Spring Security概念
Spring Security是Spring采用 AOP思想,基于 servlet过滤器实现的安全框架。它提供了完善的认证机制和方法级的授权功能。是一款非常优秀的权限管理框架。
Spring Security是一个功能强大且高度可定制的身份验证和访问控制框架。它是用于保护基于Spring的应用程序的事实上的标准。
Spring Security是一个框架,致力于为Java应用程序提供身份验证和授权。像所有Spring项目一样,Spring Security的真正强大之处在于它可以轻松扩展以满足定制需求的能力。
快速入门案例
jdk版本我们可以后续修改,选择下一步
下一步选择保存地址后便会自动创建项目。
创建项目后,如果maven下载不成功,我们可以修改一下相关版本,比如
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.1.13.RELEASE</version>
<relativePath/>
</parent>
<properties>
<java.version>1.8</java.version>
</properties>
下面是一个简单的启动类和接入点
@SpringBootApplication
@RestController
public class DemoApplication {
public static void main(String[] args) {
SpringApplication.run(DemoApplication.class, args);
}
@GetMapping("/hello")
public String hello(@RequestParam(value = "name", defaultValue = "World") String name) {
return String.format("Hello %s!", name);
}
}
运行main方法后,控制台会输出登录的初始密码
"C:\Program Files\Java\jdk1.8.0_202\bin\java.exe" -XX:TieredStopAtLevel=1 -noverify -Dspring.output.ansi.enabled=always -Dcom.sun.management.jmxremote -Dspring.jmx.enabled=true -Dspring.liveBeansView.mbeanDomain -Dspring.application.admin.enabled=true -javaagent:D:\yzm\soft\ideaIU-2019.2.3.win\lib\idea_rt.jar=13822:D:\yzm\soft\ideaIU-2019.2.3.win\bin -Dfile.encoding=UTF-8 -classpath "C:\Program Files\Java\jdk1.8.0_202\jre\lib\charsets.jar;C:\Program Files\Java\jdk1.8.0_202\jre\lib\deploy.jar;C:\Program Files\Java\jdk1.8.0_202\jre\lib\ext\access-bridge-64.jar;C:\Program Files\Java\jdk1.8.0_202\jre\lib\ext\cldrdata.jar;C:\Program Files\Java\jdk1.8.0_202\jre\lib\ext\dnsns.jar;C:\Program Files\Java\jdk1.8.0_202\jre\lib\ext\jaccess.jar;C:\Program Files\Java\jdk1.8.0_202\jre\lib\ext\jfxrt.jar;C:\Program Files\Java\jdk1.8.0_202\jre\lib\ext\localedata.jar;C:\Program Files\Java\jdk1.8.0_202\jre\lib\ext\nashorn.jar;C:\Program Files\Java\jdk1.8.0_202\jre\lib\ext\sunec.jar;C:\Program Files\Java\jdk1.8.0_202\jre\lib\ext\sunjce_provider.jar;C:\Program Files\Java\jdk1.8.0_202\jre\lib\ext\sunmscapi.jar;C:\Program Files\Java\jdk1.8.0_202\jre\lib\ext\sunpkcs11.jar;C:\Program Files\Java\jdk1.8.0_202\jre\lib\ext\zipfs.jar;C:\Program Files\Java\jdk1.8.0_202\jre\lib\javaws.jar;C:\Program Files\Java\jdk1.8.0_202\jre\lib\jce.jar;C:\Program Files\Java\jdk1.8.0_202\jre\lib\jfr.jar;C:\Program Files\Java\jdk1.8.0_202\jre\lib\jfxswt.jar;C:\Program Files\Java\jdk1.8.0_202\jre\lib\jsse.jar;C:\Program Files\Java\jdk1.8.0_202\jre\lib\management-agent.jar;C:\Program Files\Java\jdk1.8.0_202\jre\lib\plugin.jar;C:\Program Files\Java\jdk1.8.0_202\jre\lib\resources.jar;C:\Program Files\Java\jdk1.8.0_202\jre\lib\rt.jar;D:\yzm\soft\workspace-idea\demo-spring-security\target\classes;D:\maven\repo\org\springframework\boot\spring-boot-starter-security\2.1.13.RELEASE\spring-boot-starter-security-2.1.13.RELEASE.jar;D:\maven\repo\org\springframework\boot\spring-boot-starter\2.1.13.RELEASE\spring-boot-starter-2.1.13.RELEASE.jar;D:\maven\repo\org\springframework\boot\spring-boot\2.1.13.RELEASE\spring-boot-2.1.13.RELEASE.jar;D:\maven\repo\org\springframework\boot\spring-boot-autoconfigure\2.1.13.RELEASE\spring-boot-autoconfigure-2.1.13.RELEASE.jar;D:\maven\repo\org\springframework\boot\spring-boot-starter-logging\2.1.13.RELEASE\spring-boot-starter-logging-2.1.13.RELEASE.jar;D:\maven\repo\ch\qos\logback\logback-classic\1.2.3\logback-classic-1.2.3.jar;D:\maven\repo\ch\qos\logback\logback-core\1.2.3\logback-core-1.2.3.jar;D:\maven\repo\org\apache\logging\log4j\log4j-to-slf4j\2.11.2\log4j-to-slf4j-2.11.2.jar;D:\maven\repo\org\apache\logging\log4j\log4j-api\2.11.2\log4j-api-2.11.2.jar;D:\maven\repo\org\slf4j\jul-to-slf4j\1.7.30\jul-to-slf4j-1.7.30.jar;D:\maven\repo\javax\annotation\