SpringSecurity-01

最新推荐文章于 2023-04-07 12:18:00 发布
最新推荐文章于 2023-04-07 12:18:00 发布
阅读量89 收藏
点赞数
分类专栏: spring 文章标签: spring java
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/qq_43676797/article/details/119841856
版权

SpringSecurity初体验

第一步:创建SpringBoot项目
第二步:导入依赖

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>
    <parent>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-parent</artifactId>
        <version>2.4.2</version>
        <relativePath/> <!-- lookup parent from repository -->
    </parent>
    <groupId>com.shao</groupId>
    <artifactId>securitydemo01</artifactId>
    <version>0.0.1-SNAPSHOT</version>
    <name>securitydemo01</name>
    <description>Demo project for Spring Boot</description>
    <properties>
        <java.version>11</java.version>
    </properties>
    <dependencies>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-web</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-security</artifactId>
        </dependency>

        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-test</artifactId>
            <scope>test</scope>
        </dependency>
    </dependencies>

    <build>
        <plugins>
            <plugin>
                <groupId>org.springframework.boot</groupId>
                <artifactId>spring-boot-maven-plugin</artifactId>
            </plugin>
        </plugins>
    </build>

</project>

第三步:创建测试的Controller

package com.shao.securitydemo01.controller;

import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

@RestController
@RequestMapping("/test")
public class TestController {

    @GetMapping("hello")
    public String Hello(){
        return "hello security !";
    }
}

第四步:网页测试及结果:

网页输入地址:http://localhost:8811/test/hello
我们会发现会出现一个security默认的登陆框,这说明Security已经起作用了.

Security基本原理

1.Security底层本质是一个一个的过滤器组成的过滤器链,在springboot启动时会自动加载这些过滤器,接下来看几个简单的过滤器:
FilterSecurityInterceptor:这是一个方法过滤器,位于过滤器链的最底层(最后一个过滤器):

package org.springframework.security.web.access.intercept;

import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import org.springframework.security.access.SecurityMetadataSource;
import org.springframework.security.access.intercept.AbstractSecurityInterceptor;
import org.springframework.security.access.intercept.InterceptorStatusToken;
import org.springframework.security.web.FilterInvocation;
//继承了Filter,说明是一个过滤器
public class FilterSecurityInterceptor extends AbstractSecurityInterceptor implements Filter {
    private static final String FILTER_APPLIED = "__spring_security_filterSecurityInterceptor_filterApplied";
    private FilterInvocationSecurityMetadataSource securityMetadataSource;
    private boolean observeOncePerRequest = true;

    public FilterSecurityInterceptor() {
    }

    public void init(FilterConfig arg0) {
    }

    public void destroy() {
    }
	//dofilter方法中执行真正过滤的方法--invoke方法
    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
        this.invoke(new FilterInvocation(request, response, chain));
    }

    public FilterInvocationSecurityMetadataSource getSecurityMetadataSource() {
        return this.securityMetadataSource;
    }

    public SecurityMetadataSource obtainSecurityMetadataSource() {
        return this.securityMetadataSource;
    }

    public void setSecurityMetadataSource(FilterInvocationSecurityMetadataSource newSource) {
        this.securityMetadataSource = newSource;
    }

    public Class<?> getSecureObjectClass() {
        return FilterInvocation.class;
    }

    public void invoke(FilterInvocation filterInvocation) throws IOException, ServletException {
        if (this.isApplied(filterInvocation) && this.observeOncePerRequest) {
            filterInvocation.getChain().doFilter(filterInvocation.getRequest(), filterInvocation.getResponse());
        } else {
            if (filterInvocation.getRequest() != null && this.observeOncePerRequest) {
                filterInvocation.getRequest().setAttribute("__spring_security_filterSecurityInterceptor_filterApplied", Boolean.TRUE);
            }
			//判断之前的过滤器是否通过
            InterceptorStatusToken token = super.beforeInvocation(filterInvocation);
			//执行本身的过滤器方法
            try {
                filterInvocation.getChain().doFilter(filterInvocation.getRequest(), filterInvocation.getResponse());
            } finally {
                super.finallyInvocation(token);
            }

            super.afterInvocation(token, (Object)null);
        }
    }

    private boolean isApplied(FilterInvocation filterInvocation) {
        return filterInvocation.getRequest() != null && filterInvocation.getRequest().getAttribute("__spring_security_filterSecurityInterceptor_filterApplied") != null;
    }

    public boolean isObserveOncePerRequest() {
        return this.observeOncePerRequest;
    }

    public void setObserveOncePerRequest(boolean observeOncePerRequest) {
        this.observeOncePerRequest = observeOncePerRequest;
    }
}

ExceptionTranslationFiler:这是一个异常过滤器,用来处理在认证和授权过程中抛出的异常:

package org.springframework.security.web.access;

import java.io.IOException;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.context.support.MessageSourceAccessor;
import org.springframework.core.log.LogMessage;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.authentication.AuthenticationTrustResolver;
import org.springframework.security.authentication.AuthenticationTrustResolverImpl;
import org.springframework.security.authentication.InsufficientAuthenticationException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.SpringSecurityMessageSource;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.security.web.savedrequest.HttpSessionRequestCache;
import org.springframework.security.web.savedrequest.RequestCache;
import org.springframework.security.web.util.ThrowableAnalyzer;
import org.springframework.util.Assert;
import org.springframework.web.filter.GenericFilterBean;

public class ExceptionTranslationFilter extends GenericFilterBean {
    private AccessDeniedHandler accessDeniedHandler;
    private AuthenticationEntryPoint authenticationEntryPoint;
    private AuthenticationTrustResolver authenticationTrustResolver;
    private ThrowableAnalyzer throwableAnalyzer;
    private RequestCache requestCache;
    private final MessageSourceAccessor messages;

    public ExceptionTranslationFilter(AuthenticationEntryPoint authenticationEntryPoint) {
        this(authenticationEntryPoint, new HttpSessionRequestCache());
    }

    public ExceptionTranslationFilter(AuthenticationEntryPoint authenticationEntryPoint, RequestCache requestCache) {
        this.accessDeniedHandler = new AccessDeniedHandlerImpl();
        this.authenticationTrustResolver = new AuthenticationTrustResolverImpl();
        this.throwableAnalyzer = new ExceptionTranslationFilter.DefaultThrowableAnalyzer();
        this.requestCache = new HttpSessionRequestCache();
        this.messages = SpringSecurityMessageSource.getAccessor();
        Assert.notNull(authenticationEntryPoint, "authenticationEntryPoint cannot be null");
        Assert.notNull(requestCache, "requestCache cannot be null");
        this.authenticationEntryPoint = authenticationEntryPoint;
        this.requestCache = requestCache;
    }

    public void afterPropertiesSet() {
        Assert.notNull(this.authenticationEntryPoint, "authenticationEntryPoint must be specified");
    }

    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
        this.doFilter((HttpServletRequest)request, (HttpServletResponse)response, chain);
    }

    private void doFilter(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException {
        try {
            chain.doFilter(request, response);
        } catch (IOException var7) {
            throw var7;
        } catch (Exception var8) {
            Throwable[] causeChain = this.throwableAnalyzer.determineCauseChain(var8);
            RuntimeException securityException = (AuthenticationException)this.throwableAnalyzer.getFirstThrowableOfType(AuthenticationException.class, causeChain);
            if (securityException == null) {
                securityException = (AccessDeniedException)this.throwableAnalyzer.getFirstThrowableOfType(AccessDeniedException.class, causeChain);
            }

            if (securityException == null) {
                this.rethrow(var8);
            }

            if (response.isCommitted()) {
                throw new ServletException("Unable to handle the Spring Security Exception because the response is already committed.", var8);
            }

            this.handleSpringSecurityException(request, response, chain, (RuntimeException)securityException);
        }

    }

    private void rethrow(Exception ex) throws ServletException {
        if (ex instanceof ServletException) {
            throw (ServletException)ex;
        } else if (ex instanceof RuntimeException) {
            throw (RuntimeException)ex;
        } else {
            throw new RuntimeException(ex);
        }
    }

    public AuthenticationEntryPoint getAuthenticationEntryPoint() {
        return this.authenticationEntryPoint;
    }

    protected AuthenticationTrustResolver getAuthenticationTrustResolver() {
        return this.authenticationTrustResolver;
    }

    private void handleSpringSecurityException(HttpServletRequest request, HttpServletResponse response, FilterChain chain, RuntimeException exception) throws IOException, ServletException {
        if (exception instanceof AuthenticationException) {
            this.handleAuthenticationException(request, response, chain, (AuthenticationException)exception);
        } else if (exception instanceof AccessDeniedException) {
            this.handleAccessDeniedException(request, response, chain, (AccessDeniedException)exception);
        }

    }

    private void handleAuthenticationException(HttpServletRequest request, HttpServletResponse response, FilterChain chain, AuthenticationException exception) throws ServletException, IOException {
        this.logger.trace("Sending to authentication entry point since authentication failed", exception);
        this.sendStartAuthentication(request, response, chain, exception);
    }

    private void handleAccessDeniedException(HttpServletRequest request, HttpServletResponse response, FilterChain chain, AccessDeniedException exception) throws ServletException, IOException {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        boolean isAnonymous = this.authenticationTrustResolver.isAnonymous(authentication);
        if (!isAnonymous && !this.authenticationTrustResolver.isRememberMe(authentication)) {
            if (this.logger.isTraceEnabled()) {
                this.logger.trace(LogMessage.format("Sending %s to access denied handler since access is denied", authentication), exception);
            }

            this.accessDeniedHandler.handle(request, response, exception);
        } else {
            if (this.logger.isTraceEnabled()) {
                this.logger.trace(LogMessage.format("Sending %s to authentication entry point since access is denied", authentication), exception);
            }

            this.sendStartAuthentication(request, response, chain, new InsufficientAuthenticationException(this.messages.getMessage("ExceptionTranslationFilter.insufficientAuthentication", "Full authentication is required to access this resource")));
        }

    }

    protected void sendStartAuthentication(HttpServletRequest request, HttpServletResponse response, FilterChain chain, AuthenticationException reason) throws ServletException, IOException {
        SecurityContextHolder.getContext().setAuthentication((Authentication)null);
        this.requestCache.saveRequest(request, response);
        this.authenticationEntryPoint.commence(request, response, reason);
    }

    public void setAccessDeniedHandler(AccessDeniedHandler accessDeniedHandler) {
        Assert.notNull(accessDeniedHandler, "AccessDeniedHandler required");
        this.accessDeniedHandler = accessDeniedHandler;
    }

    public void setAuthenticationTrustResolver(AuthenticationTrustResolver authenticationTrustResolver) {
        Assert.notNull(authenticationTrustResolver, "authenticationTrustResolver must not be null");
        this.authenticationTrustResolver = authenticationTrustResolver;
    }

    public void setThrowableAnalyzer(ThrowableAnalyzer throwableAnalyzer) {
        Assert.notNull(throwableAnalyzer, "throwableAnalyzer must not be null");
        this.throwableAnalyzer = throwableAnalyzer;
    }

    private static final class DefaultThrowableAnalyzer extends ThrowableAnalyzer {
        private DefaultThrowableAnalyzer() {
        }

        protected void initExtractorMap() {
            super.initExtractorMap();
            this.registerExtractor(ServletException.class, (throwable) -> {
                ThrowableAnalyzer.verifyThrowableHierarchy(throwable, ServletException.class);
                return ((ServletException)throwable).getRootCause();
            });
        }
    }
}

UsernamePasswordAuthenticationFilter:对/login的Post请求做拦截,校验表单中的用户名和密码:

//
// Source code recreated from a .class file by IntelliJ IDEA
// (powered by FernFlower decompiler)
//

package org.springframework.security.web.authentication;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.lang.Nullable;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.util.Assert;

public class UsernamePasswordAuthenticationFilter extends AbstractAuthenticationProcessingFilter {
    public static final String SPRING_SECURITY_FORM_USERNAME_KEY = "username";
    public static final String SPRING_SECURITY_FORM_PASSWORD_KEY = "password";
    private static final AntPathRequestMatcher DEFAULT_ANT_PATH_REQUEST_MATCHER = new AntPathRequestMatcher("/login", "POST");
    private String usernameParameter = "username";
    private String passwordParameter = "password";
    private boolean postOnly = true;

    public UsernamePasswordAuthenticationFilter() {
        super(DEFAULT_ANT_PATH_REQUEST_MATCHER);
    }

    public UsernamePasswordAuthenticationFilter(AuthenticationManager authenticationManager) {
        super(DEFAULT_ANT_PATH_REQUEST_MATCHER, authenticationManager);
    }

    public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException {
        if (this.postOnly && !request.getMethod().equals("POST")) {
            throw new AuthenticationServiceException("Authentication method not supported: " + request.getMethod());
        } else {
            String username = this.obtainUsername(request);
            username = username != null ? username : "";
            username = username.trim();
            String password = this.obtainPassword(request);
            password = password != null ? password : "";
            UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(username, password);
            this.setDetails(request, authRequest);
            return this.getAuthenticationManager().authenticate(authRequest);
        }
    }

    @Nullable
    protected String obtainPassword(HttpServletRequest request) {
        return request.getParameter(this.passwordParameter);
    }

    @Nullable
    protected String obtainUsername(HttpServletRequest request) {
        return request.getParameter(this.usernameParameter);
    }

    protected void setDetails(HttpServletRequest request, UsernamePasswordAuthenticationToken authRequest) {
        authRequest.setDetails(this.authenticationDetailsSource.buildDetails(request));
    }

    public void setUsernameParameter(String usernameParameter) {
        Assert.hasText(usernameParameter, "Username parameter must not be empty or null");
        this.usernameParameter = usernameParameter;
    }

    public void setPasswordParameter(String passwordParameter) {
        Assert.hasText(passwordParameter, "Password parameter must not be empty or null");
        this.passwordParameter = passwordParameter;
    }

    public void setPostOnly(boolean postOnly) {
        this.postOnly = postOnly;
    }

    public final String getUsernameParameter() {
        return this.usernameParameter;
    }

    public final String getPasswordParameter() {
        return this.passwordParameter;
    }
}

2.过滤器的加载过程.
因为我们开发过程中用的spring boot来集成Security,索引不需要我们自己配置,springboot已经帮助我们自动配置好了.如果不使用springboot那我们就要了解它的加载过程.

过滤器名字:DelegatFilterProxy

//在这个过滤器中的doFilter调用了initDelegate方法.在这个方法中获得一个Bean叫做FilterChainProxy
  protected Filter initDelegate(WebApplicationContext wac) throws ServletException {
        String targetBeanName = this.getTargetBeanName();
        Assert.state(targetBeanName != null, "No target bean name set");
        Filter delegate = (Filter)wac.getBean(targetBeanName, Filter.class);
        if (this.isTargetFilterLifecycle()) {
            delegate.init(this.getFilterConfig());
        }

        return delegate;
    }
    //在FilterChainProxy这个过滤器中的doFilter中调用了doFilterInternal方法,这个方法中的getFilters方法来获取Security中的所有过滤器
        private void doFilterInternal(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
        FirewalledRequest firewallRequest = this.firewall.getFirewalledRequest((HttpServletRequest)request);
        HttpServletResponse firewallResponse = this.firewall.getFirewalledResponse((HttpServletResponse)response);
        List<Filter> filters = this.getFilters((HttpServletRequest)firewallRequest);
        if (filters != null && filters.size() != 0) {
            if (logger.isDebugEnabled()) {
                logger.debug(LogMessage.of(() -> {
                    return "Securing " + requestLine(firewallRequest);
                }));
            }

            FilterChainProxy.VirtualFilterChain virtualFilterChain = new FilterChainProxy.VirtualFilterChain(firewallRequest, chain, filters);
            virtualFilterChain.doFilter(firewallRequest, firewallResponse);
        } else {
            if (logger.isTraceEnabled()) {
                logger.trace(LogMessage.of(() -> {
                    return "No security for " + requestLine(firewallRequest);
                }));
            }

            firewallRequest.reset();
            chain.doFilter(firewallRequest, firewallResponse);
        }
    }

3.UserDatailsService和PasswordEncoder接口
3.1:UserDatailsService接口:查询数据库用户名和密码的过程

当我们什么都没有配置的时候,账号和密码都是由Security自动生成的.而在实际开发中账号和密码都是从数据库中查询出来的,所以我们要通过自定义逻辑控制认证逻辑.我们只需要继承UserDatailsServicejike接口即可.

在我们的开发过程中实际上是自己写一个过滤器来继承UsernamePasswordAuthenticationFilter这个过滤器,重写里面的attempAuthenicationFilter()这个方法进行用户名密码验证,重写它父类里面的successfulAuthentication()和unsuccessfulAuthentication()方法进行认证成功的操作和认证失败的操作.
在上面这个过滤器中我们的用户名和密码都是从数据库中进行查询的,这些操作就要写在UserDatailsService接口的实现类中.

具体的操作就是写一个类来继承UserDatailsService接口,接口中有一个方法loadUserByUsername()方法.通过用户名查询用户信息,最终创建Security中的User对象,用户名密码和权限等信息.

3.2.PasswordEncoder接口:

数据加密接口,用于返回User对象里面密码加密,Security只认识这种加密方式.

让你三行代码QAQ
关注
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
专栏目录
01-SpringSecurity-Demo.zip
09-18
SpringSecurity学习配套代码 ,配合本人的Spring全家桶之 SpringSecurity 的这篇博文一起使用,效果更佳
spring-security 异常 求解决
chao331303的专栏
06-27 6167
严重: Exception sending context initialized event to listener instance of class org.springframework.web.context.ContextLoaderListener org.springframework.beans.factory.BeanCreationException: Error creat
java.lang.ClassCastException: org.springframework.web.filter.DelegatingFilterProxy cannot be cast to
qq_40155654的博客
10-19 2511
导入maven项目报了一下错误: SEVERE: Exception starting filter HttpPutFormContentFilter java.lang.ClassCastException: org.springframework.web.filter.HttpPutFormContentFilter cannot be cast to javax.servlet.Filt...
Spring Security 前端密钥加密传输/后端解密处理
点滴记录
01-11 1610
Spring Security 前端密钥加密传输/后端解密处理
二、SpringSecurity 自定义手机验证登录方式
时间海绵
05-24 1112
本文在SpringSecurity框架上进行扩展实现自定义手机验证码功能,同时分析实现原理,方便扩展成其它登录方式
java.lang.ClassCastException: org.springframework.web.filter.CharacterEncodingFilter cannot be cast
qq_30525851的博客
09-04 8143
严重: Exception starting filter encodingFilter java.lang.ClassCastException: org.springframework.web.filter.CharacterEncodingFilter cannot be cast to javax.servlet.Filter at org.apache.catalina.core.A
springcloud-learn01
03-30
springcloud-learning ├── eureka-server -- eureka注册中心 ├── eureka-security-server -- 带登录认证的eureka注册中心 ├── eureka-client -- eureka客户端 ├── user-service -- 提供User对象CRUD接口...
Spring security 认证-ch01
03-12
Spring security 认证-ch01简单例子,jar包齐全,可运行。编译初学者谢谢。如果想进一步了解,请关注Spring security 认证ch02.
2021-01-26-SpringSecurity-OAUTH2-密码模式获取token-源码包hrm-itsource.rar
01-26
2021-01-26-SpringSecurity-OAUTH2-密码模式获取token-源码包hrm-itsource.rar
Spring Security-3.0.1中文官方文档(翻译版)
03-08
另:Spring Security 从2010-01-01 以后,版本控制从SVN 换成了GIT,我们在翻译文档的 时候,主要是根据SVN 的变化来进行文档内容的比对,这次换成GIT 后,感觉缺少了之前 那种文本比对工具,如果有对GIT 熟悉的...
java.lang.ClassCastException: class org.springframework.web.filter.CharacterEncodingFilter cannot...
qq_43794633的博客
07-31 2544
在狂神说java的整合ssm项目中,出现强制类型转化异常java.lang.ClassCastException: class org.springframework.web.filter.CharacterEncodingFilter cannot be cast to class jakarta.servlet.filter,找到半天发现是由于tomcat10把 javax.servlet 都改为了jakarta.servlet,然后在web.xml中的乱码过滤那里使用的过滤器是继承自javax.ser
spring security自定义权限拦截FilterInvocationSecurityMetadataSource
热门推荐
lichuangcsdn的博客
07-08 2万+
一般情况下,我们如果需要自定义权限拦截,则需要涉及到FilterInvocationSecurityMetadataSource这个接口了。 这里有个坑爹的地方。如果用户未登录,但是已经设置了拦截白名单的URL,仍然会进入到权限验证里面来。起初,我以为不会进来,但后来跟踪源代码发现,还是会进来。只是此时的身份是一个匿名用户。其默认的实现为DefaultFilterInvocationSecuri...
浅谈 SpringSecurity使用方式——认证流程及原理(三)
小爽帅到拖网速的博客
09-11 1107
3、Spring Security认证原理 3.1、认证流程 Spring Security是如何完成身份认证的? 1、用户名和密码被UsernamePasswordAuthenticationFilter过滤器获取到,封装成 Authentication ,通常情况下是UsernamePasswordAuthenticationToken 这个实现类。 2、AuthenticationManager 身份管理器(委托给DaoAuthenticationProvider调用UserDeatilsServic
Spring Security : 概念模型 SecurityMetadataSource
Details Inside Spring
06-23 5260
概述 介绍 SecurityMetadataSource是Spring Security的一个概念模型接口。用于表示对受权限保护的"安全对象"的权限设置信息。一个该类对象可以被理解成一个映射表,映射表中的每一项包含如下信息 : * 安全对象 * 安全对象所需权限信息 围绕该映射表,SecurityMetadataSource 定义了如下方法 : Collection<ConfigAttri...
解决自定义securityMetadataSource不能使用依赖注入的问题,nullpointer问题,空指针问题
极品小肥羊的博客
07-12 6288
spring3,spring security,MySecurityMetadataSource,自定义securityMetadataSource,依赖注入,注解,注入,空指针异常,nullpointer,service 解决自定义securityMetadataSource不能使用依赖注入的问题,nullpointer问题,空指针问题  我在配置spring3和S
Spring Security API: SecurityMetadataSource
dengdeying的博客
12-29 405
文章目录SecurityMetadataSourceDeclaredClass JdocgetAttributesDeclaredMethod JdocgetAllConfigAttributesDeclaredMethod JdocsupportsDeclared SecurityMetadataSource Declared package org.springframework.securi...
关于spring security4.0以上版本自定义配置的问题及解决笔录
晚秋的风
08-08 4974
由于项目框架古老spring3.0 spring security2.0.4,但功能齐全,所以个人想要升级各个jar包版本,以减少不必要的已知bug 目标更换为spring security4.2 spring data换为最新 问题1:spring版本不匹配,jar包冲突 这个是最好解决的,先把spring security做最基础配置,换几个理论上兼容的spring版本试试就行,最终选定...
Spring Security 6.x 系列【15】认证篇之实现短信验证码登录功能
记录知识、锤炼自我
04-07 8354
我们也了解过**用户名密码**表单登录流程,我们可以完全按照表单登录流程,自定义**短信验证码登录**的**过滤器、认证提供者**等,即可实现该功能。
spring security的使用方法,如何集成oauth2.0
最新发布
07-14
Spring Security是Spring框架提供的用于认证和授权的强大工具。它可以帮助你实现用户认证、访问控制和安全性保护等功能。下面是使用Spring Security和集成OAuth 2.0的一般步骤: 1. 添加依赖:在你的项目中添加...

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值