In this post, we are going to discuss about Spring Framework “Security” Module Basics. We will develop some simple and advanced examples in my coming posts.

在本文中，我们将讨论有关Spring Framework“安全性”模块的基础知识。 我们将在以后的文章中开发一些简单和高级的示例。

Now-a-days, Developing Secure Applications is very crucial aspect to avoid Malfunctioning, Stealing or hacking our confidential data or unauthorized access. We can develop Secure applications using Spring Security Module to restrict access to our applications.

如今，开发安全应用程序对于避免发生故障，窃取或入侵我们的机密数据或未经授权的访问至关重要。 我们可以使用Spring Security Module开发安全应用程序，以限制对我们应用程序的访问。

Spring4安全 (Spring 4 Security)

Initially, Spring Framework was using a separate Third-Party Framework to support Spring Applications Security: Acegi Security. But it was not easy approach to develop secure applications and had some drawbacks.

最初，Spring Framework使用一个单独的第三方框架来支持Spring Applications Security：Acegi Security。 但是开发安全应用程序并不容易，并且存在一些缺点。

Spring Acegi Security的缺点 (Drawbacks of Spring Acegi Security)

1. Lot of XML Configuration
   很多XML配置
2. Too much learning curve
   学习曲线过多
3. Does not support Annotations
   不支持注释

To avoid all these issues, The Spring Team (Pivotal Team) has integrated “Acegi Security” framework into Spring Framework as “Spring Security” module.

为了避免所有这些问题，Spring团队（Pivotal团队）已将“ Acegi Security”框架作为“ Spring Security”模块集成到Spring框架中。

Spring 4 Framework has the following modules to provide Security to the Spring-Based Applications:

Spring 4 Framework具有以下模块，可为基于Spring的应用程序提供安全性：

1. Spring Security
   Spring安全
2. Spring Security SAML
   Spring安全SAML
3. Spring Security OAuth
   Spring安全OAuth
4. Spring Security Kerberos
   Spring Security Kerberos
5. Spring Cloud Security
   Spring Cloud安全性

In Spring Framework, “Spring Security” module is the base module for rest of the Spring Security modules.

在Spring Framework中，“ Spring Security”模块是其余Spring Security模块的基本模块。

We are going to discuss some basics of “Spring Security” module in this post. We will discuss some simple and advanced real-time examples in my coming posts.

在本文中，我们将讨论“ Spring Security”模块的一些基础知识。 我们将在我的后续文章中讨论一些简单和高级的实时示例。

We will come back to rest of four modules once we are familiar with “Spring Security” module in my coming posts.

一旦我们在接下来的帖子中熟悉了“ Spring Security”模块，我们将回到四个模块的其余部分。

什么是Spring Security？ (What is Spring Security?)

Spring Security is one of the Spring Framework’s Security modules. It is a Java SE/Java EE Security Framework to provide Authentication, Authorization, SSO and other Security features for Web Applications or Enterprise Applications.

Spring Security是Spring Framework的Security模块之一。 它是一个Java SE / Java EE安全框架，为Web应用程序或企业应用程序提供身份验证，授权，SSO和其他安全功能。

Spring Security Official website: https://projects.spring.io/spring-security/

Spring Security官方网站：https://projects.spring.io/spring-security/

Spring Security Documentation website: https://docs.spring.io/spring-security/site/docs/

Spring Security Documentation网站：https://docs.spring.io/spring-security/site/docs/

Latest stable, Spring Security Module version is “4.0.2.RELEASE”

Spring Security Module的最新稳定版本是“ 4.0.2.RELEASE”

Spring 4安全功能 (Spring 4 Security Features)

Spring 3.x Security Framework provides the following Features:

Spring 3.x安全框架提供以下功能：

1. Authentication and Authorization.
   身份验证和授权。
2. Supports BASIC,Digest and Form-Based Authentication.
   支持BASIC，摘要和基于表单的身份验证。
3. Supports LDAP Authentication.
   支持LDAP认证。
4. Supports OpenID Authentication.
   支持OpenID认证。
5. Supports SSO (Single Sign-On) Implementation.
   支持SSO（单点登录）实施。
6. Supports Cross-Site Request Forgery (CSRF) Implementation.
   支持跨站点请求伪造（CSRF）实施。
7. Supports “Remember-Me” Feature through HTTP Cookies.
   通过HTTP Cookies支持“记住我”功能。
8. Supports Implementation of ACLs
   支持ACL的实施
9. Supports “Channel Security” that means automatically switching between HTTP and HTTPS.
   支持“通道安全性”，这意味着自动在HTTP和HTTPS之间切换。
10. Supports I18N (Internationalisation).
    支持I18N（国际化）。
11. Supports JAAS (Java Authentication and Authorization Service).
    支持JAAS（Java身份验证和授权服务）。
12. Supports Flow Authorization using Spring WebFlow Framework.
    使用Spring WebFlow Framework支持流程授权。
13. Supports WS-Security using Spring Web Services.
    使用Spring Web Services支持WS-Security。
14. Supports Both XML Configuration and Annotations. Very Less or minimal XML Configuration.
    同时支持XML配置和注释。 很少或最少的XML配置。

Spring 4.x Security Framework supports the following New Features:

Spring 4.x安全框架支持以下新功能：

1. Supports WebSocket Security.
   支持WebSocket安全。
2. Supports Spring Data Integration.
   支持Spring数据集成。
3. CSRF Token Argument Resolver.
   CSRF令牌参数解析器。

We will develop some simple examples to demonstrate these features in my coming posts.

