-
Librerías
-
spring-security-core.jar
- Core
-
spring-security-web.jar
- Filters
- Web security
-
spring-security-config.jar
- XML Configuration
-
spring-security-ldap.jar
- LDAP authentication
-
spring-security-acl.jar
- Single Sign On
-
Configuración
- web.xml
-
Configuración mínima
-
auto-config
- <form-login />
- <http-basic />
- <logout />
- Página de login
-
Autenticación
-
Proceso
- The username and password are obtained and combined into an instance of UsernamePasswordAuthenticationToken
- The token is passed to an instance of AuthenticationManager for validation
- The AuthenticationManager returns a fully populated Authentication instance on successful authentication
- The security context is established by calling SecurityContextHolder.getContext().setAuthentication(...), passing in the returned authentication object
- Autorización
-
Web Features
- Remember me
-
HTTP/HTTPS
- <intercept-url pattern="/secure/**" access="ROLE_USER" requires-channel="https"/>
-
Session Management
-
Timeouts
- <session-management invalid-session-url="/sessionTimeout.htm" />
-
Concurrent Session Control
- HttpSessionEventPublisher
- <concurrency-control max-sessions="1" />
- OpenID Support
-
Core Services
- AuthenticationManager
- ProviderManager
-
AuthenticationProvider
- DaoAuthenticationProvider
- LdapAuthenticationProvider
-
UserDetailsService
- In-Memory Authentication
- JdbcDaoImpl
- Password Encoding
-
Core Security Filters
- FilterSecurityInterceptor
- ExceptionTranslationFilter
- SecurityContextPersistenceFilter
- UsernamePasswordAuthenticationFilter
-
Tag Libraries
- <%@ taglib prefix="sec" uri="http://www.springframework.org/security/tags" %>
-
authentication
- <sec:authentication property="principal.username" />
-
authorize
- <sec:authorize access="hasRole('supervisor')">
- <sec:authorize url="/admin">
-
accesscontrollist
- Spring Security's ACL module
- <sec:accesscontrollist hasPermission="1,2" domainObject="someObject">
-
Acerca de
- Topic
- Topic