Spring Security: Spring Security简介

Spring Security简介

安全领域的两大核心是：Authentication和Authorization 。

·Authentication是身份认证，把控一个系统的入口。

·Authorization是授权，用于进行系统中功能的访问控制。

Spring Security 为J2EE项目提供了一个综合的解决方案，支持Authentication和Authorization。

Spring Security对于Authentication提供了很宽泛的支持。集成了多种认证技术：

• HTTP BASIC authentication headers (an IETF RFC-based standard)
• HTTP Digest authentication headers (an IETF RFC-based standard)
• HTTP X.509 client certificate exchange (an IETF RFC-based standard)
• LDAP (a very common approach to cross-platform authentication needs, especially in large environments)
• Form-based authentication (for simple user interface needs)
• OpenID authentication
• Authentication based on pre-established request headers (such as Computer Associates Siteminder)
• JA-SIG Central Authentication Service (otherwise known as CAS, which is a popular open source single sign-on system)
• Transparent authentication context propagation for Remote Method Invocation (RMI) and HttpInvoker (a Spring remoting protocol)
• Automatic "remember-me" authentication (so you can tick a box to avoid re-authentication for a predetermined period of time)
• Anonymous authentication (allowing every unauthenticated call to automatically assume a particular security identity)
• Run-as authentication (which is useful if one call should proceed with a different security identity)
• Java Authentication and Authorization Service (JAAS)
• JEE container autentication (so you can still use Container Managed Authentication if desired)
• Kerberos
• Java Open Source Single Sign On (JOSSO) *
• OpenNMS Network Management Platform *
• AppFuse *
• AndroMDA *
• Mule ESB *
• Direct Web Request (DWR) *
• Grails *
• Tapestry *
• JTrac *
• Jasypt *
• Roller *
• Elastic Path *
• Atlassian Crowd *
• Your own authentication systems (see below)

Spring Security的jar包说明

使用Maven获取Spring Security：

<dependencies> <!-- ... other dependency elements ... -->
　　<dependency>
　　　　<groupId>org.springframework.security</groupId> 
　　　　<artifactId>spring-security-web</artifactId> 
　　　　<version>3.2.5.RELEASE</version>
　　</dependency>
　　<dependency>
　　　　<groupId>org.springframework.security</groupId> 
　　　　<artifactId>spring-security-config</artifactId> 
　　　　<version>3.2.5.RELEASE</version>
　　</dependency>
</dependencies>

  上面这部分是Spring Security必要的jar包。

Spring Security: Spring Security简介,布布扣,bubuko.com

Spring Security: Spring Security简介

原文：http://www.cnblogs.com/f1194361820/p/3918726.html