There is no database, all data are written in the configuration file, that is, demo is in the official file;
Using database, the database is designed according to the default implementation code of spring security, which means the database is fixed. This method is inflexible, the database design is poor and the practicability is poor.
Unlike Acegi, spring security cannot modify the default filters, but supports inserting filters, so we can insert our own filters according to this and use them flexibly.
Violent means to modify the source code. The modification of the default filter mentioned above is only to modify the configuration file to replace the filter and directly modify the source code inside, but this does not conform to the OO design principle, and it is not practical and usable.
Authentication and Authorization Verification Based on Filter, Servlet and AOP
Although the principle will be complicated, it doesn't matter. Through the explanation of the code, you can see the implementation of the tutorial code and then look back at this simple principle, which may have a good harvest.
(You can customize it here according to your own business, such as obtaining it through database, xml, cache, etc. )
1. separates user login from permission control, thus realizing complete separation from other control and logic codes.
2. In the control and logic code, we can get the information of our login user through the spring container, which is the embodiment of pluggability.
3. Custom permissions control access, which can not only control a URL, but also control a method.
4. Provide some login-related operations, such as remember me, login successfully and jump to page settings, etc.
5. Good security controllability and controllability of concurrent sessions.
The springsecurity tutorial explained by Teacher Wang He, the power node, is very detailed and comprehensive, and takes you to learn Spring Security quickly through cases.
Power Node SpringSecurity Tutorial —— Elaborating SpringSecurity Security Framework
/video/bv 1bz 4y 1m 79t
Download SpringSecurity tutorial materials.
/? csdn
Introduction of security framework
002. Safety-Preliminary Study-1
003. Safety-Preliminary Study -2
004. Safety-Preliminary Study -3
005. Safety-Preliminary Study -4
006.security- Customize user name and password.
007.security- Turn off the authentication function.
008. Security-Memory-based User Information-Ideas
009.security- Memory-Based User Information-Define Users
0 10. Security-Memory-Based User Information-Password Encryption
0 1 1. Security Role Setting Based on Memory User Information
0 12.security- Set role access rights according to memory user information.
0 13.security- Method of setting role test based on user information in memory.
0 14.security- summary of the method of setting role test steps based on memory user information
0 15. Security -JDBC User Information Main Interface
0 16.security-jdbc user information maven dependency
0 17.security-jdbc user information creates dao and service.
0 18.security-jdbc user information test data access
0 19.security-jdbc user information initializes user table data.
020.security-jdbc user information implements the UserDetailsService interface.
02 1.security-jdbc user information test roles and users
022. Role -RBAC
023. Role introduction -RBAC database table
024. Authentication class UserDetailsService
025. the creation of inmemoryuserdetailservice
026. test the InMemoryUserDetailsService account.
027. Create a table
Create module
029. create a JdbcUserDetailsManager object.
030. test jdbcuserdetailsmanager-1
03 1. test JDBCUserDetailManager-2
032. Design the user role table
033. Create Module-Customize Users and Roles
034. Security-Introduction to Table Structure
035.security- custom UserDetails implements the class SysUser.
036.security- create SysUserMapper file
037.security- add configuration data of mybatis framework.
038.security- initialize the data of SysUser account through the program.
039. Security-Manual Initial Role Data
040.security- create SysUser query method
04 1.security- Create the SysRoleMapper interface and mapper file.
042.security- query role information
043.security- implement the UserDetailsService interface.
044. security-let the framework use a custom UserDetailsService implementation.
045. security-create html and controller for the test.
046.security- set url permission definition
047.security- set url role
048. Security-Solution to Account Expiration
049.security- Set the password processing method.
050. Implementation steps of safety function
05 1.security- default login page
052.security- customize login page
053.security- use a custom mylogin page.
054.security- Set custom login configuration parameters.
055.security- customize login summary
056.security-ajax login page
057.security- create a successful handler
058.security- create failure handler
059.security- Specify the configuration handler.
060.security- using jackson to process json
06 1. Security-Document Summary
062. Security-Introduce the contents of this section.
063.security- Create controller-defined parameters that generate authentication.
064. Safety-Draw a white background.
065. Safety-Write multiple words on the picture.
066. Set the interference line safely.
067.security- Verify the generated document.
068.security-ajax requests to add code parameters.
069. Introduction of safety filter
070.security- create filter-1
07 1.security- Create filter -2
072.security- add a custom filter
073. Safety summary