mengqingyu
- 浏览: 328630 次
- 性别:
- 来自: 天津
-
文章分类
最新评论
-
xing0029:
这样配置的话 事物不成功啊 还有什么地方需要注意的么 可以加我 ...
JTA集成JOTM或Atomikos配置分布式事务(Tomcat应用服务器) -
mengqingyu:
liuxiaolu 写道jotm的我的没有成功,楼主能否帮助一 ...
JTA集成JOTM或Atomikos配置分布式事务(Tomcat应用服务器) -
liuxiaolu:
jotm的我的没有成功,楼主能否帮助一下
JTA集成JOTM或Atomikos配置分布式事务(Tomcat应用服务器) -
aptech406328627:
求解救,没弄好QQ:1053942353
Spring邮件发送(可带附件,模板,群发,异步发送等功能) -
ghpaas:
web可视化自定义表单推荐使用GForms开发平台(http: ...
在线表单设计器设计原理
利用断点走了一遍spring-security源码的核心部分,下面根据自己的理解对源码做了一些解释,过滤器开头的标号是运行时默认配置调用的顺序,理解了原理,我们可以通过继承和实现接口的方式扩展过滤器,权限验证器,数据查询器,投票器等等......
1.SecurityContextPersistenceFilter 从HttpSession中获取SecurityContext上下文
2.logoutFilter 如果访问地址为/j_spring_security_logout,LogoutFilter将注销用户
3.AbstractAuthenticationProcessingFilter 权限管理器如果访问地址为/j_spring_security_check则选择对应的数据查询器来获取存储的用户相关信息
4.BasicAuthenticationFilter
5.RequestCacheAwareFilter
6.SecurityContextHolderAwareRequestFilter
7.RememberMeAuthenticationFilter 如果当前SecurityContextHolder中没有用户对象,则通过cookie查找
8.AnonymousAuthenticationFilter 如果当前SecurityContextHolder中没有用户对象,则创建匿名对象
9.SessionManagementFilter 检查session是否超时
10.ExceptionTranslationFilter 调用FilterSecurityInterceptor,AbstractSecurityInterceptor使用投票器进行权限判断
11.SwitchUserFilter 用户切换高权限用户向低权限用户切换
1.SecurityContextPersistenceFilter 从HttpSession中获取SecurityContext上下文
2.logoutFilter 如果访问地址为/j_spring_security_logout,LogoutFilter将注销用户
3.AbstractAuthenticationProcessingFilter 权限管理器如果访问地址为/j_spring_security_check则选择对应的数据查询器来获取存储的用户相关信息
4.BasicAuthenticationFilter
5.RequestCacheAwareFilter
6.SecurityContextHolderAwareRequestFilter
7.RememberMeAuthenticationFilter 如果当前SecurityContextHolder中没有用户对象,则通过cookie查找
8.AnonymousAuthenticationFilter 如果当前SecurityContextHolder中没有用户对象,则创建匿名对象
9.SessionManagementFilter 检查session是否超时
10.ExceptionTranslationFilter 调用FilterSecurityInterceptor,AbstractSecurityInterceptor使用投票器进行权限判断
11.SwitchUserFilter 用户切换高权限用户向低权限用户切换
//从HttpSession中获取SecurityContext上下文
public class SecurityContextPersistenceFilter extends GenericFilterBean {
private SecurityContextRepository repo = new HttpSessionSecurityContextRepository();
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
throws IOException, ServletException {
//代码略.....................
HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request, response);
SecurityContext contextBeforeChainExecution = repo.loadContext(holder);//获得security上下文
try {
SecurityContextHolder.setContext(contextBeforeChainExecution);
chain.doFilter(holder.getRequest(), holder.getResponse());//调用下一个过滤器
} finally {
SecurityContext contextAfterChainExecution = SecurityContextHolder.getContext();
// Crucial removal of SecurityContextHolder contents - do this before anything else.
SecurityContextHolder.clearContext();
repo.saveContext(contextAfterChainExecution, holder.getRequest(), holder.getResponse());
request.removeAttribute(FILTER_APPLIED);
}
}
//代码略.....................
}
//如果访问地址为/j_spring_security_logout,LogoutFilter将注销用户
public class LogoutFilter extends GenericFilterBean {
private String filterProcessesUrl = "/j_spring_security_logout";
//代码略.....................
