param-value>filterChainProxy </param-value>

       </init-param>

    </filter>

 

    <filter-mapping>

        <filter-name>springSecurityFilterChain</filter-name>

        <url-pattern>/*</url-pattern>

    </filter-mapping>

 

    <filter-mapping>

        <filter-name>springSecurityFilterChain</filter-name>

        <url-pattern>/j_spring_security_check</url-pattern>

    </filter-mapping>

    <welcome-file-list>

        <welcome-file>index.jsp</welcome-file>

    </welcome-file-list>

 

</web-app>

1 》:org.springframework.web.context.ContextLoaderListener

( 该类在 spring-web.jar 包中, )

2 》:org.springframework.util.FilterToBeanProxy: 如果配置了targetBeantargetClass, 优先调用targetHean. 推荐使用targetHean 的方式。

通过调用FilterToBeanProxyinit ()方法启动过滤器链工作。

( org.springframework.security.* 的类都 spring-security-core.jar 包中, )

 

public class FilterToBeanProxy implements Filter{

public void init(FilterConfig filterConfig) throws ServletException {

    this.filterConfig = filterConfig;

    String strategy = filterConfig.getInitParameter("init");

    if ((strategy != null) && (strategy.toLowerCase().equals("lazy"))) {

      return;

   }

    doInit();

  }

}

public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)

   throws IOException, ServletException

  {

     if (!(this.initialized)) {

       doInit();

     }

}

 

private synchronized void doInit() throws ServletException {

//…

    String targetBean = this.filterConfig.getInitParameter("targetBean");

// 关于 lifecircle 部分,先放在这里以后补充   

String lifecycle = this.filterConfig.getInitParameter("lifecycle");

    if ("servlet-container-managed".equals(lifecycle)) {

      this.servletContainerManaged = true;

    }

    ApplicationContext ctx = getContext(this.filterConfig);

String beanName = null;

 

   if ((targetBean != null) && (ctx.containsBean(targetBean))) {

      beanName = targetBean;

    }

  else

  {

       Class targetClass;

      if (targetBean != null) {

       throw new ServletException("targetBean '" + targetBean + "' not found in context");

      }

      String targetClassString = this.filterConfig.getInitParameter("targetClass");

//…      

targetClass= Thread.currentThread().getContextClassLoader().loadClass(targetClassString);

//..

     this.initialized = true;

// 得到代理类,代理类必须是 filter 类,调用代理类的 init ()

Object object = ctx.getBean(beanName);

if (!(object instanceof Filter)) {

      throw new ServletException("Bean '" + beanName + "' does not implement javax.servlet.Filter");

     }

     this.delegate = ((Filter)object);

   if (this.servletContainerManaged) {

 

// 启动代理 filter init 方法

     this.delegate.init(this.filterConfig);

     }

  }

 

 

/WEB-INF/applicationContextsecurity.xml

配置 bean filterChainProxy

<bean id="filterChainProxy"

        class="org.springframework.security.util.FilterChainProxy "> 3

        <property name="filterInvocationDefinitionSource "> 4

            <value>

                PATTERN_TYPE_APACHE_ANT     /**=httpSessionContextIntegrationFilter,authenticationProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor

            </value>

        </property>

</bean>

4 》给该参数配置过滤器链。

3org.springframework.security.util.FilterChainProxy

/** 表示要过该链的urlall

public class FilterChainProxy   implements Filter, InitializingBean, ApplicationContextAware{

public void init (FilterConfig filterConfig) throws ServletException

  {

   Filter[] filters = obtainAllDefinedFilters();

    for (int i = 0; i < filters.length; ++i)

            filters[i].init(filterConfig);// 依次调用每个 filter 的过滤器链

      }

  }

}

//destroy 也相同,调用每个 filter destroy

 

public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)

    throws IOException, ServletException

   {

   FilterInvocation fi = new FilterInvocation(request, response, chain);

