Spring Security的前身是Acegi,在被收纳为Spring子项目后正式更改名为 Spring Security。本博客基于Spring Security的版本是 5.2.0.RELEASE。
Spring Security 5.2.0.RELEASE 支持原声的OAuth2框架,支持更现在化的密码加密方式。
Spring Security支持广泛的认证技术,这些技术大多由三方或相关标准组织开发。Spring Security已经集成的认证技术支持如下:
- HTTP BASIC authentication headers (一个基于IETF RFC的标准)
- HTTP Digest authentication headers (一个基于IETF RFC的标准)
- HTTP X.509 client certificate exchange (一个基于IETF RFC的标准)
- LDAP (一个非常常见的跨平台认证需要做法,特别是在大环境)
- Form-based authentication (提供简单用户接口的需求)
- OpenID authentication(一种去中心化的身份认证方式)
- Authentication based on pre-established request headers(基于预先建立的请求头进行认证):(比如Computer Associates Siteminder,一种用户身份验证及授权的集中式安全基础方案)
- JA-SIG Central Authentication Service (也被称为CAS,这是一个流行的开源单点登录系统)
- Transparent authentication context propagation for Remote Method Invocation (RMI) and HttpInvoker (一个Spring远程调用协议)
- Automatic “remember-me” authentication (这样你可以设置一段时间,避免在一段时间内还需要重新验证)
- Anonymous authentication (允许未认证的任何调用,自动假设一个特定的安全主体)
- Run-as authentication (这在一个会话内使用不同安全身份的时候是非常有用的)
- Java Authentication and Authorization Service (JAAS,java验证和授权API)
- Java EE container authentication:允许系统继续使用容器管理这种身份验证方式
- Kerberos:一种使用对称秘钥机制,允许客户端与服务器相互确认身份和认证协议。
除此之外,Spring Security还引入了一些第三方包,用于支持更多认证技术,比如:JOSSO等。如果这些技术都无法满足需求,则Spring Security允许我们编程写自己的认证技术。
因此,在大部分情况下,当我们有java应用安全方面需求时,选择Spring Security往往是正确的而有效的。
在授权上,Spring Security 不仅支持基于URL对Web的请求授权,还支持方法访问授权、对象访问授权等,基本涵盖了常见的大部分授权场景。
新建Spring Security Maven项目
1)新建spring-security-01 maven 项目
pom.xml如下:
<properties> <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> <maven.compiler.source>1.8</maven.compiler.source> <maven.compiler.target>1.8</maven.compiler.target> <springframework.version>5.2.0.RELEASE</springframework.version> <com.alibaba.version>1.1.21</com.alibaba.version> <mysql.version>8.0.11</mysql.version> <org.mybatis.version>3.4.6</org.mybatis.version> <org.mybatis.spring.version>2.0.3</org.mybatis.spring.version> <org.aspectj.version>1.9.4</org.aspectj.version> </properties> <dependencies> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-web</artifactId> <version>${springframework.version}</version> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-webmvc</artifactId> <version>${springframework.version}</version> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-tx</artifactId> <version>${springframework.version}</version> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-jdbc</artifactId> <version>${springframework.version}</version> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-core</artifactId> <version>${springframework.version}</version> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-beans</artifactId> <version>${springframework.version}</version> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-context</artifactId> <version>${springframework.version}</version> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-context-support</artifactId> <version>${springframework.version}</version> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-aop</artifactId> <version>${springframework.version}</version> </dependency> <!--AOP aspectjweaver 支持 --> <dependency> <groupId>org.aspectj</groupId> <artifactId>aspectjweaver</artifactId> <version>${org.aspectj.version}</version> </dependency> <!-- https://mvnrepository.com/artifact/org.aspectj/aspectjrt --> <dependency> <groupId>org.aspectj</groupId> <artifactId>aspectjrt</artifactId> <version>${org.aspectj.version}</version> </dependency> <!-- https://mvnrepository.com/artifact/org.springframework.security/spring-security-core --> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-core</artifactId> <version>${springframework.version}</version> </dependency> <!-- https://mvnrepository.com/artifact/org.springframework.security/spring-security-config --> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-config</artifactId> <version>${springframework.version}</version> </dependency> <!-- https://mvnrepository.com/artifact/org.springframework.security/spring-security-web --> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-web</artifactId> <version>${springframework.version}</version> </dependency> <!--访问RDBMS-MySQL依赖 --> <!--MyBatis --> <dependency> <groupId>org.mybatis</groupId> <artifactId>mybatis</artifactId> <version>${org.mybatis.version}</version> </dependency> <!-- Mybatis自身实现的Spring整合依赖 --> <dependency> <groupId>org.mybatis</groupId> <artifactId>mybatis-spring</artifactId> <version>${org.mybatis.spring.version}</version> </dependency> <!--MySql数据库驱动 --> <!-- https://mvnrepository.com/artifact/com.alibaba/druid --> <dependency> <groupId>com.alibaba</groupId> <artifactId>druid</artifactId> <version>${com.alibaba.version}</version> </dependency> <dependency> <groupId>mysql</groupId> <artifactId>mysql-connector-java</artifactId> <version>${mysql.version}</version> </dependency> <dependency> <groupId>com.alibaba</groupId> <artifactId>fastjson</artifactId> <version>1.2.13</version> </dependency> <!--form 设置为enctype="multipart/form-data",多文件上传,在applicationContext.xml中配置了bean multipartResolver时,需要依赖该包。 --> <dependency> <groupId>commons-fileupload</groupId> <artifactId>commons-fileupload</artifactId> <version>1.4</version> </dependency> <dependency> <groupId>commons-io</groupId> <artifactId>commons-io</artifactId> <version>2.5</version> </dependency> <!-- https://mvnrepository.com/artifact/commons-lang/commons-lang --> <dependency> <groupId>commons-lang</groupId> <artifactId>commons-lang</artifactId> <version>2.6</version> </dependency> <!-- 编译依赖 --> <dependency> <groupId>javax.servlet</groupId> <artifactId>javax.servlet-api</artifactId> <version>3.1.0</version> </dependency> <dependency> <groupId>jstl</groupId> <artifactId>jstl</artifactId> <version>1.2</version> </dependency> <!--日志支持 --> <dependency> <groupId>org.slf4j</groupId> <artifactId>slf4j-api</artifactId> <version>1.7.26</version> </dependency> <dependency> <groupId>org.slf4j</groupId> <artifactId>slf4j-log4j12</artifactId> <version>1.7.26</version> </dependency> <dependency> <groupId>log4j</groupId> <artifactId>log4j</artifactId> <version>1.2.17</version> </dependency> <!-- redis依赖包 --> <dependency> <groupId>redis.clients</groupId> <artifactId>jedis</artifactId> <version>3.1.0</version> </dependency> <!-- https://mvnrepository.com/artifact/org.springframework.data/spring-data-redis --> <dependency> <groupId>org.springframework.data</groupId> <artifactId>spring-data-redis</artifactId> <version>2.2.3.RELEASE</version> </dependency> <dependency> <groupId>junit</groupId> <artifactId>junit</artifactId> <version>4.11</version> <scope>test</scope> </dependency> </dependencies>