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
throws IOException, ServletException {
//判断如果访问地址为/j_spring_security_logout则执行注销,否则跳过
if (requiresLogout(request, response)) {
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
for (LogoutHandler handler : handlers) {
handler.logout(request, response, auth);
}
logoutSuccessHandler.onLogoutSuccess(request, response, auth);
return;
}
chain.doFilter(request, response);
}
//代码略.....................
}
//权限管理器如果访问地址为/j_spring_security_check则选择对应的数据查询器来获取存储的用户相关信息
public abstract class AbstractAuthenticationProcessingFilter extends GenericFilterBean implements
ApplicationEventPublisherAware, MessageSourceAware {
//代码略.....................
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
throws IOException, ServletException {
//判断如果访问地址为/j_spring_security_check则跳过进行权限获取和判断,否则执行AnonymousAuthenticationFilter
if (!requiresAuthentication(request, response)) {
chain.doFilter(request, response); //调用下一个过滤器BasicAuthenticationFilter
return;
}
Authentication authResult;
try {
//执行UsernamePasswordAuthenticationFilter类中的方法
authResult = attemptAuthentication(request, response);
if (authResult == null) {
// return immediately as subclass has indicated that it hasn't completed authentication
return;
}
sessionStrategy.onAuthentication(authResult, request, response);
}
catch (AuthenticationException failed) {
// Authentication failed
unsuccessfulAuthentication(request, response, failed);
return;
}
// Authentication success
if (continueChainBeforeSuccessfulAuthentication) {
chain.doFilter(request, response);
}
successfulAuthentication(request, response, authResult);
}
protected void successfulAuthentication(HttpServletRequest request, HttpServletResponse response,
Authentication authResult) throws IOException, ServletException {
SecurityContextHolder.getContext().setAuthentication(authResult);
rememberMeServices.loginSuccess(request, response, authResult); //是否存入cookie
// Fire event
if (this.eventPublisher != null) {
eventPublisher.publishEvent(new InteractiveAuthenticationSuccessEvent(authResult, this.getClass()));
}
successHandler.onAuthenticationSuccess(request, response, authResult);//跳转到目标页面
}
//代码略.....................
}
public class UsernamePasswordAuthenticationFilter extends AbstractAuthenticationProcessingFilter {
//代码略.....................
public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException {
if (postOnly && !request.getMethod().equals("POST")) {
throw new AuthenticationServiceException("Authentication method not supported: " + request.getMethod());
}
//获取页面提交的用户名、密码
String username = obtainUsername(request);
String password = obtainPassword(request);
username = username.trim();
//封装成token对象
UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(username, password);
//代码略.....................
//调用AbstractAuthenticationManager类中的方法
return this.getAuthenticationManager().authenticate(authRequest);
}
//代码略.....................
}
public abstract class AbstractAuthenticationManager implements AuthenticationManager {
//代码略.....................
public final Authentication authenticate(Authentication authRequest) throws AuthenticationException {
try {
return doAuthentication(authRequest);//调用ProviderManager类中的方法
} catch (AuthenticationException e) {
e.setAuthentication(authRequest);
if (clearExtraInformation) {
e.clearExtraInformation();
}
throw e;
}
}
//代码略.....................
}
//权限认证管理器
public class ProviderManager extends AbstractAuthenticationManager implements MessageSourceAware, InitializingBean {
private List providers = Collections.emptyList();
private AuthenticationManager parent;
//代码略.....................
public Authentication doAuthentication(Authentication authentication) throws AuthenticationException {
Class extends Authentication> toTest = authentication.getClass();
AuthenticationException lastException = null;
Authentication result = null;
for (AuthenticationProvider provider : getProviders()) {
if (!provider.supports(toTest)) {
continue;
}
try {
//调用AbstractUserDetailsAuthenticationProvider类中的方法
result = provider.authenticate(authentication);
if (result != null) {
copyDetails(authentication, result);
break;
}
} catch (AccountStatusException e) {
// SEC-546: Avoid polling additional providers if auth failure is due to invalid account status
eventPublisher.publishAuthenticationFailure(e, authentication);
throw e;
} catch (AuthenticationException e) {
lastException = e;
}
}
if (result == null && parent != null) {
// Allow the parent to try.
