SpringOne2020 - Spring Security Pattern

SpringOne2020 - SpringSecurityPattern

Principle

　　secure by default

　　Least Privilege

Tools

　　UserDetailService, FilterChain, Filter interface

　　SecurityContextHolder.getContext - context hold the info of current login user

　　spring-security-oauth-authorization-server

　　JwtAuthenticationConvertor

　　Pre/PostAuthorization annotation, @EnableGlobalMethodSercurity

　　Config the authorization checking in request level