Spring Security 是一个基于 Spring 的安全框架,为 Web 应用安全提供了完整的解决方案。一般来说,Web应用程序的安全包括用户认证(Authentication)和用户授权(Authorization)两部分。用户认证是指验证用户是否是系统中的合法主体,即用户是否可以访问系统。用户认证一般需要用户提供用户名和密码,系统通过验证用户名和密码来完成认证过程。用户授权是指验证用户是否具有执行某项操作的权限。在一个系统中,不同的用户有不同的权限。一般来说,系统会为不同的用户分配不同的角色,每个角色对应一系列的权限。本课程详细阐述了Spring Security的安全框架,通过案例带你快速学习和掌握Spring Security。
(Spring Security is a Spring-based security framework that provides a complete solution for web application security. Generally speaking, the security of Web applications includes two parts: user authentication (Authentication) and user authorization (Authorization). User authentication refers to verifying whether the user is a legitimate subject in the system, that is, whether the user can access the system. User authentication generally requires the user to provide a user name and password, and the system completes the authentication process by verifying the user name and password. User authorization refers to verifying that a user has permission to perform an action. In a system, different users have different permissions. Generally speaking, the system assigns different roles to different users, and each role corresponds to a series of permissions. This course elaborates the security framework of Spring Security in detail, and takes you to quickly learn and master Spring Security through cases.)