- Hands-On Spring Security 5 for Reactive Applications
- Tomcy John
- 192字
- 2021-07-23 18:59:16
Spring Security terminologies
It's important to understand some of the most important Spring Security terminologies. Let's look at some of them:
- Principal: Any user, device, or system (application) that would like to interact with your application.
- Authentication: A process by which your application makes sure that the principal is who they claim to be.
- Credentials: When a principal tries to interact with your application, the authentication process kicks in and challenges the principal to pass on some values. One such example is a username/password combination and these values are called credentials. The authentication process validates the principal's passed-in credentials against a data store and replies back with the appropriate result.
- Authorization: After successful authentication, the principal is checked again for actions that it can perform on your application. This process of checking rights for a principal and then granting necessary permissions is called authorization.
- Secured item/resource: The item or resource that is marked as secured and requires the principal (user) to successfully complete both authentication and authorization.
- GrantedAuthority: A Spring Security object (org.springframework.security.core.GrantedAuthority interface) that contains/holds permissions/access-right details of a principal.
- SecurityContext: A Spring Security object that holds a principal's authentication details.
推薦閱讀
- Android應(yīng)用安全實(shí)戰(zhàn):Frida協(xié)議分析
- 黑客大曝光:無(wú)線網(wǎng)絡(luò)安全(原書(shū)第3版)
- 安全技術(shù)運(yùn)營(yíng):方法與實(shí)踐
- Kerberos域網(wǎng)絡(luò)安全從入門(mén)到精通
- 博弈論與數(shù)據(jù)安全
- 網(wǎng)絡(luò)服務(wù)安全與監(jiān)控
- 捍衛(wèi)隱私
- 黑客攻防從入門(mén)到精通:命令版
- 信息系統(tǒng)安全等級(jí)化保護(hù)原理與實(shí)踐
- 密碼朋克:自由與互聯(lián)網(wǎng)的未來(lái)
- 網(wǎng)絡(luò)空間安全體系
- Hands-On Bug Hunting for Penetration Testers
- 網(wǎng)絡(luò)安全設(shè)計(jì)
- 網(wǎng)絡(luò)安全攻防技術(shù)實(shí)戰(zhàn)
- 智能制造的信息安全