Chapter 9 Spring Security CSRF defense

Spring Security has enabled CSRF defense by default. What is CSRF CSRF is a browser cross site forged request. Hackers can induce users to perform some unexpected behaviors, which allows attackers to partially bypass the homologous strategy. For example, after the user logs in to system A, the user can modify his mailbox, and then the browse ...

Posted by upnxwood16 on Fri, 22 Oct 2021 17:44:39 -0700

Spring Security - getting started

The notes of this article are from the dark horse video https://www.bilibili.com/video/BV1vt4y1i7zA , relevant information can be obtained in the comment area of the video. This information includes the background management system for preparing a semi-finished product in advance. If you want to improve another part, you need to use spri ...

Posted by factoring2117 on Wed, 06 Oct 2021 14:19:13 -0700

Spring Security Series tutorial 13 -- implementing graphic verification code based on filter

preface In the first two chapters, I took you to learn the core API of Spring Security on authentication and authorization, as well as the execution process and underlying principle of authentication and authorization. After mastering these, we not only know what it is, but also know why it is! In the current job hunting environment, it is no ...

Posted by etsauer on Sat, 25 Sep 2021 17:11:06 -0700

Spring Boot Note 6 - SMS verification code login for user authentication and authorization

In the previous article, spring security, oauth2 and JWT were used to realize the most commonly used account and password login function. However, there are at least two login methods in the current external online system, and the most commonly used is the SMS verification code. This method has many advantages, such as naturally knowing the use ...

Posted by kingsol on Thu, 23 Sep 2021 07:28:52 -0700

Spring Security Series Tutorial 10--Authorization based on a custom database model

Preface In the last chapter, one brotherExplains how to implement authentication authorization based on the default database model, in which the user's information is stored in the database, but there are many limitations! Because we have to build the database and build tables according to the source code, there is a lack of flexibility. When ...

Posted by flforlife on Fri, 17 Sep 2021 06:47:52 -0700