https://github.com/shiru99/spring-security
https://github.com/shiru99/spring-security
Last synced: about 17 hours ago
JSON representation
- Host: GitHub
- URL: https://github.com/shiru99/spring-security
- Owner: Shiru99
- Created: 2021-07-15T09:24:28.000Z (almost 5 years ago)
- Default Branch: main
- Last Pushed: 2021-07-18T10:24:02.000Z (almost 5 years ago)
- Last Synced: 2025-01-08T01:46:30.140Z (over 1 year ago)
- Language: Java
- Size: 3.08 MB
- Stars: 0
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# Spring-Security
Spring Security is a Java/Java EE framework that provides authentication, authorization and other security features for enterprise applications.
* Handles common vulnerabilities
* session fixation
* Clickjacking
* Click site request forgery
* what Spring Security can do :
* User name/password authentication
* SSO/Okta/LDAP
* App level Authorization
* Intra App Authorization like OAuth
* Microservice security (using tokens, JWT)
# Basics
1. Authentication (Who are you)
One of the fundamental ways to secure a resource is to make sure that the caller is who they claim to be. This process of checking credentials and making sure that they are genuine is called authentication.
* knowledge based authentication : Password OR Pin code OR Answer to secret/personal question
* Possession based authentication : Phone or Text messages OR Key-cards/Badges OR Access token device
* Multi-Factor authentication
2. Authorization (Can this user do this)
Store : Customer vs Store Clerk vs Department Manager vs Manager
3. Principal (Currently logged in user)
A Principal represents a user's identity. Principal allows us to visit different URLs within same domain with just one-time logging in a session.
4. GrantedAuthority (permission or a right)
granting different GrantedAuthorities (permissions) to users
5. Roles (bunch of permissions)
Admin vs User