SpringSecurity（三）【默认自动配置分析】

落日映苍穹つ 2024-04-01 10:12 89阅读 0赞

### 三、默认配置分析 ###

--------------------

*  SpringBoot

#### 3.1 基础搭建 ####

1.  创建一个空项目

![在这里插入图片描述][7d9b6bce5a9c4251be20f60339dabb5a.png_pic_center]

*  **设置自动导入**

![在这里插入图片描述][04ffd3777ce3418ba53cf75cc25f63a4.png_pic_center]

1.  在空项目下创建一个SpringBoot模块 **spring-security-01**

![在这里插入图片描述][d5d25021fcd34894b395bfdbfd0c8e58.png_pic_center]

1.  导入相应依赖

<dependencies>
        
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-web</artifactId>
        </dependency>
        
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-security</artifactId>
        </dependency>
    </dependencies>

1.  **application.yml**配置文件

# 端口号
    server:
      port: 3035
    # 服务应用名称
    spring:
      application:
        name: SpringSecurity

1.  编写一个**HelloController.class**

package com.vinjcent.controller;
    
    import org.springframework.web.bind.annotation.RequestMapping;
    import org.springframework.web.bind.annotation.RestController;
    
    @RestController
    public class HelloController {
        
    
        @RequestMapping("/hello")
        public String hello() {
        
            System.out.println("Hello Security");
    
            return "Hello Security";
        }
    }

1.  启动该应用

![在这里插入图片描述][33de40f771e84c7e8e5521d9415644b7.png_pic_center]

可以在控制台看到有一串UUID字符打印出来

1.  访问 /hello 接口

![在这里插入图片描述][dc0a2880200c4d4cb1fa1505caa84622.png_pic_center]

*  默认用户名为：user
 *  默认密码为：控制台打印的uuid

> 疑问

*  为什么引入 Spring Security 依赖之后，在没有做任何配置前提下，所有请求都要认证？
 *  在项目中明明没有登录界面，`登录界面`如何而来？
 *  为什么使用`user`和`控制台密码`能登陆，登陆时验证数据源存在哪里？

![在这里插入图片描述][fbb8be0c42724011a0c2bb91198da5ca.png_pic_center]

#### 3.2 实现原理 ####

**官方文档**：[https://docs.spring.io/spring-security/site/docs/5.5.8/reference/html5/\#servlet-architecture][https_docs.spring.io_spring-security_site_docs_5.5.8_reference_html5_servlet-architecture]

*  在 Spring Security 中`认证、授权`等功能都是基于**过滤器**完成的

![在这里插入图片描述][d036e2ed6c5c48f4a7cb560536646f45.png_pic_center]

![在这里插入图片描述][7d89829220c44a7e992a932c1cf076fc.png_pic_center]

*  **DelegatingFilterProxy**

Spring provides a `Filter` implementation named [`DelegatingFilterProxy`][DelegatingFilterProxy] that allows bridging between the Servlet container’s lifecycle and Spring’s `ApplicationContext`. The Servlet container allows registering `Filter`s using its own standards, but it is not aware of Spring defined Beans. `DelegatingFilterProxy` can be registered via standard Servlet container mechanisms, but delegate all the work to a Spring Bean that implements `Filter`

*  **翻译**

Spring 提供了一个`Filter`名为的实现[`DelegatingFilterProxy`][DelegatingFilterProxy]，它允许在 Servlet 容器的生命周期和 Spring 的`ApplicationContext`. Servlet 容器允许`Filter`使用自己的标准注册，但它不知道 Spring 定义的 Bean。 `DelegatingFilterProxy`可以通过标准 Servlet 容器机制注册，但将所有工作委托给实现`Filter`

*  **FilterChainProxy**

Spring Security’s Servlet support is contained within `FilterChainProxy`. `FilterChainProxy` is a special `Filter` provided by Spring Security that allows delegating to many `Filter` instances through [`SecurityFilterChain`][SecurityFilterChain]. Since `FilterChainProxy` is a Bean, it is typically wrapped in a [DelegatingFilterProxy][DelegatingFilterProxy 1] `Filter Filter`[`SecurityFilterChain`][SecurityFilterChain]`FilterChainProxy`

*  **翻译**

Spring Security 的 Servlet 支持包含在`FilterChainProxy`. 是Spring Security 提供的`FilterChainProxy`一个特殊功能，它允许通过. 由于是一个 Bean，它通常被包装在一个[DelegatingFilterProxy][DelegatingFilterProxy 1]中。`Filter Filter`[`SecurityFilterChain`][SecurityFilterChain]`FilterChainProxy`

*  **SecurityFilterChain**

[`SecurityFilterChain`][SecurityFilterChain 1] is used by [FilterChainProxy][] to determine which Spring Security `Filter`s should be invoked for this request.

