吐槽spring security 3.2 框架
在实际应用中觉得spring security的命名空间缺少两个元素:<!--[endif]-->
form-login 没有Post-only属性的配置,而UsernamePasswordAuthenticationFilter 源码中post默认为true
public class UsernamePasswordAuthenticationFilter extends
AbstractAuthenticationProcessingFilter {
public static final String SPRING_SECURITY_FORM_USERNAME_KEY = "j_username";
public static final String SPRING_SECURITY_FORM_PASSWORD_KEY = "j_password";
@Deprecated
public static final String SPRING_SECURITY_LAST_USERNAME_KEY = "SPRING_SECURITY_LAST_USERNAME";
private String usernameParameter = "j_username";
private String passwordParameter = "j_password";
private boolean postOnly = true;
why http 中提供了FilterSecurityInterceptor的accessDecisionManager和authenticationManager的配置,而不提供FilterInvocationSecurityMetadataSource的配置??
推荐阅读
-
Spring Security框架进阶、自定义登录
-
web应用安全框架选型:Spring Security与Apache Shiro
-
详解Springboot2.3集成Spring security 框架(原生集成)
-
吐槽spring security 3.2 框架
-
吐槽spring security 3.2 框架
-
Spring Security安全框架
-
Spring Security框架下实现两周内自动登录"记住我"功能
-
在Spring Security框架下JWT的实现细节原理
-
SSH框架结合Spring Security3新手入门
-
SpringBoot 整合Spring Security安全框架 前后端分离(三)