Authentication
-
Servlet 身份验证架构:描述验证过程的一般架构。
-
身份验证机制:详细介绍用户验证的具体方法,如用户名/密码、OAuth 2.0、SAML 2.0 和 JAAS 等。
Spring Security 为 Authentication提供了全面的支持。我们先讨论总体的 Servlet Authentication Architecture。正如你可能预期的那样,此部分更加抽象,描述架构而不怎么讨论其如何适用于具体流程。
Spring Security provides comprehensive support for Authentication. We start by discussing the overall Servlet Authentication Architecture. As you might expect, this section is more abstract describing the architecture without much discussion on how it applies to concrete flows.
如果你愿意,可以参阅 Authentication Mechanisms,了解用户可以认证的具体方式。这些章节着重于你可能希望认证的具体方式,并指回体系结构章节来描述具体流程如何运作。
If you prefer, you can refer to servlet-authentication-mechanisms for concrete ways in which users can authenticate. These sections focus on specific ways you may want to authenticate and point back at the architecture sections to describe how the specific flows work.
Authentication Mechanisms
-
Username and Password - how to authenticate with a username/password
-
OAuth 2.0 Login - OAuth 2.0 Log In with OpenID Connect and non-standard OAuth 2.0 Login (i.e. GitHub)
-
SAML 2.0 Login - SAML 2.0 Log In
-
Central Authentication Server (CAS) - Central Authentication Server (CAS) Support
-
Remember Me - how to remember a user past session expiration
-
JAAS Authentication - authenticate with JAAS
-
Pre-Authentication Scenarios - authenticate with an external mechanism such as SiteMinder or Java EE security but still use Spring Security for authorization and protection against common exploits.
-
X509 Authentication - X509 Authentication