{"id":1953,"date":"2025-02-18T23:38:09","date_gmt":"2025-02-18T15:38:09","guid":{"rendered":"https:\/\/www.fanyamin.com\/wordpress\/?p=1953"},"modified":"2025-02-18T23:38:09","modified_gmt":"2025-02-18T15:38:09","slug":"spring-security-%e5%9b%9e%e9%a1%be%e4%ba%8c","status":"publish","type":"post","link":"https:\/\/www.fanyamin.com\/wordpress\/?p=1953","title":{"rendered":"Spring Security \u56de\u987e\u4e8c"},"content":{"rendered":"

Spring Security \u6846\u67b6\u4ecb\u7ecd<\/h3>\n

Spring Security<\/strong> \u662f\u4e00\u4e2a\u529f\u80fd\u5f3a\u5927\u4e14\u9ad8\u5ea6\u53ef\u5b9a\u5236\u7684\u5b89\u5168\u6846\u67b6\uff0c\u4e13\u6ce8\u4e8e\u4e3a Java \u5e94\u7528\u7a0b\u5e8f\u63d0\u4f9b\u8eab\u4efd\u9a8c\u8bc1\u548c\u6388\u6743\u529f\u80fd\u3002\u5b83\u662f Spring \u751f\u6001\u7cfb\u7edf\u7684\u4e00\u90e8\u5206\uff0c\u5e7f\u6cdb\u7528\u4e8e\u4fdd\u62a4 Web \u5e94\u7528\u7a0b\u5e8f\u3001REST API \u548c\u65b9\u6cd5\u7ea7\u522b\u7684\u5b89\u5168\u3002<\/p>\n

\u6838\u5fc3\u529f\u80fd<\/h4>\n
    \n
  1. \u8eab\u4efd\u9a8c\u8bc1\uff08Authentication\uff09<\/strong>\uff1a\u9a8c\u8bc1\u7528\u6237\u8eab\u4efd\uff0c\u5e38\u89c1\u65b9\u5f0f\u5305\u62ec\u8868\u5355\u767b\u5f55\u3001OAuth2\u3001LDAP \u7b49\u3002<\/li>\n
  2. \u6388\u6743\uff08Authorization\uff09<\/strong>\uff1a\u63a7\u5236\u7528\u6237\u8bbf\u95ee\u6743\u9650\uff0c\u786e\u4fdd\u7528\u6237\u53ea\u80fd\u8bbf\u95ee\u5176\u6709\u6743\u8bbf\u95ee\u7684\u8d44\u6e90\u3002<\/li>\n
  3. \u9632\u62a4\u653b\u51fb<\/strong>\uff1a\u63d0\u4f9b\u5bf9\u5e38\u89c1\u653b\u51fb\uff08\u5982 CSRF\u3001XSS\u3001SQL \u6ce8\u5165\uff09\u7684\u9632\u62a4\u3002<\/li>\n
  4. \u4f1a\u8bdd\u7ba1\u7406<\/strong>\uff1a\u652f\u6301\u4f1a\u8bdd\u56fa\u5b9a\u4fdd\u62a4\u3001\u5e76\u53d1\u4f1a\u8bdd\u63a7\u5236\u7b49\u529f\u80fd\u3002<\/li>\n
  5. \u96c6\u6210\u5176\u4ed6\u5b89\u5168\u534f\u8bae<\/strong>\uff1a\u652f\u6301 OAuth2\u3001SAML\u3001OpenID Connect \u7b49\u534f\u8bae\u3002<\/li>\n<\/ol>\n
    \n

    Spring Security \u7684\u6838\u5fc3\u7ec4\u4ef6<\/h3>\n
      \n
    1. SecurityContextHolder<\/strong>\uff1a\u5b58\u50a8\u5f53\u524d\u7528\u6237\u7684\u5b89\u5168\u4e0a\u4e0b\u6587\u3002<\/li>\n
    2. Authentication<\/strong>\uff1a\u8868\u793a\u7528\u6237\u7684\u8eab\u4efd\u9a8c\u8bc1\u4fe1\u606f\u3002<\/li>\n
    3. UserDetails<\/strong>\uff1a\u5c01\u88c5\u7528\u6237\u4fe1\u606f\uff08\u5982\u7528\u6237\u540d\u3001\u5bc6\u7801\u3001\u6743\u9650\u7b49\uff09\u3002<\/li>\n
    4. UserDetailsService<\/strong>\uff1a\u52a0\u8f7d\u7528\u6237\u4fe1\u606f\uff0c\u7528\u4e8e\u8eab\u4efd\u9a8c\u8bc1\u3002<\/li>\n
    5. GrantedAuthority<\/strong>\uff1a\u8868\u793a\u7528\u6237\u7684\u6743\u9650\u3002<\/li>\n
    6. SecurityFilterChain<\/strong>\uff1a\u5b9a\u4e49\u8bf7\u6c42\u7684\u8fc7\u6ee4\u94fe\uff0c\u5904\u7406\u5b89\u5168\u903b\u8f91\u3002<\/li>\n<\/ol>\n
      \n

