Spring Boot Security
2019-02-21 16:58:08 34 举报AI智能生成
spring security
作者其他创作
大纲/内容
OAuth 2.0
References
http://www.rfcreader.com/#rfc6749
https://oauth.net/
http://www.ruanyifeng.com/blog/2014/05/oauth_2_0.html
Spring Security
Spring Security OAuth
References
https://projects.spring.io/spring-security-oauth/docs/Home.html
OAuth 1.0
References
https://projects.spring.io/spring-security-oauth/docs/oauth1.html
OAuth 2
References
https://projects.spring.io/spring-security-oauth/docs/oauth1.html
provider
Authorization Server
Annotations
@EnableAuthorizationServer
@EnableWebSecurity
Beans
AuthorizationServerConfigurer
UserDetailsService
Endpoints
/oauth/authorize
AuthorizationEndpoint
/oauth/token
TokenEndpoint
/oauth/check_token
/oauth/confirm_access
/oauth/error
Resource Server
Annotations
@EnableResourceServer
Beans
OAuth2AuthenticationProcessingFilter
client
Spring Security Kerberos
?
Spring Security SAML
?
Spring Session
Spring Boot Security
References
https://docs.spring.io/spring-boot/docs/1.5.19.RELEASE/reference/htmlsingle/#boot-features-security
OAuth2
Token Type in User Info
Customizing the User Info RestTemplate
Actuator Security
Spring Cloud Security
References
https://cloud.spring.io/spring-cloud-static/spring-cloud-security/1.2.3.RELEASE/single/spring-cloud-security.html#_oauth2_single_sign_on
Quickstart
OAuth2 Single Sign On
OAuth2 Protected Resource
More Detail
Single Sign On
Token Relay
Client Token Relay
Client Token Relay in Zuul Proxy
Resource Server Token Relay
Configuring Authentication Downstream of a Zuul Proxy
其它
Authorization Type
Bearer Token
A bearer token is a security token. Any user with a bearer token can use it to access data resources without using a cryptographic key.
Basic Auth
Basic Auth is an authorization type that requires a verified username and password to access a data resource.
Authentication method
Request Headers
Authorization: "Basic 用户名和密码的base64加密字符串"
Request URL
http://userName:password@api.minicloud.com.cn
Digest Auth
In a digest authentication flow, the client sends a request to a server, which sends back nonce and realm values for the client to authenticate. The client sends back a hashed username and password with the nonce and realm. The server then sends back the requested data.
OAuth 1.0
OAuth 1.0 is an authorization type that enables you to approve an application that contacts another application for you without exposing your password.
OAuth 2.0
OAuth 2.0 is an authorization type that enables you to approve an application that contacts another application for you without exposing your password.
OAuth是一个关于授权(authorization)的开放网络标准,在全世界得到广泛应用,目前的版本是2.0版。
Grant Type
授权方式
授权方式
Authentication Code
授权码模式
授权码模式
授权码模式(authorization code)是功能最完整、流程最严密的授权模式。它的特点就是通过客户端的后台服务器,与"服务提供商"的认证服务器进行互动。
Postman Parameters
Callback URL
Auth URL
Access Token URL
Client ID
Client Secret
Scope
State
Implicit
简化模式
简化模式
简化模式(implicit grant type)不通过第三方应用程序的服务器,直接在浏览器中向认证服务器申请令牌,跳过了"授权码"这个步骤,因此得名。所有步骤在浏览器中完成,令牌对访问者是可见的,且客户端不需要认证。
Postman Parameters
Callback URL
Auth URL
Client ID
Scope
State
Password Credentials
密码模式
密码模式
密码模式(Resource Owner Password Credentials Grant)中,用户向客户端提供自己的用户名和密码。客户端使用这些信息,向"服务商提供商"索要授权。
Postman Parameters
Access Token URL
Username
Password
Client ID
Client Secret
Scope
Client Credentials
客户端模式
客户端模式
客户端模式(Client Credentials Grant)指客户端以自己的名义,而不是以用户的名义,向"服务提供商"进行认证。严格地说,客户端模式并不属于OAuth框架所要解决的问题。在这种模式中,用户直接向客户端注册,客户端以自己的名义要求"服务提供商"提供服务,其实不存在授权问题。
Postman Parameters
Access Token URL
Client ID
Client Secret
Scope
Authentication method
Request Headers
Request URL
Hawk Authentication
Hawk authentication enables you to make authenticated requests with partial cryptographic verification of the request.
AWS Signature
AWS is the authorization workflow for Amazon Work Services requests.
NTLM Authentication [Beta]
Windows Challenge/Response (NTLM) is the authorization flow for the Windows operating system and for stand-alone systems.
0 条评论
下一页
