Spring Security
What is spring security ? Spring Security is a framework helps to protect web apps, apis, MVC applications from external security issues. It helps to authenticate , authorize, protect the app from externals hackers. Authenticate: Identify the user is a valid user to enter/use our application. Authorization: Identified user's permission to access a particular resource inside the application. In spring boot we have a Gradle/maven dependency 'org.springframework.boot:spring-boot-starter-security' helps to add spring security feature in our application. By default we have added the "form based authentication" , it prompts for user name and password . Default user name is user, password get from the spring boot application started terminal: Spring security filters: When a http requests comes it will land in set of filter chain which handles the security operations. Below Diagram shows the flow. In a spring mvc application, Client send the request to tomcat servlet container Container sends the http request to dispatcher servlet in the format of http servlet. Dispatcher servlet with help of handler mapping , transfers the request to controller After dispatcher servlet using view resolver send the data back to tomcat container 5.Tomcat container converts the servlet response to http response and send it to client Here the filter chain is created by Tomcat which contains the filters responsible to map the request to dispatcher servlet. Dispatcher servlet will do all remaining. Filters as in above diagram can be a single filter/ filter chain that will be handled by servlet api. DelegatingFilterProxy The management of filters will be handed over to spring IOC container through a filter called DelegatingFilterProxy. FilterChainProxy FilterChainProxy is a special type of filter provided by spring security helps to delegate multiple filters using the class securityfilterchain Securityfilterchain: Securityfilterchain is used by filterchainproxy to identify which security filter should be invoked to handle the current request. Even we have multiple security filter chains , filterchain proxy identify which secuirtyfilter chain should be used. Basic Flow of Spring security: Basically the https request passed to securityfilterchain, filter communicates with Authentication manager object which contains authorize method , which in turn communicates with Authentaicationproviders provided by spring (LDAPauthentication provider,oauthauthenticationprovider,daoauthenticationprovider) , which in turn calls the userdetails object which has implementations for "cachinguserdetailsservice", "inmemoryuserdetailsservice","JDBCdaoImpl" service.
What is spring security ?
Spring Security is a framework helps to protect web apps, apis, MVC applications from external security issues. It helps to authenticate , authorize, protect the app from externals hackers.
Authenticate:
Identify the user is a valid user to enter/use our application.
Authorization:
Identified user's permission to access a particular resource inside the application.
In spring boot we have a Gradle/maven dependency 'org.springframework.boot:spring-boot-starter-security' helps to add spring security feature in our application.
By default we have added the "form based authentication" , it prompts for user name and password .
Default user name is user, password get from the spring boot application started terminal:
Spring security filters:
When a http requests comes it will land in set of filter chain which handles the security operations. Below Diagram shows the flow.
In a spring mvc application,
- Client send the request to tomcat servlet container
- Container sends the http request to dispatcher servlet in the format of http servlet.
- Dispatcher servlet with help of handler mapping , transfers the request to controller
- After dispatcher servlet using view resolver send the data back to tomcat container 5.Tomcat container converts the servlet response to http response and send it to client
Here the filter chain is created by Tomcat which contains the filters responsible to map the request to dispatcher servlet. Dispatcher servlet will do all remaining.
Filters as in above diagram can be a single filter/ filter chain that will be handled by servlet api.
DelegatingFilterProxy
The management of filters will be handed over to spring IOC container through a filter called DelegatingFilterProxy.
FilterChainProxy
FilterChainProxy is a special type of filter provided by spring security helps to delegate multiple filters using the class securityfilterchain
Securityfilterchain:
Securityfilterchain is used by filterchainproxy to identify which security filter should be invoked to handle the current request.
Even we have multiple security filter chains , filterchain proxy identify which secuirtyfilter chain should be used.
Basic Flow of Spring security:
Basically the https request passed to securityfilterchain, filter communicates with Authentication manager object which contains authorize method , which in turn communicates with Authentaicationproviders provided by spring (LDAPauthentication provider,oauthauthenticationprovider,daoauthenticationprovider) , which in turn calls the userdetails object which has implementations for "cachinguserdetailsservice", "inmemoryuserdetailsservice","JDBCdaoImpl"
service.