    List filters = getFilters(fi.getRequestUrl());

    if ((filters == null) || (filters.size() == 0)) {

        chain.doFilter(request, response);

      return;

}

virtualFilterChain virtualFilterChain = new VirtualFilterChain(fi, filters, null);

virtualFilterChain.doFilter(fi.getRequest(), fi.getResponse());

}

}

 

下面依次是过滤器链中的过滤器。

 

配置 bean httpSessionContextIntegrationFilter

集成过滤器 P49, 如名字所示,将httpSessionsecurityContext 中的认证信息同步。

       <bean id="httpSessionContextIntegrationFilter"

       class="org.springframework.security.context.HttpSessionContextIntegrationFilter "> 5

              <property name="allowSessionCreation " value="false" /> 6

       </bean>

5 HttpSessionContextIntegrationFilter 继承 SpringSecurityFilter SpringSecurityFilter 实现了接口 filter ,在 SpringSecurityFilter 【附 1 】的 doFilter 方法中调用了 doFilterHttp ,子类在 doFilterHttp 中实现自己的逻辑,该过滤器应该放在所有过滤器之前。

6 allowSessionCreation 是否创建 HTTP session

public class HttpSessionContextIntegrationFilter extends SpringSecurityFilter

  implements InitializingBean{

public void doFilterHttp (HttpServletRequest request, HttpServletResponse response,

FilterChain chain){

public void doFilterHttp(HttpServletRequest request, HttpServletResponse response, FilterChain chain)   throws IOException, ServletException

{

// 进入该过滤器器,从 session 中取认证相关信息,放在 SecurityContext 中。

SecurityContext contextBeforeChainExecution = readSecurityContextFromSession(httpSession);

SecurityContextHolder.setContext(contextBeforeChainExecution);

 // 继续执行过滤器链,因此,该过滤器应该放在所有过滤器之前!

chain.doFilter(request, responseWrapper);

 

//…

// finally 中执行,退出出这个过滤器(也是该过滤器链执行完后)前执行。

// contextAfterChainExecution 存最新的 SecurityContext

SecurityContext contextAfterChainExecution = SecurityContextHolder.getContext();

 

SecurityContextHolder.clearContext();// 清除当前线程中的 SecurityContext 相关信息。

request.removeAttribute("__spring_security_session_integration_filter_applied");

// contextAfterChainExecution 修改过的 securitycontext 放在 HTTP session 对象中

if (!(responseWrapper.isSessionUpdateDone())) {

storeSecurityContextInSession(contextAfterChainExecution , request,

httpSessionExistedAtStartOfRequest,

contextHashBeforeChainExecution);

     }

}

}

 

 

 

配置 bean authenticationProcessingFilter

* 认证处理过滤器

       <bean id="authenticationProcessingFilter"

              class="org.springframework.security.ui.webapp.AuthenticationProcessingFilter">

              <property name="authenticationManager">

                     <ref bean="authenticationManager" />

              </property>

              <property name="authenticationFailureUrl">

                     <value>/login.jsp?login_error=1</value>

              </property>

              <property name="defaultTargetUrl">

                     <value>/</value>

              </property>

              <property name="filterProcessesUrl">

                     <value>/j_spring_security_check</value>

              </property>

       </bean>

<! org.springframework.security.ui.webapp.AuthenticationProcessingFilter

表示用表单认证的类;

authenticationFailureUrl: 认证失败跳转的 url

defaultTargetUrl :认证完成后,跳转回之前请求的页面,如果没有,到该 url

filterProcessesUrl :提交验证请求的 form 标签中 action 的地址

authenticationManager :处理得到的用户名和密码交给谁验证的问题 -->

 

       <bean id="authenticationManager "

              class="org.springframework.security.providers.ProviderManager">p50

              <property name="providers">

                     <list>

                            <ref local="ldapAuthenticationProvider " />

                     </list>

              </property>

       </bean>

 

<!

providers :可以指定多个 provider bean

  -->

 

<bean id="ldapAuthenticationProvider "

              class="org.springframework.security.providers.ldap.LdapAuthenticationProvider">

              <constructor-arg ref="bindAuthenticator " />

              <constructor-arg ref="defaultLdapAuthoritiesPopulator " />

</bean>

<!

org.springframework.security.providers.ldap.LdapAuthenticationProvider

指定该 bean 是去 ldap 认证。

<constructor-arg ref="bindAuthenticator " />: ldap 中哪里找用户

<constructor-arg ref="defaultLdapAuthoritiesPopulator " /> :用什么来查,在哪里查角色

  -->

<!-- 采用绑定的方式认证   -->

       <bean id="bindAuthenticator "

              class="org.springframework.security.providers.ldap.authenticator.BindAuthenticator">

              <constructor-arg ref="initialDirContextFactory " />

              <property name="userDnPatterns">

                     <list>

                            <value>uid={0},ou=users</value>

                     </list>

              </property>

              <property name="userDetailsMapper"

                     ref="ldapUserDetailsMapper ">

              </property>

       </bean>

<! initialDirContextFactory 有错,主要原因是包的依赖关系有问题,待解决。 -->

 

       <bean id="initialDirContextFactory "

              class="org.springframework.security.ldap.DefaultInitialDirContextFactory">

              <constructor-arg value="ldap://localhost:389/o= company.com.cn" />

              <property name="managerDn" value="cn=orcladmin,o= company.com.cn" />

              <property name="managerPassword" value="hhxxttxs" />

              <property name="useConnectionPool" value="true" />

              <property name="authenticationType" value="simple" />

              <property name="initialContextFactory"

                     value="com.sun.jndi.ldap.LdapCtxFactory" />

       </bean>

       <bean id="ldapUserDetailsMapper "

              class="org.springframework.security.userdetails.ldap.LdapUserDetailsMapper">

              <property name="convertToUpperCase" value="true" />

              <property name="passwordAttributeName" value="userPassword" />

              <property name="roleAttributes">p236 :将该参数的值作为 role ,如: ROLE_CN

                     <list>

                            <value>cn</value>

                     </list>

              </property>

              <property name="rolePrefix" value="ROLE_" />

       </bean>

       <!-- 采用密码比较的方式认证 -->

       <!-- 

              <bean id="passwordComparisonAuthenticator"           class="org.springframework.security.providers.ldap.authenticator.PasswordComparisonAuthenticator">

              <constructor-arg ref="initialDirContextFactory" />

              <property name="userDnPatterns">

              <list>

              <value>uid={0},ou=users</value>

              </list>

              </property>

              <property name="passwordAttributeName" value="userPassword" />

              </bean>

       -->

 

<!-- 采用密码比较的方式认证 -->

       <bean id="defaultLdapAuthoritiesPopulator "

       class="org.springframework.security.providers.ldap.populator.DefaultLdapAuthoritiesPopulator">

              <constructor-arg ref="initialDirContextFactory" />

              <constructor-arg value="ou=groups" />

              <property name="groupSearchFilter" value="(uniquemember={0})" />

              <property name="groupRoleAttribute" value="cn" />

              <property name="convertToUpperCase" value="true" />

              <property name="defaultRole" value="ROLE_DEFAULT" />

              <property name="searchSubtree" value="true" />

              <property name="rolePrefix" value="ROLE_" />

       </bean>

 

 

 

配置 bean exceptionTranslationFilter

异常处理器:处理认证和授权过程中的异常

       <bean id="exceptionTranslationFilter"

              class="org.springframework.security.ui.ExceptionTranslationFilter">

              <property name="authenticationEntryPoint">

                     <ref local="authenticationProcessingFilterEntryPoint " />

              </property>

       </bean>

<!—exceptionTranslationFilter   p173-->

 

