Spring Security 5.1.2.RELEASE Reference
Table of Contents
- I. Preface
- 1. Spring Security 社区
- 2. Spring Security 5.1 的新增功能
- 3. 获得 Spring Security
- 4. Project Modules
- 4.1. 核心-spring-security-core.jar
- 4.2. 远程处理-spring-security-remoting.jar
- 4.3. 网络-spring-security-web.jar
- 4.4. 配置-spring-security-config.jar
- 4.5. LDAP-spring-security-ldap.jar
- 4.6. OAuth 2.0 核心-spring-security-oauth2-core.jar
- 4.7. OAuth 2.0Client 端-spring-security-oauth2-client.jar
- 4.8. OAuth 2.0 JOSE-spring-security-oauth2-jose.jar
- 4.9. ACL-spring-security-acl.jar
- 4.10. CAS-spring-security-cas.jar
- 4.11. OpenID-spring-security-openid.jar
- 4.12. 测试-spring-security-test.jar
- 5. Sample Applications
- II. Servlet 应用程序
- 6. Java Configuration
- 6.1. Hello Web Security Java 配置
- 6.2. HttpSecurity
- 6.3. Java 配置和表单登录
- 6.4. 授权请求
- 6.5. 处理注销
- 6.6. OAuth 2.0Client 端
- 6.6.1. ClientRegistration
- 6.6.2. ClientRegistrationRepository
- 6.6.3. OAuth2AuthorizedClient
- 6.6.4. OAuth2AuthorizedClientRepository/OAuth2AuthorizedClientService
- 6.6.5. RegisteredOAuth2AuthorizedClient
- 6.6.6. AuthorizationRequestRepository
- 6.6.7. OAuth2AuthorizationRequestResolver
- 6.6.8. OAuth2AccessTokenResponseClient
- 6.7. OAuth 2.0 登录
- 6.8. OAuth 2.0 资源服务器
- 6.9. Authentication
- 6.10. 多个 HttpSecurity
- 6.11. 方法安全性
- 6.12. 后处理配置的对象
- 6.13. 自定义 DSL
- 7. 安全命名空间配置
- 8. 架构与实施
- 9. Testing
- 10. Web 应用安全
- 11. Authorization
- 12. Additional Topics
- 13. Servlet 环境的 WebClient
- 14. Spring 数据集成
- 15. Appendix
- 15.1. 安全数据库架构
- 15.2. 安全命名空间
- 15.2.1. Web 应用程序安全
- <debug>
- <http>
- <access-denied-handler>
- <cors>
- <headers>
- <cache-control>
- <hsts>
- <hpkp>
- <pins>
- <pin>
- <content-security-policy>
- <referrer-policy>
- <feature-policy>
- <frame-options>
- <xss-protection>
- <content-type-options>
- <header>
- <anonymous>
- <csrf>
- <custom-filter>
- <expression-handler>
- <form-login>
- <http-basic>
- <http-firewall> Element
- <intercept-url>
- <jee>
- <logout>
- <openid-login>
- <attribute-exchange>
- <openid-attribute>
- <port-mappings>
- <port-mapping>
- <remember-me>
- <request-cache> Element
- <session-management>
- <concurrency-control>
- <x509>
- <filter-chain-map>
- <filter-chain>
- <filter-security-metadata-source>
- 15.2.2. WebSocket Security
- 15.2.3. Authentication Services
- 15.2.4. Method Security
- 15.2.5. LDAP Namespace Options
- 15.2.1. Web 应用程序安全
- 15.3. Spring Security Dependencies
- 15.4. Proxy Server Configuration
- 15.5. Spring Security FAQ
- 15.5.1. General Questions
- Will Spring Security take care of all my application security requirements?
- Why not just use web.xml security?
- What Java and Spring Framework versions are required?
- I'm new to Spring Security and I need to build an application that supports CAS single sign-on over HTTPS, while allowing Basic authentication locally for certain URLs, authenticating against multiple back end user information sources (LDAP and JDBC). I've copied some configuration files I found but it doesn't work.
- 15.5.2. Common Problems
- When I try to log in, I get an error message that says "Bad Credentials". What's wrong?
- My application goes into an "endless loop" when I try to login, what's going on?
- I get an exception with the message "Access is denied (user is anonymous);". What's wrong?
- Why can I still see a secured page even after I've logged out of my application?
- I get an exception with the message "An Authentication object was not found in the SecurityContext". What's wrong?
- I can't get LDAP authentication to work.
- Session Management
- I'm using Spring Security's concurrent session control to prevent users from logging in more than once at a time.
- Why does the session Id change when I authenticate through Spring Security?
- I'm using Tomcat (or some other servlet container) and have enabled HTTPS for my login page, switching back to HTTP afterwards.
- I'm not switching between HTTP and HTTPS but my session is still getting lost
- I'm trying to use the concurrent session-control support but it won't let me log back in, even if I'm sure I've logged out and haven't exceeded the allowed sessions.
- Spring Security is creating a session somewhere, even though I've configured it not to, by setting the create-session attribute to never.
- I get a 403 Forbidden when performing a POST
- I'm forwarding a request to another URL using the RequestDispatcher, but my security constraints aren't being applied.
- I have added Spring Security's <global-method-security> element to my application context but if I add security annotations to my Spring MVC controller beans (Struts actions etc.) then they don't seem to have an effect.
- I have a user who has definitely been authenticated, but when I try to access the SecurityContextHolder during some requests, the Authentication is null.
- The authorize JSP Tag doesn't respect my method security annotations when using the URL attribute.
- 15.5.3. Spring Security Architecture Questions
- How do I know which package class X is in?
- How do the namespace elements map to conventional bean configurations?
- What does "ROLE_" mean and why do I need it on my role names?
- How do I know which dependencies to add to my application to work with Spring Security?
- What dependencies are needed to run an embedded ApacheDS LDAP server?
- What is a UserDetailsService and do I need one?
- 15.5.4. Common "Howto" Requests
- I need to login in with more information than just the username.
- How do I apply different intercept-url constraints where only the fragment value of the requested URLs differs (e.g./foo#bar and /foo#blah?
- How do I access the user's IP Address (or other web-request data) in a UserDetailsService?
- How do I access the HttpSession from a UserDetailsService?
- How do I access the user's password in a UserDetailsService?
- How do I define the secured URLs within an application dynamically?
- How do I authenticate against LDAP but load user roles from a database?
- I want to modify the property of a bean that is created by the namespace, but there is nothing in the schema to support it.
- 15.5.1. General Questions
- 6. Java Configuration
- III. Reactive Applications
- 16. WebFlux Security
- 17. Default Security Headers
- 18. Redirect to HTTPS
- 19. OAuth2 WebFlux
- 20. @RegisteredOAuth2AuthorizedClient
- 21. WebClient
- 22. EnableReactiveMethodSecurity
- 23. Reactive Test Support