`
gelongmei
  • 浏览: 211540 次
  • 性别: Icon_minigender_1
  • 来自: 深圳
文章分类
社区版块
存档分类
最新评论

spring security&oauth 路径草稿

阅读更多
http://spring-security-oauth.codehaus.org/schema/spring-security-oauth-3.0.xsd
http://www.springframework.org/schema/security/spring-security-3.1.xsd


//加载默认的类
AuthorizationServerBeanDefinitionParser

<sec:remember-me use-secure-cookie="true" />

此类为惯穿全文主类
org.springframework.security.web.context.HttpSessionSecurityContextRepository.SaveToSessionResponseWrapper
org.springframework.security.web.context.HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY
public static final String SPRING_SECURITY_CONTEXT_KEY = "SPRING_SECURITY_CONTEXT";
   
public final void sendRedirect(String location) throws IOException {
//表示每次重定向之前把认证过的信息存入session,以待下次使用
        doSaveContext();
        super.sendRedirect(location);
    }


spring security context上下文:
org.springframework.security.web.context.HttpSessionSecurityContextRepository
org.springframework.security.web.context.HttpRequestResponseHolder
org.springframework.security.web.context.NullSecurityContextRepository
org.springframework.security.web.context.SaveContextOnUpdateOrErrorResponseWrapper
org.springframework.security.web.context.SecurityContextPersistenceFilter
org.springframework.security.web.context.SecurityContextRepository

org.springframework.security.web.savedrequest.HttpSessionRequestCache
DefaultSavedRequest

org.springframework.security.web.context.SecurityContextPersistenceFilter(81-82)类使用下面一个类org.springframework.security.web.context.HttpSessionSecurityContextRepository重新把session load到 org.springframework.security.core.context.SecurityContext(SecurityContext contextBeforeChainExecution = repo.loadContext(holder);)


org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter
这个类是将SecurityContext从session中取到request中,满足 自动填充org.springframework.security.oauth2.provider.endpoint.AuthorizationEndpoint的传入方法:
@RequestMapping
public ModelAndView authorize(Map<String, Object> model,
@RequestParam(value = "response_type", required = false, defaultValue = "none") String responseType,
@RequestParam Map<String, String> requestParameters, SessionStatus sessionStatus, Principal principal) {

...
WebAppContext
SessionHandler
ServletHandler
com.XXX.spring.core.PrintRequestFilter
org.springframework.web.filter.DelegatingFilterProxy
org.springframework.web.filter.DelegatingFilterProxy
org.springframework.security.web.FilterChainProxy
org.springframework.security.web.context.SecurityContextPersistenceFilter
org.springframework.security.web.authentication.www.BasicAuthenticationFilter
org.springframework.security.oauth2.provider.client.ClientCredentialsTokenEndpointFilter
org.springframework.security.oauth2.provider.client.ClientCredentialsTokenEndpointFilter
org.springframework.security.authentication.ProviderManager

org.springframework.security.authentication.dao.DaoAuthenticationProvider@7878966d
org.springframework.security.oauth2.provider.client.ClientDetailsUserDetailsService@1e02437d

org.springframework.security.oauth2.provider.CompositeTokenGranter@53e7105f
[com.XXX.mplus.member.service.FlymeAuthenticationProvider@4f8befbb]

org.springframework.security.authentication.UsernamePasswordAuthenticationToken@91c76850

org.springframework.security.oauth2.provider.endpoint.TokenEndpoint
org.springframework.security.oauth2.provider.CompositeTokenGranter

org.springframework.security.authentication.DefaultAuthenticationEventPublisher@dcb9a59
org.springframework.security.authentication.event.AuthenticationSuccessEvent[source=org.springframework.security.authentication.UsernamePasswordAuthenticationToken@83a95e68: Principal: org.springframework.security.core.userdetails.User@7c56a1ac: Username: KzA76k3lBCYDqKTy6VYvb9WR6QSUWVGJ; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Not granted any authorities; Credentials: [PROTECTED]; Authenticated: true; Details: null; Not granted any authorities]

org.springframework.security.oauth2.provider.client.ClientCredentialsTokenEndpointFilter@2d511c93
org.springframework.security.authentication.ProviderManager@55d49663
com.XXX.mplus.grant.FlymePasswordTokenGranter@5a889cd6
org.springframework.security.authentication.ProviderManager@60813c84


org.springframework.beans.factory.support.ConstructorResolver
org.springframework.web.servlet.handler.MappedInterceptor#0


clientAuthenticationManager
org.springframework.security.authenticationManager
userAuthenticationManager
phoneAuthenticationManager
flymeAuthenticationManager
userIdAuthenticationManager
rememberMeAuthenticationManager
phonePasswordGranter

http配置
org.springframework.security.config.authentication.AuthenticationManagerFactoryBean

org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestWrapper
org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter
FilterComparator
...
        put(RequestCacheAwareFilter.class, order);
        order += STEP;
        put(SecurityContextHolderAwareRequestFilter.class, order);
        order += STEP;
        put(JaasApiIntegrationFilter.class, order);
...



org.springframework.security.oauth2.provider.client.ClientCredentialsTokenEndpointFilter

UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(clientId,
clientSecret);

return this.getAuthenticationManager().authenticate(authRequest);



org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter
        UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(username, password);

        // Allow subclasses to set the "details" property
        setDetails(request, authRequest);

        return this.getAuthenticationManager().authenticate(authRequest);
       
       
org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter
PreAuthenticatedAuthenticationToken authRequest = new PreAuthenticatedAuthenticationToken(principal, credentials);
            authRequest.setDetails(authenticationDetailsSource.buildDetails(request));
            authResult = authenticationManager.authenticate(authRequest);
           
           
com.XXX.mplus.grant.FlymePasswordTokenGranter
Authentication userAuth = new UsernamePasswordAuthenticationToken(
flyme, password);
try {
userAuth = authenticationManager.authenticate(userAuth);




spring web:
org.springframework.web.method.support.InvocableHandlerMethod


spring web 核心接口:
org.springframework.web.method.support.InvocableHandlerMethod.getMethodArgumentValues(NativeWebRequest, ModelAndViewContainer, Object...)
自动获取参数接口实现
org.springframework.web.servlet.mvc.method.annotation.ServletRequestMethodArgumentResolver.resolveArgument(MethodParameter, ModelAndViewContainer, NativeWebRequest, WebDataBinderFactory)
org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandleMethod(HttpServletRequest, HttpServletResponse, HandlerMethod)
org.springframework.web.servlet.mvc.method.annotation.ServletRequestMethodArgumentResolver.resolveArgument(MethodParameter, ModelAndViewContainer, NativeWebRequest, WebDataBinderFactory)
org.springframework.web.servlet.mvc.method.annotation.ServletResponseMethodArgumentResolver

getAccessToken:
org.springframework.security.oauth2.provider.endpoint.TokenEndpoint.getAccessToken(Principal, String, Map<String, String>)

org.springframework.security.authentication.AuthenticationTrustResolverImpl

org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(ServletRequest, ServletResponse, FilterChain)


重点:
org.springframework.web.servlet.mvc.method.annotation.ServletRequestMethodArgumentResolver.resolveArgument(MethodParameter, ModelAndViewContainer, NativeWebRequest, WebDataBinderFactory)


org.springframework.web.method.annotation.RequestParamMapMethodArgumentResolver@68d259f1


org.springframework.security.oauth2.provider.endpoint.AuthorizationEndpoint
@FrameworkEndpoint
@SessionAttributes("authorizationRequest")
@RequestMapping(value = "/oauth/authorize")
public class AuthorizationEndpoint extends AbstractEndpoint implements InitializingBean {
分享到:
评论

相关推荐

    微信扫一扫登录、微信支付、springsecurity&oauth2

    项目中使用到的技术包含SpringBoot、SpringSecurity&oauth2(安全资源和授权中心模式、包括登录接口自定义返回字段、自定义手机号+密码登录、自定义免密登录)、Queue队列、线程池、xss攻击配置、SpringCache、Mybatis...

    Spring Security+OAuth2 精讲,打造企业级认证与授权

    Spring Security和OAuth2是两个非常关键的框架,它们分别处理身份验证(Authentication)和授权(Authorization)的问题。本课程"Spring Security+OAuth2 精讲,打造企业级认证与授权"深入浅出地讲解了这两个框架的...

    spring-security-oauth2-2.3.5.RELEASE-API文档-中文版.zip

    赠送jar包:spring-security-oauth2-2.3.5.RELEASE.jar; 赠送原API文档:spring-security-oauth2-2.3.5.RELEASE-javadoc.jar; 赠送源代码:spring-security-oauth2-2.3.5.RELEASE-sources.jar; 赠送Maven依赖信息...

    Springboot整合Spring security+Oauth2+JWT搭建认证服务器,网关,微服务之间权限认证及授权

    本教程将探讨如何使用Spring Boot结合Spring Security、OAuth2和JWT(JSON Web Token)来搭建一个认证服务器、API网关以及微服务之间的权限认证和授权机制。 首先,Spring Security是Spring框架的一个模块,专门...