javax.annotation-api\1.3.2\javax.annotation-api-1.3.2.jar;D:\maven\repo\org\yaml\snakeyaml\1.23\snakeyaml-1.23.jar;D:\maven\repo\org\springframework\spring-aop\5.1.14.RELEASE\spring-aop-5.1.14.RELEASE.jar;D:\maven\repo\org\springframework\spring-beans\5.1.14.RELEASE\spring-beans-5.1.14.RELEASE.jar;D:\maven\repo\org\springframework\security\spring-security-config\5.1.8.RELEASE\spring-security-config-5.1.8.RELEASE.jar;D:\maven\repo\org\springframework\spring-context\5.1.14.RELEASE\spring-context-5.1.14.RELEASE.jar;D:\maven\repo\org\springframework\security\spring-security-web\5.1.8.RELEASE\spring-security-web-5.1.8.RELEASE.jar;D:\maven\repo\org\springframework\spring-expression\5.1.14.RELEASE\spring-expression-5.1.14.RELEASE.jar;D:\maven\repo\org\springframework\boot\spring-boot-starter-web\2.1.13.RELEASE\spring-boot-starter-web-2.1.13.RELEASE.jar;D:\maven\repo\org\springframework\boot\spring-boot-starter-json\2.1.13.RELEASE\spring-boot-starter-json-2.1.13.RELEASE.jar;D:\maven\repo\com\fasterxml\jackson\core\jackson-databind\2.9.10.3\jackson-databind-2.9.10.3.jar;D:\maven\repo\com\fasterxml\jackson\core\jackson-annotations\2.9.10\jackson-annotations-2.9.10.jar;D:\maven\repo\com\fasterxml\jackson\core\jackson-core\2.9.10\jackson-core-2.9.10.jar;D:\maven\repo\com\fasterxml\jackson\datatype\jackson-datatype-jdk8\2.9.10\jackson-datatype-jdk8-2.9.10.jar;D:\maven\repo\com\fasterxml\jackson\datatype\jackson-datatype-jsr310\2.9.10\jackson-datatype-jsr310-2.9.10.jar;D:\maven\repo\com\fasterxml\jackson\module\jackson-module-parameter-names\2.9.10\jackson-module-parameter-names-2.9.10.jar;D:\maven\repo\org\springframework\boot\spring-boot-starter-tomcat\2.1.13.RELEASE\spring-boot-starter-tomcat-2.1.13.RELEASE.jar;D:\maven\repo\org\apache\tomcat\embed\tomcat-embed-core\9.0.31\tomcat-embed-core-9.0.31.jar;D:\maven\repo\org\apache\tomcat\embed\tomcat-embed-el\9.0.31\tomcat-embed-el-9.0.31.jar;D:\maven\repo\org\apache\tomcat\embed\tomcat-embed-websocket\9.0.31\tomcat-embed-websocket-9.0.31.jar;D:\maven\repo\org\hibernate\validator\hibernate-validator\6.0.18.Final\hibernate-validator-6.0.18.Final.jar;D:\maven\repo\javax\validation\validation-api\2.0.1.Final\validation-api-2.0.1.Final.jar;D:\maven\repo\org\jboss\logging\jboss-logging\3.3.3.Final\jboss-logging-3.3.3.Final.jar;D:\maven\repo\com\fasterxml\classmate\1.4.0\classmate-1.4.0.jar;D:\maven\repo\org\springframework\spring-web\5.1.14.RELEASE\spring-web-5.1.14.RELEASE.jar;D:\maven\repo\org\springframework\spring-webmvc\5.1.14.RELEASE\spring-webmvc-5.1.14.RELEASE.jar;D:\maven\repo\org\slf4j\slf4j-api\1.7.30\slf4j-api-1.7.30.jar;D:\maven\repo\org\springframework\spring-core\5.1.14.RELEASE\spring-core-5.1.14.RELEASE.jar;D:\maven\repo\org\springframework\spring-jcl\5.1.14.RELEASE\spring-jcl-5.1.14.RELEASE.jar;D:\maven\repo\org\springframework\security\spring-security-core\5.1.8.RELEASE\spring-security-core-5.1.8.RELEASE.jar" com.example.demo.DemoApplication
. ____ _ __ _ _
/\\ / ___'_ __ _ _(_)_ __ __ _ \ \ \ \
( ( )\___ | '_ | '_| | '_ \/ _` | \ \ \ \
\\/ ___)| |_)| | | | | || (_| | ) ) ) )
' |____| .__|_| |_|_| |_\__, | / / / /
=========|_|==============|___/=/_/_/_/
:: Spring Boot :: (v2.1.13.RELEASE)
2024-02-25 23:08:40.307 INFO 6940 --- [ main] com.example.demo.DemoApplication : Starting DemoApplication on 王小荣 with PID 6940 (D:\yzm\soft\workspace-idea\demo-spring-security\target\classes started by 45188 in D:\yzm\soft\workspace-idea\demo-spring-security)
2024-02-25 23:08:40.309 INFO 6940 --- [ main] com.example.demo.DemoApplication : No active profile set, falling back to default profiles: default
