Shulou(Shulou.com)06/03 Report--

This article introduces the relevant knowledge of "what are the principles of SpringSecurity". In the operation of actual cases, many people will encounter such a dilemma. Next, let the editor lead you to learn how to deal with these situations. I hope you can read it carefully and be able to achieve something!

Pre-knowledge

Spring Security mainly serves Web applications, and Spring Security is mainly realized through Java's Filter.

The two cores of Java's Web application are:

Servlet

Filter

Many friends may have forgotten the fear of being dominated by java's web.xml configuration before there is no SpringMVC.

If you don't remember this, or if you haven't used it at all, you can recall the web.xml configuration below to see if you can remember the meaning of each configuration.

Terrible index.html EcodingFilter EcodingFilter vip.mycollege.filter.EnCodeFilter EncodeCoding UTF-8 EcodingFilter hello * hello hello / *

The above configuration is still just a simple Servet and a Filter.

The whole process of Java Web is still simple, that is, the Servelt container, that is, Java Web servers, such as Tomcat and Jetty, go back to load the web.xml file when starting, parse the configuration inside, mainly Servlet and Filter, and correspond url to Servlet and Filter, so that when you receive a url request, hand over a corresponding Filter and Servlet to deal with.

First Filter then Servlet, Filter can have multiple, is a chain structure, has priority.

The biggest problem with the way web.xml is configured is that the configuration of url maps is complex and can be carelessly 404.

Later, it is better to have SpringMVC. You only need to configure a Servlet, which is handed over to the Servlet of org.springframework.web.servlet.DispatcherServlet to handle the mapping distribution of url. Spring parses the Controller annotations by itself, and corresponds the url to the corresponding method. There is no need to configure the url mapping by yourself.

Later, with SpringBoot, it was almost time to take off. DispatcherServlet did not need to be configured. It was used immediately out of the box.

Although there is no need for manual configuration, we still need to know a little bit about the principle. Here we just need to remember that all Web requests from Java go through Filter first, and this is where Spring Security uses its skills.

A simple example

If we talk about abstract concepts directly from the beginning, many friends may give up treatment. So let's start with a simple entry-level example to see what a Spring Security is at the door.

Pom dependence

First of all, to introduce Spring Security dependencies, if you use SpringBoot, it is very simple to introduce

4.0.0 org.springframework.boot spring-boot-starter-parent 2.4.5 vip.oschool spsecurity 0.0.1-SNAPSHOT spsecurity Demo project for Spring Boot 1.8 org.springframework.boot spring-boot-starter-web org.springframework.boot Spring-boot-starter-security org.springframework.boot spring-boot-starter-test test configuration file server: port: 8081spring: security: user: name: tim password: 111111

A user tim is configured above, and the password is 111111. If not, Spring Security will use the default user and generate a random password each time.

Controller

Add a simple controller

Import org.springframework.web.bind.annotation.RequestMapping;import org.springframework.web.bind.annotation.RestController;@RestController@RequestMapping ("/ index") public class IndexController {@ RequestMapping ("/ hello") public String hello () {return "Hello World";}} launch class import org.springframework.boot.SpringApplication;import org.springframework.boot.autoconfigure.SpringBootApplication @ SpringBootApplicationpublic class StartApplication {public static void main (String [] args) {SpringApplication.run (StartApplication.class, args);}} login interface

After startup, directly visit: http://localhost:8081/index/hello

Then, it will be redirected to: http://localhost:8081/login

You need to enter a user name and password, and there is a proper term for this process: authentication, Authentication

This is the end of the content of "what are the principles of SpringSecurity". Thank you for your reading. If you want to know more about the industry, you can follow the website, the editor will output more high-quality practical articles for you!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.