Spring Security

springsecurityjava

Readings

  1. Multiple Authentication Providers in Spring Security
  2. Using Spring Security 5 to integrate with OAuth 2-secured services such as Facebook and GitHub
  3. Spring Security: Authentication and Authorization In-Depth

类职责描述

  1. org.springframework.security.authentication.AuthenticationManager Processes an {@link Authentication} request

  2. org.springframework.security.authentication.ProviderManager Iterates an {@link Authentication} request through a list of {@link AuthenticationProvider}s.

  3. org.springframework.security.authentication.AuthenticationProvider Indicates a class can process a specific {@link org.springframework.security.core.Authentication} implementation. 用户验证成功后,spring会发布一个event (这里org/springframework/security/authentication/ProviderManager.java:189), 要处理用户登录成功event,见这里

  4. org.springframework.security.core.Authentication Represents the token for an authentication request or for an authenticated principal once the request has been processed by the {@link AuthenticationManager#authenticate(Authentication)} method. 5.org.springframework.security.access.intercept.AbstractSecurityInterceptor

  5. org.springframework.security.core.context.SecurityContextHolder

  6. org.springframework.security.core.context.SecurityContext

  7. org.springframework.security.core.userdetails.UserDetailsService Core interface which loads user-specific data.

  8. org.springframework.security.core.GrantedAuthority Represents an authority granted to an {@link Authentication} object.

  9. org.springframework.security.access.AccessDecisionManager Makes a final access control (authorization) decision.

  10. org.springframework.security.web.access.intercept.FilterSecurityInterceptor Performs security handling of HTTP resources via a filter implementation. web请求都会进入到这里。

  11. org.springframework.security.web.FilterChainProxy Delegates {@code Filter} requests to a list of Spring-managed filter beans.

Edit