    Spring Security+OAuth2 精讲,打造企业级认证与授权2022升级

    Spring Security+OAuth2 精讲,打造企业级认证与授权(2022升级版) 1、企业级认证授权专项解决方案 系统解锁后端开发者必备的"安全"技能 2、主流安全框架核心一网打尽,只学实用的

    spring-boot spring-security-oauth2 完整demo

    《Spring Boot、Spring Security与OAuth2的完整示例解析》 在现代Web开发中,安全性是不可忽视的重要一环。Spring Boot、Spring Security和OAuth2是Java生态系统中用于构建安全Web应用的三大利器。本篇文章将围绕...

    spring-security-oauth2-2.3.5.RELEASE-API文档-中英对照版.zip

    赠送jar包:spring-security-oauth2-2.3.5.RELEASE.jar; 赠送原API文档:spring-security-oauth2-2.3.5.RELEASE-javadoc.jar; 赠送源代码:spring-security-oauth2-2.3.5.RELEASE-sources.jar; 赠送Maven依赖信息...

    Spring security oauth源码

    Spring Security OAuth 是一个用于保护RESTful Web服务的框架,它为OAuth 1.0a和OAuth 2.0协议提供了全面的支持。在这个源码中,我们可能会看到如何将Spring Security与OAuth结合,以构建安全的Web应用程序和服务。...

    springsecurity+oauth2+jwt实现单点登录demo

    该资源是springsecurity+oauth2+jwt实现的单点登录demo,模式为授权码模式,实现自定义登录页面和自定义授权页面。应用数据存在内存中或者存在数据库中(附带数据库表结构),token存储分为数据库或者Redis。demo...

    spring-security-oauth2源码

    Spring Security OAuth2 是一个强大的框架,用于为Java应用提供OAuth2和OpenID Connect安全功能。OAuth2是一个授权框架,允许第三方应用在用户许可的情况下访问其受保护的资源,而OpenID Connect则是在OAuth2之上...

    spring security 基于oauth 2.0 实现 sso 单点登录Demo.zip

    spring security 基于oauth 2.0 实现 sso 单点登录Demo 使用 spring security 基于oauth 2.0 实现 sso 单点登录Demo spring boot + spring security + spring security oauth

    spring security和oauth2整合开发资料汇总

    Spring Security和OAuth2是两种广泛应用于现代Web应用安全框架的技术。Spring Security是Spring生态系统的组件,主要用于实现身份验证和授权,而OAuth2则是一种开放标准,用于授权第三方应用访问用户资源。下面将...

    spring security oauth2.0 (讲义+代码)

    Spring Security OAuth2.0 是一个强大的安全框架,用于构建安全的Web应用和API。OAuth2.0 是一种授权框架,允许第三方应用在用户许可的情况下访问其受保护的资源,而无需共享用户凭证。本讲义结合代码将深入探讨如何...

    SpringBoot、SpringBoot&Shiro;、SpringCloud、SpringSecurity&SpringSecurityOAuth2;

    循序渐进,学习Spring Boot、Spring Boot & Shiro、Spring Cloud、Spring Security & Spring Security OAuth2,博客Spring系列源码

    springboot+springsecurity+oauth2.zip

    SpringBoot、SpringSecurity和OAuth2是Java开发领域中三个非常重要的技术组件,它们共同构建了安全、高效的应用程序框架。让我们深入探讨这三个组件的核心概念、功能以及如何在实际项目中结合使用。 首先,...

    spring-security-oauth2-2.0.3.jar(包括jar包,源码,doc)

    Spring Security OAuth2是一个广泛使用的Java库,用于在Spring应用程序中实现OAuth2协议,提供安全授权服务。OAuth2是一种授权框架,允许第三方应用在用户许可的情况下访问其私有资源,如在社交媒体上的数据。2.0.3....

    视频配套笔记_Spring Security OAuth2.0认证授权_v1.1.rar

    Spring Security OAuth2.0 是一个广泛使用的Java安全框架,它为构建安全的Web应用程序提供了强大的支持。OAuth2.0是授权框架的一个标准,允许第三方应用在用户授权的情况下访问其私有资源,而无需共享用户的登录凭证...

    spring-security-oauth2.rar

    在Spring Boot应用中,通过`spring-boot-starter-data-redis`依赖和`spring.security.oauth2.provider.token.store.redis`配置,可以轻松地将TokenStore切换到Redis。此外,还需要配置Redis连接参数,如主机名、端口...

    SpringSecurity+OAuth2+JWT分布式权限控制.zip

    Spring Security、OAuth2和JWT(JSON Web Tokens)是实现安全控制的关键技术。本项目“SpringSecurity+OAuth2+JWT分布式权限控制”旨在提供一个完整的解决方案,帮助开发者构建安全的、基于微服务的分布式应用程序。...

Global site tag (gtag.js) - Google Analytics