SpringSecurity------Hello Spring Security （五）_综合

SpringSecurity------Hello Spring Security（五）

Hello Spring Security
- 一、Spring Boot Auto Configuration
- - 1、Spring Boot automatically
  - 2、Spring Boot is not configuring much, but it does a lot. A summary of the features follows

Hello Spring Security

Spring Security integrates（使…成整体） with the Servlet Container by using a standard（标准） Servlet Filter. This means it works with any application that runs in a Servlet Container. More concretely（具体地）, you do not need to use Spring in your Servlet-based application to take advantage（优势） of Spring Security.

一、Spring Boot Auto Configuration

1、Spring Boot automatically

Enables Spring Security’s default configuration, which creates a servlet Filter as a bean named springSecurityFilterChain. This bean is responsible for all the security (protecting the application URLs, validating submitted username and passwords, redirecting to the log in form, and so on) within your application.
Creates a UserDetailsService bean with a username of user and a randomly generated password that is logged to the console.
Registers the Filter with a bean named springSecurityFilterChain with the Servlet container for every request.

2、Spring Boot is not configuring much, but it does a lot. A summary of the features follows

Require an authenticated user for any interaction with the application
Generate a default login form for you
Let the user with a username of user and a password that is logged to the console to authenticate with form-based authentication (in the preceding example, the password is 8e557245-73e2-4286-969a-ff57fe326336)
Protects the password storage with BCrypt
Lets the user log out
CSRF attack prevention
Session Fixation protection
Security Header integration
- HTTP Strict Transport Security for secure requests
- X-Content-Type-Options integration
- Cache Control (can be overridden later by your application to allow caching of your static resources)
- X-XSS-Protection integration
- X-Frame-Options integration to help prevent Clickjacking
Integrate with the following Servlet API methods:
- HttpServletRequest#getRemoteUser()
- HttpServletRequest.html#getUserPrincipal()
- HttpServletRequest.html#isUserInRole(java.lang.String)
- HttpServletRequest.html#login(java.lang.String, java.lang.String)
- HttpServletRequest.html#logout()