try {
result = parent.authenticate(authentication);
} catch (ProviderNotFoundException e) {
// ignore as we will throw below if no other exception occurred prior to calling parent and the parent
// may throw ProviderNotFound even though a provider in the child already handled the request
} catch (AuthenticationException e) {
lastException = e;
}
}
if (result != null) {
if (eraseCredentialsAfterAuthentication && (result instanceof CredentialsContainer)) {
// Authentication is complete. Remove credentials and other secret data from authentication
((CredentialsContainer)result).eraseCredentials();
}
eventPublisher.publishAuthenticationSuccess(result);
return result;
}
eventPublisher.publishAuthenticationFailure(lastException, authentication);
throw lastException;
}
//代码略.....................
}
//权限查询器
public abstract class AbstractUserDetailsAuthenticationProvider implements AuthenticationProvider, InitializingBean,
MessageSourceAware {
//代码略.....................
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
Assert.isInstanceOf(UsernamePasswordAuthenticationToken.class, authentication,
messages.getMessage("AbstractUserDetailsAuthenticationProvider.onlySupports",
"Only UsernamePasswordAuthenticationToken is supported"));
// Determine username
String username = (authentication.getPrincipal() == null) ? "NONE_PROVIDED" : authentication.getName();
boolean cacheWasUsed = true;
UserDetails user = this.userCache.getUserFromCache(username); //从Ehcache实现的缓存里取userDetail对象
if (user == null) {
cacheWasUsed = false;
try {
//调用DaoAuthenticationProvider类中的方法
user = retrieveUser(username, (UsernamePasswordAuthenticationToken) authentication);
} catch (UsernameNotFoundException notFound) {
logger.debug("User '" + username + "' not found");
if (hideUserNotFoundExceptions) {
throw new BadCredentialsException(messages.getMessage(
"AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"));
} else {
throw notFound;
}
}
Assert.notNull(user, "retrieveUser returned null - a violation of the interface contract");
}
try {
preAuthenticationChecks.check(user); //检查用户是否有效
//通过页面传入的用户名、密码和数据库中取出的信息对比验证
additionalAuthenticationChecks(user, (UsernamePasswordAuthenticationToken) authentication);
} catch (AuthenticationException exception) {
if (cacheWasUsed) {
// There was a problem, so try again after checking
// we're using latest data (i.e. not from the cache)
cacheWasUsed = false;
user = retrieveUser(username, (UsernamePasswordAuthenticationToken) authentication);
preAuthenticationChecks.check(user);
additionalAuthenticationChecks(user, (UsernamePasswordAuthenticationToken) authentication);
} else {
throw exception;
}
}
postAuthenticationChecks.check(user);
if (!cacheWasUsed) {
this.userCache.putUserInCache(user); //将用户对象放入缓存
}
Object principalToReturn = user;
if (forcePrincipalAsString) {
principalToReturn = user.getUsername();
}
return createSuccessAuthentication(principalToReturn, authentication, user);
}
//代码略.....................
}
//数据库查询器
class DaoAuthenticationProvider extends AbstractUserDetailsAuthenticationProvider{
private UserDetailsService userDetailsService;
//代码略.....................
protected final UserDetails retrieveUser(String username, UsernamePasswordAuthenticationToken authentication)
throws AuthenticationException {
UserDetails loadedUser;
try {
//获取用户信息,可以通过实现UserDetailsService接口或继承JdbcDaoImpl类来自定义内部实现
loadedUser = this.getUserDetailsService().loadUserByUsername(username);//调用自定义类UserDetailsServiceImpl的方法
}
catch (DataAccessException repositoryProblem) {
throw new AuthenticationServiceException(repositoryProblem.getMessage(), repositoryProblem);
}
if (loadedUser == null) {
throw new AuthenticationServiceException(
"UserDetailsService returned null, which is an interface contract violation");
}
return loadedUser;
}
protected void additionalAuthenticationChecks(UserDetails userDetails,
UsernamePasswordAuthenticationToken authentication) throws AuthenticationException {
Object salt = null;
if (this.saltSource != null) {
salt = this.saltSource.getSalt(userDetails);
}
if (authentication.getCredentials() == null) {
logger.debug("Authentication failed: no credentials provided");
throw new BadCredentialsException(messages.getMessage(
"AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"),
includeDetailsObject ? userDetails : null);
}
String presentedPassword = authentication.getCredentials().toString();
//判断密码是否一致
if (!passwordEncoder.isPasswordValid(userDetails.getPassword(), presentedPassword, salt)) {
logger.debug("Authentication failed: password does not match stored value");
throw new BadCredentialsException(messages.getMessage(
"AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"),
includeDetailsObject ? userDetails : null);
}
}
//代码略.....................
}
//自定义类实现查询接口
public class UserDetailsServiceImpl extends JdbcDaoSupport implements UserDetailsService {
private String authoritiesByUsernameQuery;
private String usersByUsernameQuery;
//代码略.....................
public void setAuthoritiesByUsernameQuery(String queryString) {
authoritiesByUsernameQuery = queryString;
}
public void setUsersByUsernameQuery(String usersByUsernameQueryString) {
this.usersByUsernameQuery = usersByUsernameQueryString;
}
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException, DataAccessException {
List users = loadUsersByUsername(username); //访问数据库查询用户信息
if (users.size() == 0) {
logger.debug("Query returned no results for user '" + username + "'");
throw new UsernameNotFoundException(
messages.getMessage("JdbcDaoImpl.notFound", new Object[]{username}, "Username {0} not found"), username);
}
UserDetails user = users.get(0); // contains no GrantedAuthority[]
Set dbAuthsSet = new HashSet();
if (enableAuthorities) {
dbAuthsSet.addAll(loadUserAuthorities(user.getUsername())); //查询用户拥有的角色
}
if (enableGroups) {
dbAuthsSet.addAll(loadGroupAuthorities(user.getUsername()));
}
List dbAuths = new ArrayList(dbAuthsSet);
addCustomAuthorities(user.getUsername(), dbAuths);
if (dbAuths.size() == 0) {
logger.debug("User '" + username + "' has no authorities and will be treated as 'not found'");
throw new UsernameNotFoundException(
messages.getMessage("JdbcDaoImpl.noAuthority",
new Object[] {username}, "User {0} has no GrantedAuthority"), username);
}
return createUserDetails(username, user, dbAuths);//返回实现UserDetails接口的对象,将验证信息封装到此对象中
}
protected List loadUsersByUsername(String username) {
return getJdbcTemplate().query(usersByUsernameQuery, new String[]{
username}, new RowMapper() {
@Override
public UserDetails mapRow(ResultSet rs, int rowNum) throws SQLException {
String username = rs.getString(1);
String password = rs.getString(2);
boolean enabled = rs.getBoolean(3);
return new userDetailsImpl(username, password, enabled);//返回实现UserDetails接口的对象
}
});
}
//代码略.....................
}
//用户信息bean,必须实现UserDetails接口
public class userDetailsImpl implements UserDetails {
//代码略.....................
}
//由ExceptionTranslationFilter过滤器调用来进行权限判断
public abstract class AbstractSecurityInterceptor implements InitializingBean, ApplicationEventPublisherAware,
MessageSourceAware {
//代码略.....................
protected InterceptorStatusToken beforeInvocation(Object object) {
//这里读取配置FilterSecurityInterceptor的SecurityMetadataSource属性来获取配置的角色,这些属性配置了资源的安全设置
Collection attributes = this.obtainSecurityMetadataSource().getAttributes(object);
if (attributes == null) {
if (rejectPublicInvocations) {
throw new IllegalArgumentException("Secure object invocation " + object +
" was denied as public invocations are not allowed via this interceptor. "
+ "This indicates a configuration error because the "
+ "rejectPublicInvocations property is set to 'true'");
}
publishEvent(new PublicInvocationEvent(object));
return null; // no further work post-invocation
}
//这里从SecurityContextHolder中去取Authentication对象,一般在登录时会放到SecurityContextHolder中去
if (SecurityContextHolder.getContext().getAuthentication() == null) {
credentialsNotFound(messages.getMessage("AbstractSecurityInterceptor.authenticationNotFound",
"An Authentication object was not found in the SecurityContext"), object, attributes);
}
// 如果前面没有处理鉴权,这里需要对鉴权进行处理
Authentication authenticated = authenticateIfRequired();
// Attempt authorization
try {
//通过投票器判断当前角色是否有权限访问该地址,如果没有权限则抛出异常,调用AffirmativeBased类中的decide的方法
this.accessDecisionManager.decide(authenticated, object, attributes);
}
catch (AccessDeniedException accessDeniedException) {
//授权不成功向外发布事件
publishEvent(new AuthorizationFailureEvent(object, attributes, authenticated,
accessDeniedException));
throw accessDeniedException;
}
publishEvent(new AuthorizedEvent(object, attributes, authenticated));
// 这里构建一个RunAsManager来替代当前的Authentication对象,默认情况下使用的是NullRunAsManager会把SecurityContextHolder中的Authentication对象清空
Authentication runAs = this.runAsManager.buildRunAs(authenticated, object, attributes);
if (runAs == null) {
// no further work post-invocation
return new InterceptorStatusToken(authenticated, false, attributes, object);
} else {
SecurityContextHolder.getContext().setAuthentication(runAs);
// need to revert to token.Authenticated post-invocation
return new InterceptorStatusToken(authenticated, true, attributes, object);
}
}
//代码略.....................
