Spring Security

• Spring Security

Password Storage

• Password Storage
• bcrypt - Wikipedia
• One-way encryption

Spring Security 구조

• Architecture

Authentication 구조

• Servlet Authentication Architecture

Authorization 구조

• Authorization Architecture
• Expression-Based Access Control
• Ant patterns

Spring Security + JWT

Java JWT libraries

• GitHub - jwtk/jjwt: Java JWT: JSON Web Token for Java and Android
• GitHub - auth0/java-jwt: Java implementation of JSON Web Token (JWT)

Authentication

UsernamePasswordAuthenticationFilter 등 인증 처리 필터를 상속하여 access token 및 refresh token 발행 추가 구현

• UsernamePasswordAuthenticationFilter (API)
• AuthenticationSuccessHandler (API)
• AuthenticationFailureHandler (API)

Verification & Authorization

OncePerRequestFilter를 상속하여 access token 및 refresh token 검증, payload로부터 인가 정보 확인 구현

• What Is OncePerRequestFilter?
• OncePerRequestFilter (API)
• AuthenticationEntryPoint (API)
• AccessDeniedHandler (API)

Spring Security + OAuth 2.0 (Google API)

• API 및 서비스 - Google Cloud Platform
• ClientRegistration (API)
• CommonOAuth2Provider (API)
• CommonOAuth2Provider
• OAuth2AuthorizedClient (API)
• Core Interfaces and Classes

Another Security Framework

• Apache Shiro | Simple. Java. Security.