WEB/Security

[java brains] Spring security basic

Tony Lim 2021. 4. 1. 21:43
728x90

 Spring Security

Application level security not App Server security is already taken care of.

Using Spring Security is hiring 24h guard for my application

  • Login and logout functionality
  • allow / block access to urls to logged in users
  • allow / block access to urls to logged in users and with certain roles

 

5 Core Concepts in Spring Security

Authentication

Knowledge Based Authentication = giving ID and Password , Easy to steal becuase they are just strings.

Possesion Based Authentication = Phone / Text messages , Key cards and badges , Access token device

Mutil Factor Authentication = KBA + PBA

 

Authorization

Can this user do what they want to do? basically yes or no question.

 

Principal

Currnetly logged in user(account) , you get your  principal so you don't need to login every request. 

one user can have mutiple IDs but there is usually just one logged-in user (like google)

 

Granted Authority

how does authorization happen? specifiy before hands , bunch of permission per User

 

Roles

Group of authorites.

 

Ref 

What is Spring Security really all about? Java Brains Brain Bytes - YouTube

Five Spring Security Concepts - Authentication vs authorization - Java Brains Brain Bytes - YouTube

728x90

'WEB > Security' 카테고리의 다른 글

[java brains] JWT+ Spring Security  (0) 2021.04.18
[java brains] JWT  (0) 2021.04.15
[java brains] JPA authentication  (0) 2021.04.14
[java brains] how Spring Security Authentication works  (0) 2021.04.12
[java brains] Filters , Configure  (0) 2021.04.12