Chapter One what is Spring security?

1. Introduction

What is 1.1 Spring security?

Spring security is a powerful and highly customizable framework for authentication and access control. It is the real standard that guarantees spring-based application security.

Some of the specific functional features that 1.2 Spring Security can achieve

HTTP Basic Authentication Header (IETF rfc-based standard) HTTP Digest Authentication Header (IETF RFC-based standard) HTTP X. 509 client certificate Exchange (IETF RFC-based standard) LDAP (a very common approach to cross-platform authentication requirements, especially in large environments) forms-based authentication (simple user interface requirements) OpenID authentication verification based on predefined request headers (e.g. computer colleague SiteMinder) JA-SIG Central authentication Service (or CAs, which is a popular open source single sign-on system) transparent authentication context propagates remote method calls (RMI) and Httpinvoker (Spring Remoting protocol) "Remember Me" Automatic authentication ( So you can tick a box to avoid repeating authentication for a certain period of time) anonymous authentication (allowing each unauthenticated call to automatically assume a specific security identity) run-as authentication (this is useful if a call should be made with different security identities) Java Authentication and authorization service (JAAS) Jee container autentication (so you can still use container-managed authentication (if needed) Kerberos J Ava Open Source Single Sign-on (Josso)*OpenNMS*Network management Platform AppFuse*Andromda*Mule ESB*Direct Web request (DWR)*Grails*Tapestry*Jtrac*Jasypt*Rollers*Elastic Path*Atlassian crowd*your own authentication system (see below)

1.3 Downloading a dependency package for a project

Core--spring-security-core.jar

contains core authentication and Access-contol classes and interfaces, remote support, and basic configuration APIs. Any application that is required uses spring Security. Supports standalone applications, remote clients, methods (service layer) security, and JDBC User Configuration. Include top-level packages:

    org.springframework.security.core

    Org.springframework.security.access

    org.springframework.security.authentication

    org.springframework.security.provisioning

    Remoting- Spring-security-remoting.jar

provides a holistic overview of the spring Remoting. You don't need this unless you're writing a remote client that uses spring remoting. Main package org.springframework.security.remoting.

Web-spring-security-web.jar

The network security infrastructure and related code contain filters. Dependency of any servlet API. You need it if you need the Spring Security Web Authentication service and URL-based access control. Main package Org.springframework.security.web.
Configure--spring-security-config.jar

Contains the security name space resolution code. You need to use the Spring secure XML namespace configuration. Main package Org.springframework.security.config. None of the classes are intended to be used directly in an application.
Ldap-spring-security-ldap.jar

LDAP authentication and configuration code. Required if you need to use LDAP authentication or manage LDAP user entries. Top-level package org.springframework.security.ldap.
Acl-spring-security-acl.jar

A specialized domain object ACL implementation. Use security to apply to specific domain object instances in your application. Top-level package org.springframework.security.acls.
CAS-Spring-security-cas.jar

Spring Security's CAS client integration. If you want to use spring security with CAS Single sign-on server Web authentication. Top-level package Org.springframework.security.cas.
Openid--spring-security-openid.jar

OpenID Web authentication support. For external OpenID servers to authenticate users. Org.springframework.security.openid. Need Openid4java.

Official website Download: http://projects.spring.io/spring-security/

NET disk Download: Http://yunpan.cn/cLiEBQJQZLWIP access password 0fa0

Chapter One what is Spring security?