       <bean id="authenticationProcessingFilterEntryPoint "

       class="org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint">

              <property name="loginFormUrl">

                     <value>/login.jsp</value>

              </property>

       </bean>

<!—AuthenticationProcessingFilterEntryPoint 继承自 AuthenticationEntryPoint p17

AuthenticationEntryPoint commence(ServletRequest request, ServletResponse response, AuthenticationException authException) 构造验证入口。

-->

 

 

 

配置 bean filterInvocationInterceptor

过滤安全拦截器:处理认证和授权过程中的异常

 

       <bean id="filterInvocationInterceptor"

              class="org.springframework.security.intercept.web.FilterSecurityInterceptor">

              <property name="authenticationManager">

                     <ref local="authenticationManager" />

              </property>

              <property name="accessDecisionManager">

                     <ref local="httpRequestAccessDecisionManager " />

              </property>

              <property name="objectDefinitionSource">

                     <value>

                            PATTERN_TYPE_APACHE_ANT /client/*=ROLE_CLIENTROLE

                            /staff/*=ROLE_staffRole

                     </value>

              </property>

       </bean>

 

       <bean id="httpRequestAccessDecisionManager "

              class="org.springframework.security.vote.AffirmativeBased">

              <property name="allowIfAllAbstainDecisions">

                     <value>false</value>

              </property>

              <property name="decisionVoters">

                     <list>

                            <ref bean="roleVoter " />

                     </list>

              </property>

       </bean>

 

 

       <bean id="roleVoter "

              class="org.springframework.security.vote.RoleVoter" />

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

附:一些类。

1

public abstract class SpringSecurityFilter implements Filter, Ordered

{

protected final Log logger;

  public SpringSecurityFilter()

   {

    this.logger = LogFactory.getLog(super.getClass());

   }

public final void init(FilterConfig filterConfig)

   throws ServletException

  {

  }

  public final void destroy()

  {

  }

   public final void doFilter (ServletRequest request, ServletResponse response, FilterChain chain)    throws IOException, ServletException

  {

   if (!(request instanceof HttpServletRequest)) {

      throw new ServletException("Can only process HttpServletRequest");

    }

    if (!(response instanceof HttpServletResponse)) {

      throw new ServletException("Can only process HttpServletResponse");

    }

   doFilterHttp ((HttpServletRequest)request, (HttpServletResponse)response, chain);

  }

  protected abstract void doFilterHttp (HttpServletRequest paramHttpServletRequest, HttpServletResponse paramHttpServletResponse, FilterChain paramFilterChain) throws IOException, ServletException;

  public String toString() {

    return super.getClass() + "[ order=" + super.getOrder() + "; ]";

  }

public abstract int getOrder();

}

 

 

 

/WEB-INF/applicationContextsecurity.xml

<?xml version="1.0" encoding="UTF-8"?>

<beans xmlns="http://www.springframework.org/schema/beans"

    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

    xmlns:aop="http://www.springframework.org/schema/aop"

    xmlns:context="http://www.springframework.org/schema/context"

    xmlns:jee="http://www.springframework.org/schema/jee"

    xmlns:jms="http://www.springframework.org/schema/jms"

    xmlns:p="http://www.springframework.org/schema/p"

    xmlns:tx="http://www.springframework.org/schema/tx"

    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd

        http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop.xsd

        http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd

        http://www.springframework.org/schema/jee http://www.springframework.org/schema/jee/spring-jee.xsd

        http://www.springframework.org/schema/jms http://www.springframework.org/schema/jms/spring-jms.xsd

        http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx.xsd">

 

    <!-- 集成过滤器 -->

    <bean id="httpSessionContextIntegrationFilter"

        class="org.springframework.security.context.HttpSessionContextIntegrationFilter">

        <property name="allowSessionCreation" value="false" />

    </bean>

 

 

    <! 下一个beaninitialDirContextFactory )有错,主要原因是包的依赖关系有问题,待解决。 -->

       

