If you want to see spring security detail description : could ses blog: spring security源码深入剖析
This Project use spring boot + spring mvc + spring security + liquibase + h2 technology.
Functions like below:
- Custom Pre-Auth Filter: When user login into this demo, it will give an Auth token into browser cookies。And when a request come to system, Pre-auth filter will convert token to User authentication info.
- Custom AuthenticationProcessingFilter: you can use AJAX POST {username: 'name', passwoed: 'pwd'} to this filter, and then will login in the system.
- switchUserFilter: A super admin can switch user
- concurrentSessionFilter : One User only can login once.
- sessionManagementFilter : custom sessionManagementFilter
- rememberMeFilter: custom rememberMeFilter
- Force user login function
- dynamic access config
git clone https://github.com/moheqionglin/spring-security-demo.git
mvn clean spring-boot:run
# application url
http://localhost:13103/security-demo/
# h2 web console url: jdbc:h2:mem:test;DB_CLOSE_DELAY=-1 username: sa pwd: sa
http://localhost:13103/security-demo/console
there are five tables
- auth_tokens : Authentication token table
- authorization: access url control config
- persistent_logins: remember me token table
- roles: role table
- users: user table
- users_roles: user role mapping table
There are three user account into database
- ROLE_SUPPER_ADMIN: login username: super_admin@super_admin pwd: super_admin
- ROLE_ADMIN: login username: admin@admin pwd: admin
- ROLE_USER: login username: user@user PWD: user