}
//决策器
public class AffirmativeBased extends AbstractAccessDecisionManager {
//代码略.....................
public void decide(Authentication authentication, Object object, Collection configAttributes)
throws AccessDeniedException {
int deny = 0;
//依次使用各个投票器进行投票,并对投票结果进行计票
for (AccessDecisionVoter voter : getDecisionVoters()) {
int result = voter.vote(authentication, object, configAttributes);
if (logger.isDebugEnabled()) {
logger.debug("Voter: " + voter + ", returned: " + result);
}
//这是对投票结果进行处理,如果遇到其中一票通过,那就授权通过,如果是弃权或者反对,那就继续投票
switch (result) {
case AccessDecisionVoter.ACCESS_GRANTED: //result:1
return;
case AccessDecisionVoter.ACCESS_DENIED: //result:-1
//这里对反对票进行计数
deny++;
break;
default:
break;
}
}
//如果有反对票,抛出异常,整个授权不通过
if (deny > 0) {
throw new AccessDeniedException(messages.getMessage("AbstractAccessDecisionManager.accessDenied",
"Access is denied"));
}
//这里对弃权票进行处理,看看是全是弃权票的决定情况,默认是不通过,由allowIfAllAbstainDecisions变量控制
checkAllowIfAllAbstainDecisions();
}
//代码略.....................
}
//角色投票器
public class RoleVoter implements AccessDecisionVoter {
//代码略.....................
public int vote(Authentication authentication, Object object, Collection attributes) {
int result = ACCESS_ABSTAIN;
Collection authorities = extractAuthorities(authentication);
for (ConfigAttribute attribute : attributes) {//这里取得资源的安全配置
if (this.supports(attribute)) {
result = ACCESS_DENIED;
//这里对资源配置的安全授权级别进行判断,也就是匹配ROLE为前缀的角色配置
//遍历每个配置属性,如果其中一个匹配该主体持有的GrantedAuthority,则访问被允许。
//当前用户拥有的角色集合,当有任何一个角色满足时授予权限
for (GrantedAuthority authority : authorities) {
if (attribute.getAttribute().equals(authority.getAuthority())) {
return ACCESS_GRANTED;
}
}
}
}
return result;
}
Collection extractAuthorities(Authentication authentication) {
return authentication.getAuthorities();
}
//代码略.....................