    <bean id="initialDirContextFactory "

        class="org.springframework.security.ldap.DefaultInitialDirContextFactory">

        <constructor-arg value="ldap://localhost:389/o= company .com.cn" />

        <property name="managerDn" value="cn=orcladmin,o= company .com.cn" />

        <property name="managerPassword" value="hhxxttxs" />

        <property name="useConnectionPool" value="true" />

        <property name="authenticationType" value="simple" />

        <property name="initialContextFactory"

            value="com.sun.jndi.ldap.LdapCtxFactory" />

    </bean>

 

    <!-- 采用绑定的方式认证  -->

    <bean id="ldapUserDetailsMapper"        class="org.springframework.security.userdetails.ldap.LdapUserDetailsMapper">

        <property name="convertToUpperCase" value="true" />

        <property name="passwordAttributeName" value="userPassword" />

        <property name="roleAttributes">

            <list>

                <value>cn</value>

            </list>

        </property>

        <property name="rolePrefix" value="ROLE_" />

    </bean>

   

    <bean id="bindAuthenticator"        class="org.springframework.security.providers.ldap.authenticator.BindAuthenticator">

        <constructor-arg ref="initialDirContextFactory" />

        <property name="userDnPatterns">

            <list>

                <value>uid={0},ou=users</value>

            </list>

        </property>

        <property name="userDetailsMapper"

            ref="ldapUserDetailsMapper">

        </property>

    </bean>

 

    <!-- 采用密码比较的方式认证 -->

    <!-- 

        <bean id="passwordComparisonAuthenticator"      class="org.springframework.security.providers.ldap.authenticator.PasswordComparisonAuthenticator">

        <constructor-arg ref="initialDirContextFactory" />

        <property name="userDnPatterns">

        <list>

        <value>uid={0},ou=users</value>

        </list>

        </property>

        <property name="passwordAttributeName" value="userPassword" />

        </bean>

    -->

 

    <bean id="ldapAuthenticationProvider"       class="org.springframework.security.providers.ldap.LdapAuthenticationProvider">

        <constructor-arg ref="bindAuthenticator" />

        <constructor-arg ref="defaultLdapAuthoritiesPopulator" />

    </bean>

 

    <bean id="authenticationManager"

        class="org.springframework.security.providers.ProviderManager">

        <property name="providers">

            <list>

                <ref local="ldapAuthenticationProvider" />

            </list>

        </property>

    </bean>

 

    <!-- 认证处理过滤器,用ldap provider 来认证(绑定方式) -->

    <bean id="authenticationProcessingFilter"       class="org.springframework.security.ui.webapp.AuthenticationProcessingFilter">

        <property name="authenticationManager">

            <ref bean="authenticationManager" />

        </property>

        <property name="authenticationFailureUrl">

            <value>/login.jsp?login_error=1</value>

        </property>

        <property name="defaultTargetUrl">

            <value>/</value>

        </property>

        <property name="filterProcessesUrl">

            <value>/j_spring_security_check</value>

        </property>

    </bean>

 

    <!-- 授权 -->

    <!-- 验证失败后,comce 方法-->

    <bean id="authenticationProcessingFilterEntryPoint"     class="org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint">

        <property name="loginFormUrl">

            <value>/login.jsp</value>

        </property>

    </bean>

 

    <!-- exceptionTranslationFilter 认证和授权过程的异常处理 -->

    <bean id="exceptionTranslationFilter"

        class="org.springframework.security.ui.ExceptionTranslationFilter">

        <property name="authenticationEntryPoint">

            <ref local="authenticationProcessingFilterEntryPoint" />

        </property>

    </bean>

 

    <bean id="defaultLdapAuthoritiesPopulator"      class="org.springframework.security.providers.ldap.populator.DefaultLdapAuthoritiesPopulator">

        <constructor-arg ref="initialDirContextFactory" />

        <constructor-arg value="ou=groups" />

        <property name="groupSearchFilter" value="(uniquemember={0})" />

        <property name="groupRoleAttribute" value="cn" />

        <property name="convertToUpperCase" value="true" />

        <property name="defaultRole" value="ROLE_DEFAULT" />

        <property name="searchSubtree" value="true" />

        <property name="rolePrefix" value="ROLE_" />

    </bean>

 

