Spring Security是一个功能强大的安全框架,它提供了一系列功能来保护应用的安全性
OAuth2是一个身份验证的开放协议,用于在不暴露用户身份的情况下进行用户验证
Spring Security提供了身份认证,权限认证,防御常见攻击三个功能
保护应用程序URL,要求对应用程序的任何交付都必须进行身份验证
程序启动时默认生成一个用户user
生成了一个随机的默认密码,并将密码记录到了控制台上
生成默认的登陆表单和注销页面
提供基于表单的登录和注销流程
对于Web请求,重定向到登陆页面
对于服务请求,返回401未经过授权
对于跨站请求伪造CSRF攻击进行处理
处理会话劫持攻击
写入STS以确保HTTPS
写入XContentTypeOptions处理嗅探攻击
写入CacheControl头保护未经过身份认证的资源
写入XFrameOptions处理点击劫持攻击
<html xmlns:th="http://www.thymeleaf.org">
<head>
<title>Hello World</title>
</head>
<body>
<h1>Hello World<</h1>
<a th:href="@{/logout}">Logout</a></a>
<a href="/logout"></a>
</body>
</html>package com.alatus.secrurity.web;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.GetMapping;
@Controller
public class IndexController {
@GetMapping("/")
public String index() {
return "index";
}
}spring.application.name=secrurity
server.port=80package com.alatus.secrurity;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
@SpringBootApplication
public class SecrurityApplication {
public static void main(String[] args) {
SpringApplication.run(SecrurityApplication.class, args);
}
}<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>3.5.0</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>
<groupId>com.alatus</groupId>
<artifactId>secrurity</artifactId>
<version>0.0.1-SNAPSHOT</version>
<name>secrurity</name>
<description>secrurity</description>
<url/>
<licenses>
<license/>
</licenses>
<developers>
<developer/>
</developers>
<scm>
<connection/>
<developerConnection/>
<tag/>
<url/>
</scm>
<properties>
<java.version>17</java.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-thymeleaf</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.thymeleaf.extras</groupId>
<artifactId>thymeleaf-extras-springsecurity6</artifactId>
</dependency>
<dependency>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
<optional>true</optional>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<configuration>
<annotationProcessorPaths>
<path>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
</path>
</annotationProcessorPaths>
</configuration>
</plugin>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
<configuration>
<excludes>
<exclude>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
</exclude>
</excludes>
</configuration>
</plugin>
</plugins>
</build>
</project>