}
分享到:
发表评论
-
Spring扩展点
2015-08-17 11:14 2577Spring扩展点 1.IOC生成类全名 <!-- ... -
Spring AOP动态代理
2015-01-25 22:23 750package com.test.dynamicproxy; ... -
Spring加载资源并装配对象的过程
2015-01-25 22:20 10261. 定义好Spring的配置文件。 2. 通过Resourc ... -
(转载)Spring Bean 初始化过程
2013-05-10 13:10 1124Spring 的几个接口 1.InitializingBea ... -
(转载)浅谈Spring事务隔离级别
2013-04-15 14:45 953一、Propagation : key属 ... -
AOP+LOG4J日志框架(自定义注解)
2013-04-11 15:00 2701工作中用到日志功能,参考网上一些资料,写了个比较通用的日志框架 ... -
(转载)spring AOP获得session
2013-02-20 17:01 2365由于Spring 的AOP面向切面编程,与Servlet容器没 ... -
Quartz(三)原理及源码分析
2012-10-30 14:56 14012quartz配置文件中可以通过以下两种配置读取方式 org.q ... -
spring-security3(一)配置详解及API扩展(包含ajax返回)
2012-04-06 17:05 3774最近对spring-security3做了一些初步了解,搜集了 ... -
AOP+Ehcache 缓存框架
2011-12-14 16:49 1638AOP+Ehcache 实现缓存功能 设计思路:查询数据,通 ... -
JTA集成JOTM或Atomikos配置分布式事务(Tomcat应用服务器)
2010-01-15 21:01 6629一.以下介绍Spring中直接集成JOTM提供JTA事务管理、 ... -
Quartz(二)整合Spring容器中bean及动态调度任务
2010-01-13 10:01 7683Quartz 是开源任务调度框架中的翘首,它提供了强大任务 ... -
Quartz(一)在Spring中设置动态定时任务
2009-05-17 07:09 7751什么是动态定时任务: 是由客户制定生成的,服务端只知道该去执行 ... -
Spring邮件发送(可带附件,模板,群发,异步发送等功能)
2009-05-17 06:27 8683以下是我对spring发送邮件的总结: 分别使用了两种方法:单 ...
相关推荐
spring security oauth2的源码,方便研究,备份一下。
Spring_Security3_源码分析
对spring security3.x的源码进行详细讲解。
spring security源码分析.pdf
内含Spring Security 3 官方文档及互联网上收集的源码分析文档
Spring Security源码分析二:Spring Security 授权过程 Spring Security源码分析三:Spring Social 实现QQ社交登录 Spring Security源码分析四:Spring Social 实现微信社交登录 Spring Security源码分析五:Spring ...
Java流行框架源码分析:Spring源码、SpringBoot源码、SpringAOP源码、SpringSecurity源码、SpringSecurity OAuth2源码、JDK源码、Netty源码
spring security3 学习笔记和项目源码 供大家分享
springsecurity源码(鉴权有缺陷)
3.springSecurity源码分析1
集合源码分析 Spring Boot Frank 前言 Spring Boot 是简化Spring应用的创建、运行、调试、部署等一系列问题而诞生的产物,自动装配的特性可以让开发更专注于业务本身,而不是外部的XML配置,遵循规范开发,引入相关...
源码 快速开始 先决条件 开发环境 克隆代码库: git clone https://gitee.com/toopoo/SpringCloud.git 生成ide配置: mvn idea:idea 并导入对应的ide进行开发,IDE安装lombok插件 编译 & 启动 1.启动基础服务:docker...
SpringSecurity 全套开发,设计源码解读,整个拦截器链分析,QQ登录,微信登录,短信验证,短信登录,在security基础上学习写一个自定义验证授权设计模式,整套视频讲解的分享细致认真,非常值得学习。不管小白还是...
SpringSecurity 全套开发,设计源码解读,整个拦截器链分析,QQ登录,微信登录,短信验证,短信登录,在security基础上学习写一个自定义验证授权设计模式,整套视频讲解的分享细致认真,非常值得学习。
:check_mark_button: SpringSecurity原始码 :check_mark_button: SpringSecurity OAuth2原始码 :check_mark_button: JDK原始码 :check_mark_button: Dubbo原始码 Netty原始码 MyBatis原始码 SpringCloud原始码 ...
SpringSecurity 全套开发,设计源码解读,整个拦截器链分析,QQ登录,微信登录,短信验证,短信登录,在security基础上学习写一个自定义验证授权设计模式,整套视频讲解的分享细致认真,非常值得学习。
Java流行框架源码分析:Spring源码、SpringBoot源码、SpringAOP源码、SpringSecurity源码、SpringSecurity OAuth2源码、JDK源码、Netty源码
本文介绍了Spring Security命名空间配置的核心概念,并说明了Web应用程序中基于表单的简单身份验证所需的设置。
SpringSecurity权限认证功能,包含一个PPT和一个流程图,PPT从四个方法介绍了SpringSecurity。有SpringSecurity的历史,配置、源码分析、项目搭建;包含了如何定义更自由的权限认证