search
Machine LearningBook ReviewsGithub

Spring Security

To celebrate getting back to developing with SpringBoot after a long time, let's organize this again!

References: bamdule.tistory.comarrow-up-right, [Book] Learning Spring Web Project through Code

hashtag
What is Spring Security?

  • A framework responsible for application security in Spring-based applications

  • Enables simple implementation of user authentication / authorization / security processing!

  • Because it operates based on Filters, it works separately from Spring MVC

hashtag
Security Terms

  1. Principal

    • A user accessing an application where the security system is operating

  2. Authentication

    • Identifying the accessing user and checking whether they can access the application

  3. Authorize (Authorization)

    • Checking whether an authenticated user can use the application's features

hashtag
How Spring Security Works?

  • Processed using various types of filters and interceptors from Servlet

    • Filter

      • A simple filter as referred to in Servlet

      • A Servlet resource independent of Spring

    • Interceptor

      • Plays the role of a filter in Spring

      • Managed as a Spring Bean and belongs within the Spring Context

img

  • When using Spring Security, a separate Context is created and processed using Interceptor and Filter

  • Since Spring Security operates within the current Spring Context, it can be designed to enable various authentication methods by utilizing the various beans already included in the context!

PreviousSpring AdvancedNextRegister a Spring Bean in the Spring IoC Container

Last updated