스프링 시큐리티는 인증, 인가를 지원하고 주요 공격으로부터 어플리케이션을 보호해주는 프레임워크다. 명령형과 리액티브 어플리케이션 모두에서 가장 잘 동작하는, 사실상 스프링 기반 어플리케이션의 표준 보안 프레임워크다.

Prerequisites
Spring Security Community
- 2.1. Getting Help
- 2.2. Becoming Involved
- 2.3. Source Code
- 2.4. Apache 2 License
- 2.5. Social Media
What’s New in Spring Security 5.3
- 3.1. Documentation Updates
- 3.2. Servlet
- 3.3. WebFlux
- 3.4. RSocket
- 3.5. Additional Updates
- 3.6. Build Changes
Getting Spring Security
- 4.1. Release Numbering
- 4.2. Usage with Maven
- 4.3. Gradle
Features
- 5.1. Authentication
  - 5.1.1. Authentication Support
  - 5.1.2. Password Storage
- 5.2. Protection Against Exploits
Project Modules
- 6.1. Core — spring-security-core.jar
- 6.2. Remoting — spring-security-remoting.jar
- 6.3. Web — spring-security-web.jar
- 6.4. Config — spring-security-config.jar
- 6.5. LDAP — spring-security-ldap.jar
- 6.6. OAuth 2.0 Core — spring-security-oauth2-core.jar
- 6.7. OAuth 2.0 Client — spring-security-oauth2-client.jar
- 6.8. OAuth 2.0 JOSE — spring-security-oauth2-jose.jar
- 6.9. OAuth 2.0 Resource Server — spring-security-oauth2-resource-server.jar
- 6.10. ACL — spring-security-acl.jar
- 6.11. CAS — spring-security-cas.jar
- 6.12. OpenID — spring-security-openid.jar
- 6.13. Test — spring-security-test.jar
Samples
Hello Spring Security
- 8.1. Updating Dependencies
- 8.2. Starting Hello Spring Security Boot
- 8.3. Spring Boot Auto Configuration
Servlet Security: The Big Picture
- 9.1. A Review of Filters
- 9.2. DelegatingFilterProxy
- 9.3. FilterChainProxy
- 9.4. SecurityFilterChain
- 9.5. Security Filters
- 9.6. Handling Security Exceptions
Authentication
- 10.1. SecurityContextHolder
- 10.2. SecurityContext
- 10.3. Authentication
- 10.4. GrantedAuthority
- 10.5. AuthenticationManager
- 10.6. ProviderManager
- 10.7. AuthenticationProvider
- 10.8. Request Credentials with AuthenticationEntryPoint
- 10.9. AbstractAuthenticationProcessingFilter
- 10.10. Username/Password Authentication
  - 10.10.1. Form Login
  - 10.10.2. Basic Authentication
  - 10.10.3. Digest Authentication
  - 10.10.4. In-Memory Authentication
  - 10.10.5. JDBC Authentication
  - 10.10.6. UserDetails
  - 10.10.7. UserDetailsService
  - 10.10.8. PasswordEncoder
  - 10.10.9. DaoAuthenticationProvider
  - 10.10.10. LDAP Authentication
- 10.11. Session Management
  - 10.11.1. Detecting Timeouts
  - 10.11.2. Concurrent Session Control
  - 10.11.3. Session Fixation Attack Protection
  - 10.11.4. SessionManagementFilter
  - 10.11.5. SessionAuthenticationStrategy
  - 10.11.6. Concurrency Control
- 10.12. Remember-Me Authentication
  - 10.12.1. Overview
  - 10.12.2. Simple Hash-Based Token Approach
  - 10.12.3. Persistent Token Approach
  - 10.12.4. Remember-Me Interfaces and Implementations
- 10.13. OpenID Support
  - 10.13.1. Attribute Exchange
- 10.14. Anonymous Authentication
  - 10.14.1. Overview
  - 10.14.2. Configuration
  - 10.14.3. AuthenticationTrustResolver
- 10.15. Pre-Authentication Scenarios
  - 10.15.1. Pre-Authentication Framework Classes
  - 10.15.2. Concrete Implementations
- 10.16. Java Authentication and Authorization Service (JAAS) Provider
  - 10.16.1. Overview
  - 10.16.2. AbstractJaasAuthenticationProvider
  - 10.16.3. DefaultJaasAuthenticationProvider
  - 10.16.4. JaasAuthenticationProvider
  - 10.16.5. Running as a Subject
- 10.17. CAS Authentication
  - 10.17.1. Overview
  - 10.17.2. How CAS Works
  - 10.17.3. Configuration of CAS Client
- 10.18. X.509 Authentication
  - 10.18.1. Overview
  - 10.18.2. Adding X.509 Authentication to Your Web Application
  - 10.18.3. Setting up SSL in Tomcat
- 10.19. Run-As Authentication Replacement
  - 10.19.1. Overview
  - 10.19.2. Configuration
- 10.20. Handling Logouts
