Spring Security简介
1、Java web 应用中安全框架使用率高的莫过于 Spring-security 与 Apache Shiro。
2、Spring Security 是 Spring 官网的顶级项目,与 spring boot、spring data、spring cloud 等齐名。
3、Spring Security 是一个专注于向 Java 应用程序提供身份验证和授权的安全框架,与所有 Spring 项目一样,Spring Security 的真正威力在于它可以很容易地扩展以满足定制需求。Spring Security 是采用 AOP 思想,基于 servlet 过滤器实现的。
4、Spring Security 是 Spring Boot 底层安全模块默认的技术选型,可以实现强大的 web 安全控制,对于安全控制,仅需引入spring-boot-starter-security 模块,进行少量的配置,即可实现强大的安全管理。
5、Spring Security Features(特性):
1、全面和可扩展的身份验证和授权支持(Comprehensive and extensible support for both Authentication and Authorization) 2、防止攻击,如会话固定,点击劫持,跨站请求伪造等(Protection against attacks like session fixation, clickjacking, cross site request forgery, etc) 3、Servlet API 的集成(Servlet API integration) 4、与 Spring Web MVC 的可选集成(Optional integration with Spring Web MVC ) |
入门项目
配置Pom文件
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns
xsi:schemaLocation
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>3.2.1</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>
<groupId>com.tntxia.test</groupId>
<artifactId>springsec</artifactId>
<version>0.0.1-SNAPSHOT</version>
<name>springsec</name>
<description>Demo project for Spring Security</description>
<properties>
<java.version>17</java.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-thymeleaf</artifactId>
<version>3.2.1</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-test</artifactId>
<scope>test</scope>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
</project>
Java程序
增加两个Java类,用来测试
/*
* Copyright 2012-2016 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
*
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.tntxia.test.springsec;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
/**
* Hello application.
*
* @author Joe Grandja
*/
@SpringBootApplication
public class HelloApplication {
public static void main(String[] args) {
SpringApplication.run(HelloApplication.class, args);
}
}
/*
* Copyright 2002-2016 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
*
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.tntxia.test.springsec;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.GetMapping;
/**
* Controller for "/".
*
* @author Joe Grandja
*/
@Controller
public class IndexController {
@GetMapping("/")
public String index() {
return "index";
}
}
运行HelloApplication,
会自动跳转到登录页面:
输入用户名为user, 命令在后台会打印出来
是随机生成的,每次启动都会更新。点击sign in 按钮,登录:
登录后就可以看到,Controller定义的页面了。