「Spring Security in Action」读书笔记

Java专家Laurentiu Spilca于2020年出版了「Spring Security in Action」一书。

这本书以Spring Boot v2.3.0和Java 11版本为基础。

根据Manning Publications官方和Amazon上的讯息，他将于2024年4月出版本书第二版。

虽然我没有第二版的书，但是读一下2020年版的应该不会太过时。

这篇博文记录书中的摘录、我的笔记和感想。

Spring Security is a framework that belongs to application-level security.

Application-level security refers to everything that an application should do to protect the environment it executes in, as well as the data it processes and stores. Mind that this isn’t only about the data affected and used by the application. An application might contain vulnerabilities that allow a malicious individual to affect the entire system!

Through authentication, an application identifies a user (a person or another application). The purpose of identifying these is to be able to decide afterward what they should be allowed to do—that’s authorization.