    <!-- 授权的策略 -->

 

    <bean id="roleVoter"

        class="org.springframework.security.vote.RoleVoter" />

 

    <bean id="httpRequestAccessDecisionManager"

        class="org.springframework.security.vote.AffirmativeBased">

        <property name="allowIfAllAbstainDecisions">

            <value>false</value>

        </property>

        <property name="decisionVoters">

            <list>

                <ref bean="roleVoter" />

            </list>

        </property>

    </bean>

 

    <bean id="filterInvocationInterceptor"

        class="org.springframework.security.intercept.web.FilterSecurityInterceptor">

        <property name="authenticationManager">

            <ref local="authenticationManager" />

        </property>

        <property name="accessDecisionManager">

            <ref local="httpRequestAccessDecisionManager" />

        </property>

        <property name="objectDefinitionSource">

            <value>

                PATTERN_TYPE_APACHE_ANT /client/*=ROLE_CLIENTROLE

                /staff/*=ROLE_staffRole

            </value>

        </property>

    </bean>

 

 

    <bean id="filterChainProxy"

        class="org.springframework.security.util.FilterChainProxy">

        <property name="filterInvocationDefinitionSource">

            <value>

                PATTERN_TYPE_APACHE_ANT

                /**=httpSessionContextIntegrationFilter,authenticationProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor

            </value>

        </property>

    </bean>

 

</beans>

 

分享到:
评论
1 楼 confident_f 2011-12-26  
你的生活很丰富呢,我想问一下,假如有两个不同的地址,对应的过滤器链也不一样,
就像这样吧。
  /b/**=httpSessionContextIntegrationFilter,authenticationProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor

另一个是
  /a/**=httpSessionContextIntegrationFilter,basicProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor
这样是不是我访问a
时登录了,再访问b还是需要再登录一遍?

相关推荐

    spring security 2 配置说明

    标题与描述均提到了“Spring Security 2 配置说明”,这表明文章旨在阐述Spring Security 2版本的配置细节,尤其是对于那些希望深入了解并正确应用该框架的安全特性开发者们。以下将基于给定的部分内容,深入解析...

    springsecurity使用配置详解

    在提供的压缩包`springsecurity配置demo`中,你将找到示例代码和详细说明,这将帮助你更好地理解和实践上述概念。通过学习和实践这些示例,你将能够为自己的Spring应用程序构建强大的安全防护。

    spring-security3 配置和使用

    Spring Security 3 配置和使用 Spring Security 是一个强大且灵活的安全框架,旨在保护基于 Java 的 Web 应用程序。Spring Security 3 是 Spring Security 框架的第三个主要版本,提供了许多新的功能和改进。下面...

    spring security 项目配置源码

    - **Filter Security Interceptor (FSI)**:Spring Security的核心组件之一,用于处理请求过滤,实现访问控制。 - **Access Decision Manager (ADM)**:决定用户是否有权限访问资源的组件。 - **...

    spring security 使用及配置

    Spring Security 使用及配置 Spring Security 是一个基于 Java 的安全框架,提供了丰富的安全功能,包括身份验证、授权、加密、会话管理等。下面将对 Spring Security 的使用及配置进行详细介绍。 身份验证 身份...

    spring security3配置和使用实例+教程

    教程文档`教你使用_SpringSecurity_3.0_52页.pdf`会详细指导你如何一步步配置和使用Spring Security。它应该包含了配置文件的示例、如何集成到Spring应用中、如何创建自定义认证逻辑以及如何进行授权设置等内容。...

    Spring Security 3.1.3配置实例

    Spring Security 是一个强大的且高度可定制的...总之,Spring Security 3.1.3配置实例提供了对用户认证、授权、安全控制的实践操作,通过理解并应用这些配置,开发者可以有效地保护自己的应用程序免受潜在的安全威胁。

    springsecurity学习笔记

    在"springsecurity学习笔记"中,你可能会涉及以下主题: - Spring Security的基本配置,包括web安全配置和全局安全配置。 - 如何自定义认证和授权流程,比如实现自定义的AuthenticationProvider和...

    SpringSecurity笔记,编程不良人笔记

    - **Filter Chain**: SpringSecurity通过一系列过滤器实现其安全功能,这些过滤器构成了Filter Chain。每个过滤器负责特定的安全任务,如认证、授权等。 - **Authentication**: 表示用户的身份信息,包括用户名、...

    spring cloud2.0 eureka server spring security配置

    在Spring Cloud 2.0版本中,Eureka Server的配置相比1.x版本确实有了一些显著的变化,尤其是在结合Spring Security进行安全设置时。Spring Cloud Eureka是Netflix Eureka的Spring Boot实现,它为微服务架构提供了...

    SpringSecurity学习总结源代码

    1. **Filter Security Interceptor**:这是SpringSecurity的主要过滤器,负责检查请求并决定是否允许访问。它会根据预定义的访问控制规则进行判断。 2. **Authentication Manager**:处理用户认证的组件,可以使用...

    狂神Spring Security静态资源

    在Spring Boot中,Spring Security 提供了简洁的API和自动化配置,使得开发者能够快速集成安全功能。在这个名为"狂神Spring Security静态资源"的资料中,我们可以期待学习到关于如何保护Web应用中的静态资源不被未经...

    spring_security 配置

    在本文中,我们将深入探讨Spring Security的核心配置及其相关知识点。 1. **Spring Security基本架构** Spring Security架构主要由以下组件构成: - **Filter Chain**:这是Spring Security的核心,一系列过滤器...

    Spring Cloud Gateway 整合 Spring Security 统一登录认证鉴权

    3. **定制Filter**:在Spring Cloud Gateway中,我们可以自定义WebFlux Filter,利用Spring Security提供的API进行认证和鉴权。这通常涉及到`@PreAuthorize`和`@Secured`等注解的使用,以控制对特定路由的访问权限。...

    springsecurity2 自定义filter实现

    本篇我们将深入探讨如何在Spring Security中自定义Filter,以及相关的知识点。 首先,我们需要了解Spring Security的Filter工作原理。Spring Security的过滤器链是由`DelegatingFilterProxy`管理的,它会委托给`...

    精彩:Spring Security 演讲PPT

    Spring Security 是一个功能强大的安全框架,可以为基于Java的应用程序提供认证(Authentication)、授权(Authorization)等功能,同时提供了丰富的配置选项来满足不同的应用场景需求。 #### 二、传统Web应用安全开发...

    Spring Security简易配置指南

    2. **配置Web容器**:在`web.xml`文件中,添加Spring Security的Filter声明。`DelegatingFilterProxy`是一个代理Filter,它将请求委托给Spring的应用上下文中的Bean。确保Spring Security的Filter排在其他Filter之前...

    spring security 官方文档

    6. **Web安全(Web Security)**:对于基于Servlet的应用,Spring Security通过Servlet Filter进行安全控制;对于响应式(Reactive)应用,它提供了WebFlux安全支持,利用Reactor库处理非阻塞的HTTP请求。 7. **API...

    spring security3配置

    &lt;beans:bean id="myAccessDecisionManagerBean" class="springSecurity.MyAccessDecisionManager"&gt; &lt;!-- 配置项 --&gt; &lt;!-- 安全元数据源 --&gt; &lt;beans:bean id="securityMetadataSource" class="springSecurity....

    spring-security 官方文档 中文版

    - **配置 web.xml**:需要在 web.xml 中配置 Spring Security 的 Filter,以便处理 HTTP 请求。 - **最小 &lt;http&gt; 配置**:使用 `&lt;http&gt;` 元素可以快速启用 Spring Security 的基本功能。 - **auto-config 包含了...

Global site tag (gtag.js) - Google Analytics