首页 > 代码库 > Spring Security: Spring Security简介

Spring Security: Spring Security简介

2024-07-18 03:01:50   233人阅读

 

Spring Security简介

 

安全领域的两大核心是:Authentication和Authorization 。

·Authentication是身份认证,把控一个系统的入口。

·Authorization是授权,用于进行系统中功能的访问控制。

Spring Security 为J2EE项目提供了一个综合的解决方案,支持Authentication和Authorization。

 

Spring Security对于Authentication提供了很宽泛的支持。集成了多种认证技术:

  • HTTP BASIC authentication headers (an IETF RFC-based standard)
  • HTTP Digest authentication headers (an IETF RFC-based standard)
  • HTTP X.509 client certificate exchange (an IETF RFC-based standard)
  • LDAP (a very common approach to cross-platform authentication needs, especially in large environments)
  • Form-based authentication (for simple user interface needs)
  • OpenID authentication
  • Authentication based on pre-established request headers (such as Computer Associates Siteminder)
  • JA-SIG Central Authentication Service (otherwise known as CAS, which is a popular open source single sign-on system)
  • Transparent authentication context propagation for Remote Method Invocation (RMI) and HttpInvoker (a Spring remoting protocol)
  • Automatic "remember-me" authentication (so you can tick a box to avoid re-authentication for a predetermined period of time)
  • Anonymous authentication (allowing every unauthenticated call to automatically assume a particular security identity)
  • Run-as authentication (which is useful if one call should proceed with a different security identity)
  • Java Authentication and Authorization Service (JAAS)
  • JEE container autentication (so you can still use Container Managed Authentication if desired)
  • Kerberos
  • Java Open Source Single Sign On (JOSSO) *
  • OpenNMS Network Management Platform *
  • AppFuse *
  • AndroMDA *
  • Mule ESB *
  • Direct Web Request (DWR) *
  • Grails *
  • Tapestry *
  • JTrac *
  • Jasypt *
  • Roller *
  • Elastic Path *
  • Atlassian Crowd *
  • Your own authentication systems (see below)

 

Spring Security的jar包说明

 

使用Maven获取Spring Security:

<dependencies> <!-- ... other dependency elements ... -->  <dependency>    <groupId>org.springframework.security</groupId> 
    <artifactId>spring-security-web</artifactId> 
    <version>3.2.5.RELEASE</version>  </dependency>  <dependency>    <groupId>org.springframework.security</groupId> 
    <artifactId>spring-security-config</artifactId> 
    <version>3.2.5.RELEASE</version>  </dependency></dependencies>

  上面这部分是Spring Security必要的jar包。

 


联系
我们