      Spring Security \u7684\u57fa\u672c\u7528\u6cd5<\/h3>\n

      1. \u6dfb\u52a0\u4f9d\u8d56<\/h4>\n

      \u5728 Maven \u9879\u76ee\u4e2d\uff0c\u6dfb\u52a0 Spring Security \u4f9d\u8d56\uff1a<\/p>\n

      <dependency>\n    <groupId>org.springframework.boot<\/groupId>\n    <artifactId>spring-boot-starter-security<\/artifactId>\n<\/dependency><\/code><\/pre>\n
      2. \u914d\u7f6e Spring Security<\/h4>\n
      \u901a\u8fc7 Java \u914d\u7f6e\u7c7b\u81ea\u5b9a\u4e49\u5b89\u5168\u89c4\u5219\uff1a<\/p>\n
      import org.springframework.context.annotation.Bean;\nimport org.springframework.security.config.annotation.web.builders.HttpSecurity;\nimport org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;\nimport org.springframework.security.core.userdetails.User;\nimport org.springframework.security.core.userdetails.UserDetails;\nimport org.springframework.security.core.userdetails.UserDetailsService;\nimport org.springframework.security.provisioning.InMemoryUserDetailsManager;\nimport org.springframework.security.web.SecurityFilterChain;\n\n@EnableWebSecurity\npublic class SecurityConfig {\n\n    @Bean\n    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {\n        http\n            .authorizeHttpRequests(auth -> auth\n                .requestMatchers("\/public\/**").permitAll() \/\/ \u516c\u5f00\u8bbf\u95ee\n                .requestMatchers("\/admin\/**").hasRole("ADMIN") \/\/ \u4ec5\u7ba1\u7406\u5458\u8bbf\u95ee\n                .anyRequest().authenticated() \/\/ \u5176\u4ed6\u8bf7\u6c42\u9700\u8981\u8ba4\u8bc1\n            )\n            .formLogin(form -> form\n                .loginPage("\/login") \/\/ \u81ea\u5b9a\u4e49\u767b\u5f55\u9875\n                .permitAll()\n            )\n            .logout(logout -> logout\n                .permitAll()\n            );\n        return http.build();\n    }\n\n    @Bean\n    public UserDetailsService userDetailsService() {\n        UserDetails user = User.withDefaultPasswordEncoder()\n            .username("user")\n            .password("password")\n            .roles("USER")\n            .build();\n        UserDetails admin = User.withDefaultPasswordEncoder()\n            .username("admin")\n            .password("admin")\n            .roles("ADMIN")\n            .build();\n        return new InMemoryUserDetailsManager(user, admin);\n    }\n}<\/code><\/pre>\n
      3. \u81ea\u5b9a\u4e49\u767b\u5f55\u9875<\/h4>\n
      \u5982\u679c\u9700\u8981\u81ea\u5b9a\u4e49\u767b\u5f55\u9875\uff0c\u53ef\u4ee5\u5728 src\/main\/resources\/templates<\/code> \u4e0b\u521b\u5efa login.html<\/code>\uff1a<\/p>\n
      <form action="\/login" method="post">\n    <input type="text" name="username" placeholder="Username" required>\n    <input type="password" name="password" placeholder="Password" required>\n    <button type="submit">Login<\/button>\n<\/form><\/code><\/pre>\n
      4. \u65b9\u6cd5\u7ea7\u5b89\u5168\u63a7\u5236<\/h4>\n
      \u4f7f\u7528 @PreAuthorize<\/code> \u6216 @Secured<\/code> \u6ce8\u89e3\u63a7\u5236\u65b9\u6cd5\u8bbf\u95ee\u6743\u9650\uff1a<\/p>\n
      import org.springframework.security.access.prepost.PreAuthorize;\nimport org.springframework.stereotype.Service;\n\n@Service\npublic class MyService {\n\n    @PreAuthorize("hasRole('ADMIN')")\n    public String adminOnlyMethod() {\n        return "This is admin only content!";\n    }\n}<\/code><\/pre>\n
      5. \u542f\u7528\u65b9\u6cd5\u7ea7\u5b89\u5168<\/h4>\n
      \u5728\u914d\u7f6e\u7c7b\u4e0a\u6dfb\u52a0 @EnableGlobalMethodSecurity<\/code> \u6ce8\u89e3\uff1a<\/p>\n
      import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;\n\n@EnableWebSecurity\n@EnableGlobalMethodSecurity(prePostEnabled = true)\npublic class SecurityConfig {\n    \/\/ \u914d\u7f6e\u5185\u5bb9\n}<\/code><\/pre>\n
      \n
      \u9ad8\u7ea7\u529f\u80fd<\/h3>\n
        \n
      1. OAuth2 \u96c6\u6210<\/strong>\uff1a\u652f\u6301 OAuth2 \u534f\u8bae\uff0c\u7528\u4e8e\u7b2c\u4e09\u65b9\u767b\u5f55\u548c\u8d44\u6e90\u670d\u52a1\u5668\u4fdd\u62a4\u3002<\/li>\n
      2. Remember-Me \u529f\u80fd<\/strong>\uff1a\u652f\u6301\u8bb0\u4f4f\u7528\u6237\u767b\u5f55\u72b6\u6001\u3002<\/li>\n
      3. CSRF \u9632\u62a4<\/strong>\uff1a\u9ed8\u8ba4\u542f\u7528 CSRF \u9632\u62a4\uff0c\u4fdd\u62a4\u8868\u5355\u63d0\u4ea4\u3002<\/li>\n
      4. CORS \u914d\u7f6e<\/strong>\uff1a\u652f\u6301\u8de8\u57df\u8d44\u6e90\u5171\u4eab\u914d\u7f6e\u3002<\/li>\n
      5. \u81ea\u5b9a\u4e49\u8fc7\u6ee4\u5668<\/strong>\uff1a\u53ef\u4ee5\u6dfb\u52a0\u81ea\u5b9a\u4e49\u8fc7\u6ee4\u5668\u6269\u5c55\u5b89\u5168\u903b\u8f91\u3002<\/li>\n<\/ol>\n
        \n
        \u603b\u7ed3<\/h3>\n
        Spring Security \u662f\u4e00\u4e2a\u529f\u80fd\u5168\u9762\u7684\u5b89\u5168\u6846\u67b6\uff0c\u9002\u5408\u4ece\u7b80\u5355\u7684\u8eab\u4efd\u9a8c\u8bc1\u5230\u590d\u6742\u7684\u4f01\u4e1a\u7ea7\u5b89\u5168\u9700\u6c42\u3002\u901a\u8fc7\u7075\u6d3b\u7684\u914d\u7f6e\u548c\u6269\u5c55\uff0c\u5f00\u53d1\u8005\u53ef\u4ee5\u8f7b\u677e\u5b9e\u73b0\u5404\u79cd\u5b89\u5168\u573a\u666f\u3002<\/p>\n","protected":false},"excerpt":{"rendered":"
        Spring Security \u6846\u67b6\u4ecb\u7ecd Spring Security \u662f\u4e00\u4e2a\u529f\u80fd\u5f3a\u5927\u4e14\u9ad8\u5ea6\u53ef\u5b9a\u5236\u7684\u5b89\u5168\u6846\u67b6\uff0c\u4e13\u6ce8\u4e8e\u4e3a Java \u5e94\u7528\u7a0b\u5e8f\u63d0\u4f9b\u8eab\u4efd\u9a8c\u8bc1\u548c\u6388\u6743\u529f\u80fd\u3002\u5b83\u662f Spring \u751f\u6001\u7cfb\u7edf\u7684\u4e00\u90e8\u5206\uff0c\u5e7f\u6cdb\u7528\u4e8e\u4fdd\u62a4 Web \u5e94\u7528\u7a0b\u5e8f\u3001REST API \u548c\u65b9\u6cd5\u7ea7\u522b\u7684\u5b89\u5168\u3002 \u6838\u5fc3\u529f\u80fd \u8eab\u4efd\u9a8c\u8bc1\uff08Authentication\uff09\uff1a\u9a8c\u8bc1\u7528\u6237\u8eab\u4efd\uff0c\u5e38\u89c1\u65b9\u5f0f\u5305\u62ec\u8868\u5355\u767b\u5f55\u3001OAuth2\u3001LDAP \u7b49\u3002 \u6388\u6743\uff08Authorization\uff09\uff1a\u63a7\u5236\u7528\u6237\u8bbf\u95ee\u6743\u9650\uff0c\u786e\u4fdd\u7528\u6237\u53ea\u80fd\u8bbf\u95ee\u5176\u6709\u6743\u8bbf\u95ee\u7684\u8d44\u6e90\u3002 \u9632\u62a4\u653b\u51fb\uff1a\u63d0\u4f9b\u5bf9\u5e38\u89c1\u653b\u51fb\uff08\u5982 CSRF\u3001XSS\u3001SQL \u6ce8\u5165\uff09\u7684\u9632\u62a4\u3002 \u4f1a\u8bdd\u7ba1\u7406\uff1a\u652f\u6301\u4f1a\u8bdd\u56fa\u5b9a\u4fdd\u62a4\u3001\u5e76\u53d1\u4f1a\u8bdd\u63a7\u5236\u7b49\u529f\u80fd\u3002 \u96c6\u6210\u5176\u4ed6\u5b89\u5168\u534f\u8bae\uff1a\u652f\u6301 OAuth2\u3001SAML\u3001OpenID Connect \u7b49\u534f\u8bae\u3002 Spring Security \u7684\u6838\u5fc3\u7ec4\u4ef6 SecurityContextHolder\uff1a\u5b58\u50a8\u5f53\u524d\u7528\u6237\u7684\u5b89\u5168\u4e0a\u4e0b\u6587\u3002 Authentication\uff1a\u8868\u793a\u7528\u6237\u7684\u8eab\u4efd\u9a8c\u8bc1\u4fe1\u606f\u3002 UserDetails\uff1a\u5c01\u88c5\u7528\u6237\u4fe1\u606f\uff08\u5982\u7528\u6237\u540d\u3001\u5bc6\u7801\u3001\u6743\u9650\u7b49\uff09\u3002 UserDetailsService\uff1a\u52a0\u8f7d\u7528\u6237\u4fe1\u606f\uff0c\u7528\u4e8e\u8eab\u4efd\u9a8c\u8bc1\u3002 GrantedAuthority\uff1a\u8868\u793a\u7528\u6237\u7684\u6743\u9650\u3002 SecurityFilterChain\uff1a\u5b9a\u4e49\u8bf7\u6c42\u7684\u8fc7\u6ee4\u94fe\uff0c\u5904\u7406\u5b89\u5168\u903b\u8f91\u3002 Spring Security \u7684\u57fa\u672c\u7528\u6cd5 1. \u6dfb\u52a0\u4f9d\u8d56 \u5728 Maven \u9879\u76ee\u4e2d\uff0c\u6dfb\u52a0 Spring Security \u4f9d\u8d56\uff1a <dependency> <groupId>org.springframework.boot<\/groupId> <artifactId>spring-boot-starter-security<\/artifactId> <\/dependency> 2. \u914d\u7f6e Spring Security \u901a\u8fc7 […] →Read more<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5],"tags":[],"class_list":["post-1953","post","type-post","status-publish","format-standard","hentry","category-5"],"_links":{"self":[{"href":"https:\/\/www.fanyamin.com\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/1953"}],"collection":[{"href":"https:\/\/www.fanyamin.com\/wordpress\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.fanyamin.com\/wordpress\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.fanyamin.com\/wordpress\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.fanyamin.com\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1953"}],"version-history":[{"count":1,"href":"https:\/\/www.fanyamin.com\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/1953\/revisions"}],"predecessor-version":[{"id":1954,"href":"https:\/\/www.fanyamin.com\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/1953\/revisions\/1954"}],"wp:attachment":[{"href":"https:\/\/www.fanyamin.com\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1953"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.fanyamin.com\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1953"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.fanyamin.com\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1953"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}