【免费】spring安全文档PDF资源-CSDN文库

spring

需积分: 0 193 浏览量 2009-09-08 21:54:02 上传评论收藏 588KB PDF 举报

资源详情

资源评论

Spring Security

Reference Documentation

Ben Alex

Luke Taylor

Spring Security

3.0.0.M2 Spring Security iii

Table of Contents

Preface ..................................................................................................................................... ix

I. Getting Started ....................................................................................................................... 1

1. Introduction ................................................................................................................... 2

1.1. What is Spring Security? ..................................................................................... 2

1.2. History ................................................................................................................ 4

1.3. Release Numbering ............................................................................................. 4

1.4. Getting the Source ............................................................................................... 5

2. Security Namespace Configuration .................................................................................. 6

2.1. Introduction ......................................................................................................... 6

Design of the Namespace ................................................................................... 7

2.2. Getting Started with Security Namespace Configuration ......................................... 7

web.xml Configuration .................................................................................... 7

A Minimal <http> Configuration ..................................................................... 8

What does auto-config Include? ........................................................... 9

Form and Basic Login Options ................................................................... 9

Using other Authentication Providers ................................................................ 10

Adding a Password Encoder ..................................................................... 11

2.3. Advanced Web Features .................................................................................... 12

Remember-Me Authentication ........................................................................... 12

Adding HTTP/HTTPS Channel Security ............................................................ 12

Concurrent Session Control .............................................................................. 13

OpenID Login .................................................................................................. 13

Adding in Your Own Filters ............................................................................. 14

Setting a Custom AuthenticationEntryPoint ................................. 16

Session Fixation Attack Protection .................................................................... 16

2.4. Method Security ................................................................................................ 16

The <global-method-security> Element ............................................... 16

Adding Security Pointcuts using protect-pointcut ............................ 17

2.5. The Default AccessDecisionManager .................................................................. 17

Customizing the AccessDecisionManager .......................................................... 17

2.6. The Authentication Manager and the Namespace ................................................. 18

3. Sample Applications ..................................................................................................... 20

3.1. Tutorial Sample ................................................................................................. 20

3.2. Contacts ............................................................................................................ 20

3.3. LDAP Sample ................................................................................................... 21

3.4. CAS Sample ..................................................................................................... 21

3.5. Pre-Authentication Sample ................................................................................. 22

4. Spring Security Community .......................................................................................... 23

4.1. Issue Tracking ................................................................................................... 23

4.2. Becoming Involved ............................................................................................ 23

4.3. Further Information ........................................................................................... 23

II. Architecture and Implementation .......................................................................................... 24

5. Technical Overview ...................................................................................................... 25

Spring Security

3.0.0.M2 Spring Security iv

5.1. Runtime Environment ........................................................................................ 25

5.2. Core Components .............................................................................................. 25

SecurityContextHolder, SecurityContext and Authentication Objects ................. 25

Obtaining information about the current user ............................................. 26

The UserDetailsService ..................................................................................... 26

GrantedAuthority .............................................................................................. 27

Summary ......................................................................................................... 27

5.3. Authentication ................................................................................................... 27

What is authentication in Spring Security? ......................................................... 27

Setting the SecurityContextHolder Contents Directly .................................. 29

5.4. Authentication in a Web Application .................................................................. 30

ExceptionTranslationFilter ................................................................................ 30

AuthenticationEntryPoint .................................................................................. 31

Authentication Mechanism ................................................................................ 31

Storing the SecurityContext between requests ........................................... 31

5.5. Access-Control (Authorization) in Spring Security ............................................... 32

Security and AOP Advice ................................................................................. 32

Secure Objects and the AbstractSecurityInterceptor .......................... 32

What are Configuration Attributes? ........................................................... 33

RunAsManager ........................................................................................ 33

AfterInvocationManager ........................................................................... 33

Extending the Secure Object Model .......................................................... 34

5.6. Localization ....................................................................................................... 34

6. Core Services ............................................................................................................... 36

6.1. The AuthenticationManager, ProviderManager and

AuthenticationProviders .............................................................................. 36

DaoAuthenticationProvider ................................................................. 37

6.2. UserDetailsService Implementations ........................................................ 37

In-Memory Authentication ................................................................................ 38

JdbcDaoImpl ............................................................................................... 38

Authority Groups ..................................................................................... 39

III. Web Application Security ................................................................................................... 40

7. The Security Filter Chain ............................................................................................. 41

7.1. DelegatingFilterProxy ........................................................................... 41

7.2. FilterChainProxy ...................................................................................... 41

Bypassing the Filter Chain ................................................................................ 43

7.3. Filter Ordering .................................................................................................. 43

7.4. Use with other Filter-Based Frameworks ............................................................. 44

8. Core Security Filters .................................................................................................... 45

