Spring Security is a powerful and highly customizable authentication and access-control framework. It is the de-facto standard for securing Spring-based applications.
Spring Security is a framework that focuses on providing both authentication and authorization to Java applications. Like all Spring projects, the real power of Spring Security is found in how easily it can be extended to meet custom requirements

简介

Spring Security介绍

总的来说，Spring Security是一个强大的且容易个性化定制，实现认证，授权的权限 框架

功能

认证: 既用户登录
授权: 判断用户有哪些权限，可以访问什么资源

特性

安全防护、跨站请求
非常容易整合Spring

与Shiro安全框架的对比

相同点

1.认证
2.授权
3.加密
4.会话管理
5.缓存支持
6.记住我功能

不同点

优点

1.与Spring天生完美契合
2.Spring Security功能丰富
3.Spring Security社区资源丰富

缺点

1.Shiro配置简单，Spring Security上手较难
2.Shiro依赖性低，不需要任何容器和框架，可以独立运行。Spring Security依赖Spring容器

环境搭建

Spring + Spring Security + Spring Security

SpringBoot + Spring Security