-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
7 changed files
with
67 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,11 @@ | ||
| @Autowired 和 @Resource 都是用来实现依赖注入的注解(在 Spring/Spring Boot 项目中),但二者却有着 5 点不同: | ||
|
|
||
| - 来源不同:@Autowired 来自 Spring 框架,而 @Resource 来自于(Java)JSR-250; | ||
| - 依赖查找的顺序不同:@Autowired 先根据类型再根据名称查询,而 @Resource 先根据名称再根据类型查询; | ||
| - 支持的参数不同:@Autowired 只支持设置 1 个参数,而 @Resource 支持设置 7 个参数; | ||
| - 依赖注入的用法支持不同:@Autowired 既支持构造方法注入,又支持属性注入和 Setter 注入,而 @Resource 只支持属性注入和 Setter 注入; | ||
| - 编译器 IDEA 的提示不同:当注入 Mapper 对象时,使用 @Autowired 注解编译器会提示错误,而使用 @Resource 注解则不会提示错误。 | ||
|
|
||
| ### 参考 | ||
|
|
||
| - [CSDN-@Autowired 和@Resource 到底有什么区别](https://blog.csdn.net/xhbzl/article/details/126765893) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,11 @@ | ||
| # Spring Security | ||
|
|
||
| 认证、授权、防止攻击 | ||
|
|
||
| [官方参考文档](https://docs.spring.io/spring-security/reference/index.html) | ||
|
|
||
| 这样的安全框架还有, | ||
|
|
||
| [Apache Shiro](https://shiro.apache.org/) | ||
|
|
||
| [Sa-Token](https://sa-token.cc/) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,18 @@ | ||
| # Oauth2 | ||
|
|
||
| Oauth2 是目前最流行的授权机制,用来授权第三方应用,获取用户数据。 | ||
|
|
||
| Oauth2 有四种角色,一个是客户端,一个是资源所有者,一个是授权服务器,还有一个是资源服务器。 | ||
|
|
||
| ### Oauth2 四种认证方式 | ||
|
|
||
| - 授权码模式(authorization code):要授权,同意,给授权码,拿授权码要令牌 | ||
| - 简化模式(隐藏模式)(implicit):要授权,同意,直接拿令牌,**_一般是第三方应用只有前端_** | ||
| - 密码模式(resource owner password credentials),要授权,直接给用户名和密码,**_及其信任,很少用到_** | ||
| - 客户端模式(client credentials),要授权,直接给令牌;**_一般是第三方应用的后端,同时支持很多自己的用户_** | ||
|
|
||
| 不管是哪一种授权方式,第三方应用申请令牌之前,都必须先到系统备案,说明自己的身份,然后拿到两个身份的识别码,客户端和客户端密钥,这是防止密钥被滥用,没有备案过的第三方的应用,是不会拿到令牌的 | ||
|
|
||
| ### 参考文档 | ||
|
|
||
| - [CSDN-前言技术之 Oauth2 全方面介绍](https://blog.csdn.net/m0_53151031/article/details/123737336) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,14 @@ | ||
| # 认证 | ||
|
|
||
| 参考 [Spring Security 认证](https://springdoc.cn/spring-security/servlet/authentication/index.html#servlet-authentication-mechanisms) | ||
|
|
||
| ### 认证机制 | ||
|
|
||
| - Username 和 Password - 如何用用户名/密码进行认证 | ||
| - OAuth 2.0 Login - 使用 OpenID Connect 和非标准的 OAuth 2.0 登录(即 GitHub)的 OAuth 2.0 登录。 | ||
| - SAML 2.0 Login - SAML 2.0 登录 | ||
| - Central Authentication Server (CAS) - 中央认证服务器(CAS)支持。 | ||
| - Remember Me - 如何记住一个过了 session 有效期的用户。 | ||
| - JAAS Authentication - 用 JAAS 进行认证 | ||
| - Pre-Authentication Scenarios - 使用外部机制(如 SiteMinder 或 Java EE security)进行认证,但仍使用 Spring Security 进行授权并保护其免受常见漏洞的侵害。 | ||
| - X509 Authentication - X509 认证 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,7 @@ | ||
| 参考 [Spring Security 防范漏洞攻击](https://springdoc.cn/spring-security/features/exploits/index.html) | ||
|
|
||
| 包括: | ||
|
|
||
| - CSRF 跨站请求伪造 | ||
| - HTTP Header : Spring Security 提供了一套默认的安全相关的 HTTP 响应头,以提供安全的默认值。 | ||
| - HTTP : 所有基于 HTTP 的通信,包括 静态资源,都应该通过使用 TLS 进行保护。作为一个框架,Spring Security 并不处理 HTTP 连接,因此并不直接提供对 HTTPS 的支持。然而,它确实提供了一些有助于 HTTPS 使用的功能。 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters