SpringSecurity Core Components

Source: Internet
Author: User

SpringSecurity Core Components

SecurityContextHolder, SecurityContext, and Authentication

SecurityContextHolder is the most basic component of SpringSecurity. It is used to store SecurityContext objects. It is implemented by ThreadLocal by default. This ensures that all methods in the thread can obtain the SecurityContext object.

SecurityContextHolder has two other modes: SecurityContextHolder. MODE_GLOBAL and SecurityContextHolder. MODE_INHERITABLETHREADLOCAL: the former indicates that the SecurityContextHolder object is global and can be accessed by all threads in the application. The latter is used in scenarios where the thread has a parent-child relationship, the thread wants its sub-thread to have the same security as its own.

In most cases, we do not need to modify the default configuration. ThreadLocal is the most commonly used and most suitable for most applications.

Obtain authentication Subject Information

We can use the following code snippet to obtain the authentication subject information.

Object principal = SecurityContextHolder.getContext().getAuthentication().getPrincipal();if (principal instanceof UserDetails) {  String username = ((UserDetails)principal).getUsername();} else {  String username = principal.toString();}
The first line of code returns an instance of the UserDetails type, which contains information such as username, password, and permission. Of course, we can also customize our own UserDetails instance by implementing this interface, use it for our own applications to conform to the required business logic.

UserDetailsService

As mentioned above, we can customize the UserDetails instance. How can we obtain this instance? We need to implement it through UserDetailsService. This interface has only one method.

UserDetails loadUserByUsername(String username) throws UsernameNotFoundException;
This method accepts a username parameter and returns the UserDetails instance.

After successful Authentication, the UserDetails object is used to build the Authentication object and store it in SecurityContextHolder. Therefore, all the user information we need can be obtained through SecurityContextHolder.

GrantedAuthority

The Authentication object also provides the getAuthorities method to obtain the permissions granted to the user. The permissions usually correspond to the role and the Access Permissions corresponding to the role. For example, ADMIN_ROLE can access the content under/admin, other roles have no access permission.

The GrantedAuthority object is also usually obtained by the UserDetailsService instance.

Summary

We mentioned the following objects:

SecurityContextHolder: provides access to SecurityContext
SecurityContext: holds the Authentication object and other information that may be required.
Authentication: Authentication subject in Spring Security Mode
GrantedAuthority: authorization at the application layer of the authentication topic
UserDetails: required information for building the Authentication object, which can be customized. You may need to access the database to obtain
UserDetailsService: Construct a UserDetails object using username

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.