Spring security 核心元件
阿新 • • 發佈:2018-12-01
AuthenticationManager 和 AuthenticationProvider
- AuthenticationManager
Authentication authenticate(Authentication authentication) throws AuthenticationException;
- AuthenticationProvider
Authentication authenticate(Authentication authentication) throws AuthenticationException; boolean supports(Class<?> authentication);
ProviderManager 委託給已配置的 AuthenticationProvider列表
按所示順序(使用List暗示)進行嘗試,每個提供程式都可以嘗試進行身份驗證,或者通過簡單地返回null來跳過身份驗證。如果所有實現都返回null,則ProviderManager將丟擲ProviderNotFoundException
<bean id="authenticationManager" class="org.springframework.security.authentication.ProviderManager"> <constructor-arg> <list> <ref local="daoAuthenticationProvider"/> <ref local="anonymousAuthenticationProvider"/> <ref local="ldapAuthenticationProvider"/> </list> </constructor-arg> </bean>
UserDetailService
In-Memory
<user-service id="userDetailsService"> <user name="jimi" password="{noop}jimispassword" authorities="ROLE_USER, ROLE_ADMIN" /> <user name="bob" password="{noop}bobspassword" authorities="ROLE_USER" /> </user-service>
Password Encoding
DelegatingPasswordEncoder
PasswordEncoder passwordEncoder = PasswordEncoderFactories.createDelegatingPasswordEncoder();
String idForEncode = "bcrypt";
Map encoders = new HashMap<>();
encoders.put(idForEncode, new BCryptPasswordEncoder());
encoders.put("noop", NoOpPasswordEncoder.getInstance());
encoders.put("pbkdf2", new Pbkdf2PasswordEncoder());
encoders.put("scrypt", new SCryptPasswordEncoder());
encoders.put("sha256", new StandardPasswordEncoder());
PasswordEncoder passwordEncoder =
new DelegatingPasswordEncoder(idForEncode, encoders);
BCryptPasswordEncoder
// Create an encoder with strength 16
BCryptPasswordEncoder encoder = new BCryptPasswordEncoder(16);
String result = encoder.encode("myPassword");
assertTrue(encoder.matches("myPassword", result));
Pbkdf2PasswordEncoder
// Create an encoder with all the defaults
Pbkdf2PasswordEncoder encoder = new Pbkdf2PasswordEncoder();
String result = encoder.encode("myPassword");
assertTrue(encoder.matches("myPassword", result));
SCryptPasswordEncoder
DelegatingFilterProxy 過濾鏈
- ChannelProcessingFilter,因為它可能需要重定向到不同的協議
- SecurityContextPersistenceFilter,因此可以在Web請求開始時在SecurityContextHolder中設定SecurityContext,並且當Web請求結束時(可以使用下一個Web請求準備好),可以將對SecurityContext的任何更改複製到HttpSession。
- ConcurrentSessionFilter,因為它使用SecurityContextHolder功能並需要更新SessionRegistry以反映來自主體的持續請求
- 身份驗證處理機制 -UsernamePasswordAuthenticationFilter,CasAuthenticationFilter,BasicAuthenticationFilter等 - 以便可以修改SecurityContextHolder以包含有效的Authentication請求令牌
- SecurityContextHolderAwareRequestFilter,如果您使用它將Spring安全感知HttpServletRequestWrapper安裝到您的servlet容器中
- JaasApiIntegrationFilter,如果JaasAuthenticationToken位於SecurityContextHolder中,則會將FilterChain作為JaasAuthenticationToken中的Subject進行處理
- RememberMeAuthenticationFilter,這樣如果沒有更早的身份驗證處理機制更新SecurityContextHolder,並且請求提供了一個啟用記住我服務的cookie,那麼一個合適的記憶Authentication物件將放在那裡
- AnonymousAuthenticationFilter,這樣如果沒有早期的身份驗證處理機制更新SecurityContextHolder,那麼匿名身份驗證物件將被放在那裡
- ExceptionTranslationFilter,用於捕獲任何Spring Security異常,以便可以返回HTTP錯誤響應或啟動相應的AuthenticationEntryPoint
- FilterSecurityInterceptor,用於保護Web URI並在訪問被拒絕時引發異常