spring-security-reference-4.1.1.RELEASE资源-CSDN下载

需积分: 1 165 浏览量 2016-07-21 14:15:30 上传评论收藏 1.87MB PDF 举报

### Spring Security 4.1.1.RELEASE 相关知识点 #### 一、Spring Security 简介 ##### 1.1 什么是 Spring Security Spring Security 是一个强大的、高度可定制的身份验证和访问控制框架。它为 Java 应用程序提供了全面的安全服务，包括认证、授权、会话管理等。Spring Security 能够与任何基于 Java 的应用程序无缝集成，并且它支持多种部署环境，如传统的 Java EE 服务器或基于 Web 的应用服务器。 ##### 1.2 历史沿革 Spring Security 最初由 Ben Alex 创建于 2004 年，并随着 Spring 框架的发展而不断壮大。2006 年，Spring 安全项目正式成为 Spring 项目的一部分，并且随着时间的推移，它的功能不断完善，版本也不断更新。 ##### 1.3 版本编号规则 Spring Security 4.1.1.RELEASE 表示这是一个基于 Spring Security 4.1 系列的维护版本。Spring Security 的版本遵循语义版本规则，其中主版本号（如 4）表示不兼容的 API 更改；次版本号（如 1）表示向后兼容的功能性新增；修订版本号（如 1）表示向后兼容的 bug 修复。 ##### 1.4 获取 Spring Security Spring Security 可以通过多种方式获取： - **Maven**：通过在项目的 `pom.xml` 文件中添加 Maven 依赖来引入。 - Maven Repositories：可以指定中央仓库或其他第三方仓库地址。 - Spring Framework BOM：推荐使用 Spring BOM 来管理 Spring 生态系统中的依赖关系。 - Gradle：对于使用 Gradle 构建系统的项目，可以通过添加依赖到 `build.gradle` 文件来引入。 - **项目模块**：Spring Security 提供了多个模块以满足不同场景的需求： - Core (`spring-security-core.jar`)：提供核心安全服务。 - Remoting (`spring-security-remoting.jar`)：提供远程调用相关的安全服务。 - Web (`spring-security-web.jar`)：提供 Web 安全相关的功能。 - Config (`spring-security-config.jar`)：提供配置相关的功能。 - LDAP (`spring-security-ldap.jar`)：提供 LDAP 集成支持。 - ACL (`spring-security-acl.jar`)：提供基于权限的访问控制功能。 - CAS (`spring-security-cas.jar`)：提供对 CAS 协议的支持。 - OpenID (`spring-security-openid.jar`)：提供 OpenID 认证支持。 - Test (`spring-security-test.jar`)：提供测试工具类。 #### 二、Spring Security 4.1 新特性 ##### 2.1 Java 配置改进 Spring Security 4.1 在 Java 配置方面做了大量改进，使得配置更加灵活和简洁。 ##### 2.2 Web 应用安全改进增强了 Web 应用的安全性，例如改进了 CSRF 攻击防御机制、增强过滤器链配置灵活性等。 ##### 2.3 授权改进在授权方面进行了改进，例如增加了新的授权策略和方法，提高了授权过程的灵活性。 ##### 2.4 加密模块改进加密模块得到了增强，提供更加强大的密码学支持。 ##### 2.5 测试改进测试框架得到了改进，便于开发者进行单元测试和集成测试。 ##### 2.6 一般性改进此外，还有许多其他的一般性改进，包括性能优化、文档完善等。 #### 三、Spring Security 使用指南 ##### 3.1 Hello Web Security Java 配置 Spring Security 4.1 提供了一个简单的示例，用于展示如何使用 Java 配置实现基本的 Web 安全。这个示例通常包括定义一个 `WebSecurityConfigurerAdapter` 的子类，并重写相关方法以配置安全设置。 ##### 3.2 HttpSecurity `HttpSecurity` 类是 Spring Security 中的核心组件之一，用于配置 Web 应用的安全策略，包括认证、授权、登录/登出等功能。 ##### 3.3 Java 配置与表单登录通过 Java 配置的方式，可以轻松地实现表单登录功能。这通常涉及到对 `HttpSecurity` 对象的配置。 ##### 3.4 授权请求 `authorizeRequests()` 方法用于定义哪些资源需要被保护以及它们所需的访问权限。 ##### 3.5 处理登出 Spring Security 提供了灵活的登出机制，允许用户注销并清除其会话信息。这涉及到对 `logout()` 方法的配置。 ##### 3.6 认证认证是 Spring Security 中的一个重要部分。它可以使用多种方式实现，包括内存认证、数据库认证、LDAP 认证等。 - **内存认证**：适用于开发阶段或小型项目，将用户凭证存储在内存中。 - **数据库认证**：使用 JDBC 或 Hibernate 等技术从数据库中检索用户凭证。 - **LDAP 认证**：通过连接到 LDAP 服务器来验证用户身份。 - **自定义认证**：通过实现 `AuthenticationProvider` 接口来自定义认证逻辑。 ##### 3.7 多个 HttpSecurity 当一个应用中有多个不同的安全区域时，可以使用多个 `HttpSecurity` 实例来配置不同的安全策略。 ##### 3.8 方法级安全除了 Web 层面的安全控制外，Spring Security 还支持在业务逻辑层实现细粒度的安全控制。这通常通过启用全局方法安全来实现。 - **启用全局方法安全**：通过注解 `@EnableGlobalMethodSecurity` 启用全局方法安全支持。 #### 四、总结 Spring Security 4.1.1.RELEASE 是一个功能强大的安全框架版本，不仅提供了丰富的安全特性和功能，还对原有的特性进行了大量的改进和优化。无论是在 Java 配置方面、Web 安全方面还是授权、加密等方面都进行了显著的改进。这对于需要构建安全可靠的 Web 应用的开发者来说，无疑是一个非常有用的工具。通过深入学习 Spring Security 的文档和实践，可以更好地利用这些新特性来提升应用程序的安全性。

资源推荐

资源详情

资源评论

Spring Security Reference

4.1.1.RELEASE

Ben Alex , Luke Taylor , Rob Winch , Gunnar Hillert

Spring Security Reference

4.1.1.RELEASE Spring Security iii

Table of Contents

.............................................................................................................................................. xvii

I. Preface ................................................................................................................................... 1

1. Getting Started ............................................................................................................... 3

2. Introduction .................................................................................................................... 4

2.1. What is Spring Security? ..................................................................................... 4

2.2. History ................................................................................................................ 6

2.3. Release Numbering ............................................................................................. 6

2.4. Getting Spring Security ........................................................................................ 7

Usage with Maven ............................................................................................. 7

Maven Repositories .................................................................................... 7

Spring Framework Bom .............................................................................. 8

Gradle ............................................................................................................... 8

Gradle Repositories .................................................................................... 8

Using Spring 4.0.x and Gradle .................................................................... 9

Project Modules ................................................................................................. 9

Core - spring-security-core.jar ..................................................................... 9

Remoting - spring-security-remoting.jar ...................................................... 10

Web - spring-security-web.jar .................................................................... 10

Config - spring-security-config.jar .............................................................. 10

LDAP - spring-security-ldap.jar .................................................................. 10

ACL - spring-security-acl.jar ...................................................................... 10

CAS - spring-security-cas.jar ..................................................................... 10

OpenID - spring-security-openid.jar ............................................................ 10

Test - spring-security-test.jar ..................................................................... 10

Checking out the Source .................................................................................. 10

3. What’s New in Spring Security 4.1 ................................................................................ 12

3.1. Java Configuration Improvements ....................................................................... 12

3.2. Web Application Security Improvements ............................................................. 12

3.3. Authorization Improvements ............................................................................... 12

3.4. Crypto Module Improvements ............................................................................. 12

3.5. Testing Improvements ........................................................................................ 12

3.6. General Improvements ....................................................................................... 13

4. Samples and Guides (Start Here) ................................................................................. 14

5. Java Configuration ....................................................................................................... 15

5.1. Hello Web Security Java Configuration ............................................................... 15

AbstractSecurityWebApplicationInitializer ........................................................... 16

AbstractSecurityWebApplicationInitializer without Existing Spring ......................... 16

AbstractSecurityWebApplicationInitializer with Spring MVC ................................. 17

5.2. HttpSecurity ....................................................................................................... 17

5.3. Java Configuration and Form Login .................................................................... 18

5.4. Authorize Requests ........................................................................................... 19

5.5. Handling Logouts ............................................................................................... 20

LogoutHandler .................................................................................................. 21

LogoutSuccessHandler ..................................................................................... 21

Further Logout-Related References ................................................................... 21

5.6. Authentication .................................................................................................... 22

In Memory Authentication ................................................................................. 22

Spring Security Reference

4.1.1.RELEASE Spring Security iv

JDBC Authentication ......................................................................................... 22

LDAP Authentication ......................................................................................... 22

AuthenticationProvider ...................................................................................... 23

UserDetailsService ........................................................................................... 23

LDAP Authentication ......................................................................................... 24

5.7. Multiple HttpSecurity .......................................................................................... 24

5.8. Method Security ................................................................................................ 25

EnableGlobalMethodSecurity ............................................................................. 25

GlobalMethodSecurityConfiguration ................................................................... 26

5.9. Post Processing Configured Objects ................................................................... 26

6. Security Namespace Configuration ................................................................................ 28

6.1. Introduction ....................................................................................................... 28

Design of the Namespace ................................................................................ 29

6.2. Getting Started with Security Namespace Configuration ....................................... 29

web.xml Configuration ...................................................................................... 29

A Minimal <http> Configuration ......................................................................... 30

Form and Basic Login Options .......................................................................... 31

Setting a Default Post-Login Destination .................................................... 32

Logout Handling ............................................................................................... 32

Using other Authentication Providers ................................................................. 32

Adding a Password Encoder ..................................................................... 33

6.3. Advanced Web Features .................................................................................... 34

Remember-Me Authentication ........................................................................... 34

Adding HTTP/HTTPS Channel Security ............................................................. 34

Session Management ....................................................................................... 34

Detecting Timeouts ................................................................................... 34

Concurrent Session Control ...................................................................... 35

Session Fixation Attack Protection ............................................................. 36

OpenID Support ............................................................................................... 36

Attribute Exchange ................................................................................... 37

Response Headers ........................................................................................... 37

Adding in Your Own Filters ............................................................................... 37

Setting a Custom AuthenticationEntryPoint ................................................ 39

6.4. Method Security ................................................................................................ 39

The <global-method-security> Element .............................................................. 39

Adding Security Pointcuts using protect-pointcut ......................................... 41

6.5. The Default AccessDecisionManager .................................................................. 41

Customizing the AccessDecisionManager .......................................................... 41

6.6. The Authentication Manager and the Namespace ................................................ 41

7. Sample Applications ..................................................................................................... 43

7.1. Tutorial Sample ................................................................................................. 43

7.2. Contacts ............................................................................................................ 43

7.3. LDAP Sample ................................................................................................... 44

7.4. OpenID Sample ................................................................................................. 44

7.5. CAS Sample ..................................................................................................... 45

7.6. JAAS Sample .................................................................................................... 45

7.7. Pre-Authentication Sample ................................................................................. 45

8. Spring Security Community ........................................................................................... 46

8.1. Issue Tracking ................................................................................................... 46

8.2. Becoming Involved ............................................................................................ 46

Spring Security Reference

4.1.1.RELEASE Spring Security v

8.3. Further Information ............................................................................................ 46

II. Architecture and Implementation ........................................................................................... 47

9. Technical Overview ...................................................................................................... 48

9.1. Runtime Environment ......................................................................................... 48

9.2. Core Components ............................................................................................. 48

SecurityContextHolder, SecurityContext and Authentication Objects .................... 48

Obtaining information about the current user .............................................. 48

The UserDetailsService .................................................................................... 49

GrantedAuthority .............................................................................................. 50

Summary ......................................................................................................... 50

9.3. Authentication .................................................................................................... 50

What is authentication in Spring Security? ......................................................... 50

Setting the SecurityContextHolder Contents Directly ........................................... 53

9.4. Authentication in a Web Application .................................................................... 53

ExceptionTranslationFilter ................................................................................. 54

AuthenticationEntryPoint ................................................................................... 54

Authentication Mechanism ................................................................................ 54

Storing the SecurityContext between requests ................................................... 54

9.5. Access-Control (Authorization) in Spring Security ................................................ 55

Security and AOP Advice ................................................................................. 55

Secure Objects and the AbstractSecurityInterceptor ........................................... 56

What are Configuration Attributes? ............................................................ 56

RunAsManager ........................................................................................ 56

AfterInvocationManager ............................................................................ 57

Extending the Secure Object Model .......................................................... 58

9.6. Localization ....................................................................................................... 58

10. Core Services ............................................................................................................ 60

10.1. The AuthenticationManager, ProviderManager and AuthenticationProvider ........... 60

Erasing Credentials on Successful Authentication ............................................... 61

DaoAuthenticationProvider ................................................................................ 61

10.2. UserDetailsService Implementations ................................................................. 61

In-Memory Authentication ................................................................................. 62

JdbcDaoImpl .................................................................................................... 62

Authority Groups ...................................................................................... 63

10.3. Password Encoding ......................................................................................... 63

What is a hash? ............................................................................................... 63

Adding Salt to a Hash ...................................................................................... 63

Hashing and Authentication .............................................................................. 64

III. Testing ................................................................................................................................ 65

11. Testing Method Security ............................................................................................. 66

11.1. Security Test Setup ......................................................................................... 66

11.2. @WithMockUser .............................................................................................. 67

11.3. @WithAnonymousUser .................................................................................... 68

11.4. @WithUserDetails ............................................................................................ 68

11.5. @WithSecurityContext ...................................................................................... 69

11.6. Test Meta Annotations ..................................................................................... 70

12. Spring MVC Test Integration ....................................................................................... 72

12.1. Setting Up MockMvc and Spring Security .......................................................... 72

12.2. SecurityMockMvcRequestPostProcessors .......................................................... 72

Testing with CSRF Protection ........................................................................... 72

剩余276页未读，继续阅读

评论收藏

内容反馈

qinxike

粉丝: 37

spring-security-reference-4.1.1.RELEASE

spring-framework-4.1.1.RELEASE-dist

spring-core-4.1.1.RELEASE.jar

spring-jdbc-4.1.1.RELEASE.zip

spring-webmvc-4.1.1.RELEASE.jar

spring-security-3.1.0.RELEASE

spring-security-3.1.3.RELEASE

spring-security-3.0.2.RELEASE

spring-framework-4.1.5.RELEASE

spring-framework-4.1.3.RELEASE

spring-core-4.2.1.RELEASE.jar

gradle-4.1.1.pom

spring-tool-suite-4-4.1.1.RELEASE-e4.10.0-win32.win32.x86_64.zip

javaweb项目常用jar包

spring和hibernate__jar包,详细说明看jar包列表

spring-security-4.2.5.RELEASE

spring-framework-4.1.9.RELEASE

spring-framework-4.1.2.RELEASE

spring-security-4.2.0.RELEASE

spring-security-taglibs:4.1.3.RELEASE

spring security 4 需要 jar 包

spring-framework-4.1.1.RELEASE-schema

poi-4.1.1.jar

spring4.1核心包

spring-framework-4.1.1.RELEASE-docs

spring-test-4.1.6.RELEASE

spring-framework-4.1.7.RELEASE

spring-framework-4.1.6.RELEASE

spring-security-4.2.3.RELEASE

aip-java-version-sdk-4.1.1

一文读懂MQTT协议

Android应用源码之MineSweeper由java实现.rar

最新资源