Please enable JavaScript.
Coggle requires JavaScript to display documents.
Spring security, SecurityFilter extends HttpFilter, Plain Spring Project,…
Spring security
Servlet filters
CsrfFilter
LogoutFilter
BasicAuthenticationFilter
Tries to find a Basic Auth HTTP Header on the request and if found, tries to authenticate the user with the header’s username and password
AnonymousAuthenticationFilter
SessionManagementFilter
RequestCacheAwareFilter
UsernamePasswordAuthenticationFilter
Tries to find a username/password request parameter/POST body and if found, tries to authenticate the user with those values.
DefaultLoginPageGeneratingFilter
Generates a login page for you, if you don’t explicitly disable that feature.
DefaultLogoutPageGeneratingFilter
Generates a logout page for you, if you don’t explicitly disable that feature.
FilterSecurityInterceptor
Does your authorization.
Authentication
UserDetailsService: Having access to the user’s password
Specify a UserDetailsService(AuthenticationManager)
custom implementation
configure one that Spring Security offers
JdbcUserDetailsManager
InMemoryUserDetailsManager
Specify a PasswordEncoder
AuthenticationProvider: Not having access to the user’s password
Authorization
SecurityFilter extends HttpFilter
browser request
Filter2
Filter3
DispatcherServlet
Plain Spring Project
spring-security-web
spring-security-config
to configure spring security
MyAdapter extends WebSecurityConfigurerAdapter
protected void configure(HttpSecurity http)
configure filterChain
What URLs to protect (authenticated()) and which ones are allowed (permitAll()). (formLogin)
Which authentication methods are allowed (formLogin(), httpBasic()) and how they are configured.
This approach is called
Method Security
add
EnableGlobalMethodSecurity
@PreAuthorize/@PostAuthorize
Secured
RolesAllowed
Spring Boot Project
spring-boot-starter-security
you can immediately start writing your WebSecurityConfigurerAdapter
FilterChain
protecting your web tier
protect your business logic
(@Controllers
)
dependencies
+
You’ll also need to configure the SecurityFilterChain in your web.xml