Spring-Security-Reference.Pdf
Total Page:16
File Type:pdf, Size:1020Kb
Spring Security Reference Ben Alex, Luke Taylor, Rob Winch, Gunnar Hillert, Joe Grandja, Jay Bryant, Eddú Meléndez, Josh Cummings, Dave Syer, Eleftheria Stein Version 5.5.2 Table of Contents Introduction. 2 1. Prerequisites . 3 2. Spring Security Community . 4 2.1. Getting Help. 4 2.2. Becoming Involved . 4 2.3. Source Code . 4 2.4. Apache 2 License . 4 2.5. Social Media. 4 3. What’s New in Spring Security 5.5. 5 3.1. Servlet . 5 3.2. WebFlux . 5 3.3. Build . 5 4. Getting Spring Security. 6 4.1. Release Numbering . 6 4.2. Usage with Maven . 6 4.3. Gradle . 9 5. Features . 13 5.1. Authentication . 13 5.2. Protection Against Exploits . 23 6. Project Modules and Dependencies . 41 6.1. Core — spring-security-core.jar. 41 6.2. Remoting — spring-security-remoting.jar . 42 6.3. Web — spring-security-web.jar . 42 6.4. Config — spring-security-config.jar . 43 6.5. LDAP — spring-security-ldap.jar . 43 6.6. OAuth 2.0 Core — spring-security-oauth2-core.jar . 44 6.7. OAuth 2.0 Client — spring-security-oauth2-client.jar . 44 6.8. OAuth 2.0 JOSE — spring-security-oauth2-jose.jar . 44 6.9. OAuth 2.0 Resource Server — spring-security-oauth2-resource-server.jar . 45 6.10. ACL — spring-security-acl.jar . 45 6.11. CAS — spring-security-cas.jar . 45 6.12. OpenID — spring-security-openid.jar . 46 6.13. Test — spring-security-test.jar . 46 6.14. Taglibs — spring-secuity-taglibs.jar . 46 7. Samples . 48 Servlet Applications . 49 8. Hello Spring Security . 50 8.1. Updating Dependencies . 50 8.2. Starting Hello Spring Security Boot . 50 8.3. Spring Boot Auto Configuration . 50 9. Servlet Security: The Big Picture . 52 9.1. A Review of Filters . 52 9.2. DelegatingFilterProxy . 53 9.3. FilterChainProxy . 55 9.4. SecurityFilterChain . 56 9.5. Security Filters . 58 9.6. Handling Security Exceptions. 59 10. Authentication . 62 10.1. SecurityContextHolder . 63 10.2. SecurityContext . 64 10.3. Authentication . 65 10.4. GrantedAuthority. 65 10.5. AuthenticationManager . 65 10.6. ProviderManager. 66 10.7. AuthenticationProvider . 68 10.8. Request Credentials with AuthenticationEntryPoint . ..