8.1. FilterSecurityInterceptor .................................................................. 45

8.2. ExceptionTranslationFilter ................................................................ 46

AuthenticationEntryPoint ................................................................... 47

AccessDeniedHandler .............................................................................. 47

SecurityContextPersistenceFilter .................................................. 47

SecurityContextRepository ......................................................... 48

Spring Security

3.0.0.M2 Spring Security v

UsernamePasswordAuthenticationProcessingFilter ................... 48

Application Flow on Authentication Success and Failure ............................ 49

9. Basic and Digest Authentication .................................................................................... 51

9.1. BasicProcessingFilter ........................................................................... 51

Configuration ................................................................................................... 51

9.2. DigestProcessingFilter ......................................................................... 52

Configuration ................................................................................................... 53

10. Remember-Me Authentication ..................................................................................... 54

10.1. Overview ......................................................................................................... 54

10.2. Simple Hash-Based Token Approach ................................................................ 54

10.3. Persistent Token Approach ............................................................................... 55

10.4. Remember-Me Interfaces and Implementations .................................................. 55

TokenBasedRememberMeServices .................................................................... 56

PersistentTokenBasedRememberMeServices ...................................................... 56

11. Concurrent Session Handling ...................................................................................... 57

12. Anonymous Authentication ......................................................................................... 58

12.1. Overview ......................................................................................................... 58

12.2. Configuration ................................................................................................... 58

12.3. AuthenticationTrustResolver ............................................................ 59

IV. Authorization ..................................................................................................................... 61

13. Common Authorization Concepts ................................................................................ 62

13.1. Authorities ....................................................................................................... 62

13.2. Pre-Invocation Handling ................................................................................... 62

The AccessDecisionManager ............................................................................ 62

Voting-Based AccessDecisionManager Implementations ............................. 63

13.3. After Invocation Handling ................................................................................ 65

ACL-Aware AfterInvocationProviders ............................................................... 66

13.4. Authorization Tag Libraries .............................................................................. 67

14. Secure Object Implementations ................................................................................... 69

14.1. AOP Alliance (MethodInvocation) Security Interceptor ...................................... 69

Explicit MethodSecurityIterceptor Configuration ................................................ 69

14.2. AspectJ (JoinPoint) Security Interceptor ............................................................ 69

V. Advanced Topics ................................................................................................................. 72

15. Domain Object Security (ACLs) .................................................................................. 73

15.1. Overview ......................................................................................................... 73

15.2. Key Concepts .................................................................................................. 74

15.3. Getting Started ................................................................................................ 76

16. Pre-Authentication Scenarios ....................................................................................... 78

16.1. Pre-Authentication Framework Classes ............................................................. 78

AbstractPreAuthenticatedProcessingFilter .......................................................... 78

AbstractPreAuthenticatedAuthenticationDetailsSource ........................................ 79

J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource ...................... 79

PreAuthenticatedAuthenticationProvider ............................................................ 79

Http403ForbiddenEntryPoint ............................................................................. 79

16.2. Concrete Implementations ................................................................................ 80

剩余120页未读，继续阅读

评论收藏

内容反馈

spring 安全文档 PDF

评论0

最新资源

spring 安全文档 PDF

评论0

最新资源

相关推荐

Spring中文文档.pdf

spring经典文档pdf

spring官方帮助文档pdf

spring官方文档pdf

spring cloud 文档 pdf 英文版

Spring中文文档下载

SpringSecurity课程文档下载 pdf 教学

SpringSecurity.pdf

Spring框架文档 - 核心技术部分 中文版 - 第一部分.pdf

Spring5官方文档.pdf

Spring 5.2.4版本官方文档英文pdf(Spring Core + Spring MVC + ...)

spring cloud文档pdf版（带书签）

Spring Cloud Dalston 中文文档 参考手册 PDF版

spring security 参考文档.pdf

myBatis-spring最新官方页面制作pdf文档

Spring4、Spring5官方参考文档PDF、电子书epub格式 官方最后一版single版本

spring2.5中文文档(PDF)

springcloud学习笔记.pdf

Java第十五届蓝桥杯大赛软件JavaB组真题

SwitchHosts

安卓期末大作业（AndroidStudio开发），垃圾分类助手app，分为前台后台，代码有注释，均能正常运行

Notepad++安装包

2024北森能力测评题库.7z

微信小程序源码-合集1.rar

Java面试八股文2023最新版

Linux Centos7 升级最新版OpenSSH-9.6p1 有脚本（支持离线）

JDK1.8 windows 64位

ruoyi-vue-pro 芋道源码项目的表结构

ruoyi-vue-pro开发指南PDF下载

Spring框架文档 - 核心技术部分中文版 - 第一部分.pdf

Spring Cloud Dalston 中文文档参考手册 PDF版

Spring4、Spring5官方参考文档PDF、电子书epub格式官方最后一版single版本