*  **翻译**

[`SecurityFilterChain`][SecurityFilterChain 1][FilterChainProxy][]使用它来确定`Filter`应该为此请求调用哪些 Spring Security

需要注意的是，默认过滤器并不是直接放在 Web 项目的原生过滤器链中，而是通过一个 FliterChainProxy 来统一管理。Spring Security 中的过滤器链通过 FliterChainProxy 嵌入到 Web 项目的原生过滤器链中。FilterChainProxy 作为一个顶层的管理者，将统一管理 Security Filter。FilterChainProxy 本身是通过 Spring 框架提供的 DelegatingFilterProxy 整合到原生的过滤器链中

#### 3.3 内置Filter以及默认加载Filter ####

以下高亮的过滤器均为默认加载的过滤器

<table> 
 <thead> 
  <tr> 
   <th align="center">过滤器</th> 
   <th align="center">过滤器作用</th> 
   <th align="center">是否默认加载</th> 
  </tr> 
 </thead> 
 <tbody> 
  <tr> 
   <td align="center">ChannelProcessingFilter</td> 
   <td align="center">过滤请求协议HTTP、HTTPS</td> 
   <td align="center">NO</td> 
  </tr> 
  <tr> 
   <td align="center"><code>WebAsyncManagerIntegrationFilter</code></td> 
   <td align="center">将 WebAsyncManager 与 SpringSecurity 上下文进行集成</td> 
   <td align="center">YES</td> 
  </tr> 
  <tr> 
   <td align="center"><code>SecurityContextPersistenceFilter</code></td> 
   <td align="center">在处理请求之前，将安全信息加载到 SecurityContextHolder 中</td> 
   <td align="center">YES</td> 
  </tr> 
  <tr> 
   <td align="center"><code>HeaderWriterFilter</code></td> 
   <td align="center">处理头信息加入响应中</td> 
   <td align="center">YES</td> 
  </tr> 
  <tr> 
   <td align="center">CorsFilter</td> 
   <td align="center">处理跨域问题</td> 
   <td align="center">NO</td> 
  </tr> 
  <tr> 
   <td align="center"><code>CsrfFilter</code></td> 
   <td align="center">处理 CSRF 攻击</td> 
   <td align="center">YES</td> 
  </tr> 
  <tr> 
   <td align="center"><code>LogoutFilter</code></td> 
   <td align="center">处理注销登录</td> 
   <td align="center">YES</td> 
  </tr> 
  <tr> 
   <td align="center">OAuth2AuthorizationRequestRedirectFilter</td> 
   <td align="center">处理 OAuth2 认证重定向</td> 
   <td align="center">NO</td> 
  </tr> 
  <tr> 
   <td align="center">Saml2WebSsoAuthenticationRequestFilter</td> 
   <td align="center">处理 SAML 认证请求</td> 
   <td align="center">NO</td> 
  </tr> 
  <tr> 
   <td align="center">X509AuthenticationFilter</td> 
   <td align="center">处理 X509 认证</td> 
   <td align="center">NO</td> 
  </tr> 
  <tr> 
   <td align="center">AbstractPreAuthenticatedProcessingFilter</td> 
   <td align="center">处理预认证问题</td> 
   <td align="center">NO</td> 
  </tr> 
  <tr> 
   <td align="center">CasAuthenticationFilter</td> 
   <td align="center">处理 CAS 单点登录</td> 
   <td align="center">NO</td> 
  </tr> 
  <tr> 
   <td align="center">OAuth2LoginAuthenticationFilter</td> 
   <td align="center">处理 OAuth2 认证</td> 
   <td align="center">NO</td> 
  </tr> 
  <tr> 
   <td align="center">Saml2WebSsoAuthenticationFilter</td> 
   <td align="center">处理 SAML 认证</td> 
   <td align="center">NO</td> 
  </tr> 
  <tr> 
   <td align="center"><code>UsernamePasswordAuthenticationFilter</code></td> 
   <td align="center">处理表单登录</td> 
   <td align="center">YES</td> 
  </tr> 
  <tr> 
   <td align="center">OpenIDAuthenticationFilter</td> 
   <td align="center">处理 OpenID 认证</td> 
   <td align="center">NO</td> 
  </tr> 
  <tr> 
   <td align="center"><code>DefaultLoginPageGeneratingFilter</code></td> 
   <td align="center">配置默认登录页面</td> 
   <td align="center">YES</td> 
  </tr> 
  <tr> 
   <td align="center"><code>DefaultLogoutPageGeneratingFilter</code></td> 
   <td align="center">配置默认注销页面</td> 
   <td align="center">YES</td> 
  </tr> 
  <tr> 
   <td align="center">ConcurrentSessionFilter</td> 
   <td align="center">处理 Session 有效期</td> 
   <td align="center">NO</td> 
  </tr> 
  <tr> 
   <td align="center">DigestAuthenticationFilter</td> 
   <td align="center">处理 HTTP 摘要认证</td> 
   <td align="center">NO</td> 
  </tr> 
  <tr> 
   <td align="center">BearerTokenAuthenticationFilter</td> 
   <td align="center">处理 OAuth2 认证的 Access Token</td> 
   <td align="center">NO</td> 
  </tr> 
  <tr> 
   <td align="center"><code>BasicAuthenticationFilter</code></td> 
   <td align="center">处理 HttpBasic 登录</td> 
   <td align="center">YES</td> 
  </tr> 
  <tr> 
   <td align="center"><code>RequestCacheAwareFilter</code></td> 
   <td align="center">处理请求缓存</td> 
   <td align="center">YES</td> 
  </tr> 
  <tr> 
   <td align="center"><code>SecurityContextHolderAwareRequestFilter</code></td> 
   <td align="center">包装原始请求</td> 
   <td align="center">YES</td> 
  </tr> 
  <tr> 
   <td align="center">JaasApiIntegrationFilter</td> 
   <td align="center">处理 JAAS 认证</td> 
   <td align="center">NO</td> 
  </tr> 
  <tr> 
   <td align="center">RememberMeAuthenticationFilter</td> 
   <td align="center">处理 RememberMe 登录</td> 
   <td align="center">NO</td> 
  </tr> 
  <tr> 
   <td align="center"><code>AnonymousAuthenticationFilter</code></td> 
   <td align="center">配置匿名认证</td> 
   <td align="center">YES</td> 
  </tr> 
  <tr> 
   <td align="center">OAuth2AuthorizationCodeGrantFilter</td> 
   <td align="center">处理 OAuth2 认证中授权码</td> 
   <td align="center">NO</td> 
  </tr> 
  <tr> 
   <td align="center"><code>SessionManagementFilter</code></td> 
   <td align="center">处理 Session 并发问题</td> 
   <td align="center">YES</td> 
  </tr> 
  <tr> 
   <td align="center"><code>ExceptionTranslationFilter</code></td> 
   <td align="center">处理认证/授权中的异常</td> 
   <td align="center">YES</td> 
  </tr> 
  <tr> 
   <td align="center"><code>FilterSecurityInterceptor</code></td> 
   <td align="center">处理授权相关</td> 
   <td align="center">YES</td> 
  </tr> 
  <tr> 
   <td align="center">SwitchUserFilter</td> 
   <td align="center">处理账户切换</td> 
   <td align="center">NO</td> 
  </tr> 
 </tbody> 
</table>

