Security concepts
- Principal – user, device or system that performs an action
- Authentication – establishing that a principal’s credentials are valid
- Authorization – deciding if a principal is allowed to access a resource
- Authority – Permission or credential enabling access
- Secured Resource – Resource that is being secured
Structure
Security Filters
SecurityContexPersistenceFilter
URL Authorization
Example
@Configuration
@EnableWebSecurity
public class SecurityConfig {
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http
.csrf(Customizer.withDefaults())
.authorizeHttpRequests(authorize -> authorize
.anyRequest().authenticated()
)
.httpBasic(Customizer.withDefaults())
.formLogin(Customizer.withDefaults());
return http.build();
}
}