2024-02-25 23:08:40.908 INFO 6940 --- [ main] o.s.b.w.embedded.tomcat.TomcatWebServer : Tomcat initialized with port(s): 8080 (http)
2024-02-25 23:08:40.923 INFO 6940 --- [ main] o.apache.catalina.core.StandardService : Starting service [Tomcat]
2024-02-25 23:08:40.923 INFO 6940 --- [ main] org.apache.catalina.core.StandardEngine : Starting Servlet engine: [Apache Tomcat/9.0.31]
2024-02-25 23:08:41.007 INFO 6940 --- [ main] o.a.c.c.C.[Tomcat].[localhost].[/] : Initializing Spring embedded WebApplicationContext
2024-02-25 23:08:41.007 INFO 6940 --- [ main] o.s.web.context.ContextLoader : Root WebApplicationContext: initialization completed in 674 ms
2024-02-25 23:08:41.134 INFO 6940 --- [ main] o.s.s.concurrent.ThreadPoolTaskExecutor : Initializing ExecutorService 'applicationTaskExecutor'
2024-02-25 23:08:41.249 INFO 6940 --- [ main] .s.s.UserDetailsServiceAutoConfiguration :
Using generated security password: f4eb9662-ce1a-480a-aeab-4029f554e42f
2024-02-25 23:08:41.299 INFO 6940 --- [ main] o.s.s.web.DefaultSecurityFilterChain : Creating filter chain: any request, [org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@56781d96, org.springframework.security.web.context.SecurityContextPersistenceFilter@31ff1390, org.springframework.security.web.header.HeaderWriterFilter@1d01dfa5, org.springframework.security.web.csrf.CsrfFilter@23eee4b8, org.springframework.security.web.authentication.logout.LogoutFilter@53667cbe, org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter@272a179c, org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter@6b410923, org.springframework.security.web.authentication.ui.DefaultLogoutPageGeneratingFilter@5173200b, org.springframework.security.web.authentication.www.BasicAuthenticationFilter@a619c2, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@781a9412, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@60f2e0bd, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@25c5e994, org.springframework.security.web.session.SessionManagementFilter@d400943, org.springframework.security.web.access.ExceptionTranslationFilter@73d69c0f, org.springframework.security.web.access.intercept.FilterSecurityInterceptor@69eb86b4]
2024-02-25 23:08:41.339 INFO 6940 --- [ main] o.s.b.w.embedded.tomcat.TomcatWebServer : Tomcat started on port(s): 8080 (http) with context path ''
2024-02-25 23:08:41.341 INFO 6940 --- [ main] com.example.demo.DemoApplication : Started DemoApplication in 1.255 seconds (JVM running for 1.878)
2024-02-25 23:08:59.036 INFO 6940 --- [nio-8080-exec-1] o.a.c.c.C.[Tomcat].[localhost].[/] : Initializing Spring DispatcherServlet 'dispatcherServlet'
2024-02-25 23:08:59.037 INFO 6940 --- [nio-8080-exec-1] o.s.web.servlet.DispatcherServlet : Initializing Servlet 'dispatcherServlet'
2024-02-25 23:08:59.044 INFO 6940 --- [nio-8080-exec-1] o.s.web.servlet.DispatcherServlet : Completed initialization in 7 ms
现在,你可以试着点击一个端点,看看会发生什么。如果你没有凭证的情况下请求一个端点,像这样:
$ curl -i http://localhost:8080/some/path
HTTP/1.1 401
...
那么 Spring Security 就会以
401 Unauthorized
拒绝访问。
如果你在浏览器中访问这个URL,它将重定向到一个默认的登录页面。
而如果你带有凭证请求一个端点(凭证可以在控制台输出中发现),如下:
$ curl -i -u user:f4eb9662-ce1a-480a-aeab-4029f554e42f http://localhost:8080/some/path
HTTP/1.1 404
...
那么 Spring Boot 将为该请求提供服务,在这种情况下返回
404 Not Found
,因为
/some/path
不存在。
如果我们访问正常的url,如下成功完成认证并返回结果
curl -i -u user:f4eb9662-ce1a-480a-aeab-4029f554e42f http://localhost:8080/hello
HTTP/1.1 200
...
Hello World!
认证
我们可以通过官网的例子来看下,表单登录的流程。
表单登录(Form Login) :: Spring Security Reference
授权
以下是官方对http授权的相关介绍
授权 HttpServletRequest :: Spring Security Reference
后续我会按图索骥,看下如何实现自定义的认证和授权方法
本文转载自: https://blog.csdn.net/migo_/article/details/136285709
版权归原作者 Jimmy_架构师 所有, 如有侵权,请联系我们删除。
版权归原作者 Jimmy_架构师 所有, 如有侵权,请联系我们删除。