  - 10.20.1. Logout Java Configuration
  - 10.20.2. Logout XML Configuration
  - 10.20.3. LogoutHandler
  - 10.20.4. LogoutSuccessHandler
  - 10.20.5. Further Logout-Related References
- 10.21. Authentication Events
  - 10.21.1. Adding Exception Mappings
  - 10.21.2. Default Event
Authorization
- 11.1. Authorization Architecture
- 11.2. Authorize HttpServletRequest with FilterSecurityInterceptor
- 11.3. Expression-Based Access Control
- 11.4. Secure Object Implementations
  - 11.4.1. AOP Alliance (MethodInvocation) Security Interceptor
  - 11.4.2. AspectJ (JoinPoint) Security Interceptor
- 11.5. Method Security
- 11.6. Domain Object Security (ACLs)
OAuth2
- 12.1. OAuth 2.0 Login
- 12.2. OAuth 2.0 Client
- 12.3. OAuth 2.0 Resource Server
SAML2
- 13.1. SAML 2.0 Login
Protection Against Exploits
- 14.1. Cross Site Request Forgery (CSRF) for Servlet Environments
  - 14.1.1. Using Spring Security CSRF Protection
  - 14.1.2. CSRF Considerations
- 14.2. Security HTTP Response Headers
- 14.3. HTTP
- 14.4. HttpFirewall
Integrations
- 15.1. Servlet API integration
- 15.2. Spring Data Integration
  - 15.2.1. Spring Data & Spring Security Configuration
  - 15.2.2. Security Expressions within @Query
- 15.3. Concurrency Support
- 15.4. Jackson Support
- 15.5. Localization
- 15.6. Spring MVC Integration
- 15.7. WebSocket Security
- 15.8. CORS
- 15.9. JSP Tag Libraries
Java Configuration
- 16.1. Hello Web Security Java Configuration
- 16.2. HttpSecurity
- 16.3. Multiple HttpSecurity
- 16.4. Custom DSLs
- 16.5. Post Processing Configured Objects
Kotlin Configuration
- 17.1. HttpSecurity
- 17.2. Multiple HttpSecurity
Security Namespace Configuration
- 18.1. Introduction
  - 18.1.1. Design of the Namespace
- 18.2. Getting Started with Security Namespace Configuration
  - 18.2.1. web.xml Configuration
  - 18.2.2. A Minimal <http> Configuration
- 18.3. Advanced Web Features
  - 18.3.1. Adding in Your Own Filters
- 18.4. Method Security
- 18.5. The Default AccessDecisionManager
  - 18.5.1. Customizing the AccessDecisionManager
Testing
- 19.1. Testing Method Security
- 19.2. Spring MVC Test Integration
Spring Security Crypto Module
- 20.1. Introduction
- 20.2. Encryptors
  - 20.2.1. BytesEncryptor
  - 20.2.2. TextEncryptor
- 20.3. Key Generators
  - 20.3.1. BytesKeyGenerator
  - 20.3.2. StringKeyGenerator
- 20.4. Password Encoding
Appendix
Security Database Schema
- 22.1. User Schema
  - 22.1.1. For Oracle database
  - 22.1.2. Group Authorities
- 22.2. Persistent Login (Remember-Me) Schema
- 22.3. ACL Schema
- 22.4. OAuth 2.0 Client Schema
- 22.5. The Security Namespace
- 22.6. Spring Security Dependencies
- 22.7. Spring Security FAQ
WebFlux Security
- 23.1. Minimal WebFlux Security Configuration
- 23.2. Explicit WebFlux Security Configuration
Protection Against Exploits
- 24.1. Cross Site Request Forgery (CSRF) for WebFlux Environments
  - 24.1.1. Using Spring Security CSRF Protection
  - 24.1.2. CSRF Considerations
- 24.2. Security HTTP Response Headers
- 24.3. HTTP
OAuth2 WebFlux
- 25.1. OAuth 2.0 Login
- 25.2. OAuth2 Client
- 25.3. OAuth 2.0 Resource Server
@RegisteredOAuth2AuthorizedClient
Reactive X.509 Authentication
WebClient
- 28.1. WebClient OAuth2 Setup
- 28.2. Implicit OAuth2AuthorizedClient
- 28.3. Explicit OAuth2AuthorizedClient
- 28.4. clientRegistrationId
EnableReactiveMethodSecurity
Reactive Test Support
- 30.1. Testing Reactive Method Security
- 30.2. WebTestClientSupport
RSocket Security
- 31.1. Minimal RSocket Security Configuration
- 31.2. Adding SecuritySocketAcceptorInterceptor
- 31.3. RSocket Authentication
- 31.4. RSocket Authorization

Next :

Prerequisites
스프링 시큐리티에서 요구하는 환경을 설명합니다. 공식 문서에 있는 "prerequisites" 챕터를 한글로 번역한 문서입니다.

토리맘의 한글라이즈 프로젝트

Spring Security

Contents