在接下来的文章中，我们将开发一些简单的示例来演示这些功能。

Spring4安全级别 (Spring 4 Security Levels)

Spring Security supports the following two Levels of Authorization

Spring Security支持以下两个授权级别

1. Method Level Authorization
   方法级别授权
2. URL Level Authorization
   URL级别授权

NOTE

Spring Security supports “Method Level Security” by using AOP (Aspect-Oriented Programming) that means through Aspects. Spring Security supports “URL Level Security” by using Servlet filters.

注意

Spring Security通过使用经过方面的AOP（面向方面​​的编程）来支持“方法级安全性”。 Spring Security通过使用Servlet过滤器来支持“ URL级安全性”。

Spring 4安全性优势 (Spring 4 Security Advantages)

Spring 4 Security Framework provides the following Advantages:

Spring 4 Security Framework具有以下优点：

1. Open Source Security Framework
   开源安全框架
2. Flexible, Easy to Develop and Unit Test the applications
   灵活，易于开发和对应用程序进行单元测试
3. Declarative Security Programming
   声明式安全编程
4. Easy of Extendability
   易于扩展
5. Easy of Maintenance
   易于维护
6. Takes full advantage of Spring DI(Dependency Injection) and AOP.
   充分利用Spring DI（依赖注入）和AOP。
7. We can develop Loosely-Coupled Applications.
   我们可以开发松耦合应用程序。

Spring 4安全子模块 (Spring 4 Security Sub-Modules)

Spring 4 Security Module is again divided into 11 sub-modules. It has the following sub-modules:

Spring 4安全模块再次分为11个子模块 。 它具有以下子模块：

1. Spring Security Core Module
   Spring安全核心模块
2. Spring Security Configuration Module
   Spring安全配置模块
3. Spring Security Web Module
   Spring Security Web模块
4. Spring Security Tag Library Module
   Spring安全标签库模块
5. Spring Security AspectJ Module
   Spring Security AspectJ模块
6. Spring Security ACL Module
   Spring Security ACL模块
7. Spring Security LDAP Module
   Spring Security LDAP模块
8. Spring Security OpenID Module
   Spring Security OpenID模块
9. Spring Security CAS Module
   Spring Security CAS模块
10. Spring Security Cryptography Module
    Spring Security密码学模块
11. Spring Security Remoting Module
    Spring安全远程模块

In Spring Framework’s Security Sub-Module, Spring Security Core Sub-Module is the base module for rest of all Security Sub-modules.

在Spring Framework的Security子模块中，Spring Security Core子模块是其余所有Security子模块的基本模块。

To support these 11 Spring Security modules, Spring framework has the following jars:

为了支持这11个Spring Security模块，Spring框架具有以下jar：

1. spring-security-core-4.0.2.RELEASE.jar
   spring-security-core-4.0.2.RELEASE.jar
2. spring-security-config-4.0.2.RELEASE.jar
   spring-security-config-4.0.2.RELEASE.jar
3. spring-security-web-4.0.2.RELEASE.jar
   spring-security-web-4.0.2.RELEASE.jar
4. spring-security-taglibs-4.0.2.RELEASE.jar
   spring-security-taglibs-4.0.2.RELEASE.jar
5. spring-security-aspects-4.0.2.RELEASE.jar
   spring-security-aspects-4.0.2.RELEASE.jar
6. spring-security-acl-4.0.2.RELEASE.jar
   spring-security-acl-4.0.2.RELEASE.jar
7. spring-security-ldap-4.0.2.RELEASE.jar
   spring-security-ldap-4.0.2.RELEASE.jar
8. spring-security-openid-4.0.2.RELEASE.jar
   spring-security-openid-4.0.2.RELEASE.jar
9. spring-security-cas-4.0.2.RELEASE.jar
   spring-security-cas-4.0.2.RELEASE.jar
10. spring-security-crypto-4.0.2.RELEASE.jar
    弹簧安全加密4.0.2.RELEASE.jar
11. spring-security-remoting-4.0.2.RELEASE.jar
    spring-security-remoting-4.0.2.RELEASE.jar

Almost all Spring Security JARs have similar kind of Maven or Gradle dependency entries as shown below:

几乎所有的Spring Security JAR都有类似的Maven或Gradle依赖项，如下所示：

Spring安全专家 (Spring Security Maven)

        
             
      
       org.springframework.security
              
      
       [Spring Security Module Name Here]
              
      
       4.0.2.RELEASE
          
     
    

Spring安全Gradle (Spring Security Gradle)

dependencies {compile 'org.springframework.security:[Spring Security Module Name Here]:4.0.2.RELEASE'}

pom.xml

pom.xml

        
             
      
       org.springframework.security
              
      
       spring-security-core
              
      
       4.0.2.RELEASE
          
     
    

build.gradle

build.gradle

dependencies {    compile 'org.springframework.security:spring-security-core:4.0.2.RELEASE'}

That’s it all about Spring 4 Security Module basics. It’s time to start to develop some Simple Examples to explore Spring Security module.

这就是Spring 4 Security Module基础的全部内容。 现在该开始开发一些简单示例以探索Spring Security模块了。

We will use Spring STS Suite IDE, Maven or Gradle Build Tool and Java 7/8 to develop our applications.

我们将使用Spring STS Suite IDE，Maven或Gradle Build Tool和Java 7/8来开发我们的应用程序。

Please drop me a comment if you like my post or have any issues/suggestions.

如果您喜欢我的帖子或有任何问题/建议，请给我评论。

翻译自: