To celebrate getting back to developing with SpringBoot after a long time, let's organize this again!
References: bamdule.tistory.com, [Book] Learning Spring Web Project through Code
- A framework responsible for application security in Spring-based applications
- Enables simple implementation of user authentication / authorization / security processing!
- Because it operates based on
Filters, it works separately from Spring MVC
- Principal
- A user accessing an application where the security system is operating
- Authentication
- Identifying the accessing user and checking whether they can access the application
- Authorize (Authorization)
- Checking whether an authenticated user can use the application's features
- Processed using various types of filters and interceptors from Servlet
Filter- A simple filter as referred to in Servlet
- A Servlet resource independent of Spring
Interceptor- Plays the role of a filter in Spring
- Managed as a Spring Bean and belongs within the Spring Context
-
When using Spring Security, a separate Context is created and processed using
InterceptorandFilter -
Since Spring Security operates within the current Spring Context, it can be designed to enable various authentication methods by utilizing the various beans already included in the context!