Spring security, springsecurity

Spring security, springsecurity

Security includes two main operations.

The first, known as "authentication", is to create a theme stated by the user. A topic generally refers to a user, device, or other system that can perform actions in your system.

The second is "Authorization", which indicates whether a user can perform an operation in your application. Before the authorization is determined, the identity subject has been established by the authentication process.

 

1. Add the Filter statement to the web. xml file.

 <!-- Spring security Filter -->  <filter>       <filter-name>springSecurityFilterChain</filter-name>      <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>   </filter>   <filter-mapping>       <filter-name>springSecurityFilterChain</filter-name>      <url-pattern>/*</url-pattern>   </filter-mapping>  

 

Get the name of the currently authenticated user (obtain the name of the currently authenticated user)
(User) SecurityContextHolder. getContext (). getAuthentication (). getPrincipal ();

The official case is as follows:

Object principal = SecurityContextHolder.getContext().getAuthentication().getPrincipal();if (principal instanceof UserDetails) {  String username = ((UserDetails)principal).getUsername();} else {  String username = principal.toString();}

 

Access protected resources

 

Use databases to manage users and permissions 

In general, we all need to use databases to manage users and permissions, instead of writing users to the configuration file. Therefore, we will focus on using databases to manage users and permissions.

 

Manage Users and permissions by extending the default Implementation of Spring Security 

In fact, Spring Security provides two authentication interfaces for simulating users and permissions, as well as reading users and permission operation methods. These two interfaces are: UserDetails and UserDetailsService.

Java code

 

Java code

It is clear that one interface is used to simulate the user, and the other is used to simulate the process of reading the user. Therefore, we can implement these two interfaces to manage users and permissions using databases. Here, I will provide an example of using Hibernate to define the relationship between users and permissions.