可以看出，Spring Security 提供了 30 多个过滤器。默认情况下 Spring Boot 在对 Spring Security 进入自动化配置时，会创建一个名为 SpringSecurityFilterChain 的过滤器链，并注入到 Spring 容器中，这个过滤器将负责所有的安全管理，包括认证、授权、重定向到登陆页面等…具体可以参考 WebSecurityConfiguration 的源码

![在这里插入图片描述][c479014f0a6240ce911c2012afbf1974.png_pic_center]

![在这里插入图片描述][fcfb8f12a6f24cd490d22aca0dfd36b9.png_pic_center]

#### 3.4 自动配置分析 ####

**官网介绍**：[https://docs.spring.io/spring-security/site/docs/5.5.8/reference/html5/\#servlet-hello-auto-configuration][https_docs.spring.io_spring-security_site_docs_5.5.8_reference_html5_servlet-hello-auto-configuration]

> Spring Boot Auto Configuration

Enables Spring Security’s default configuration, which creates a servlet `Filter` as a bean named `springSecurityFilterChain`. This bean is responsible for all the security (protecting the application URLs, validating submitted username and passwords, redirecting to the log in form, and so on) within your application

*  **翻译**

启用 Spring Security 的默认配置，该配置将 servlet 创建`Filter`为名为 的 bean `springSecurityFilterChain`。此 bean 负责应用程序中的所有安全性（保护应用程序 URL、验证提交的用户名和密码、重定向到登录表单等）

**SpringBootWebSecurityConfiguration**，这个类是 SpringBoot 自动配置类，通过这个源码得知，默认情况下对所有请求进行权限控制

@Configuration(
        proxyBeanMethods = false
    )
    @ConditionalOnDefaultWebSecurity
    @ConditionalOnWebApplication(
        type = Type.SERVLET
    )
    class SpringBootWebSecurityConfiguration {
        
        SpringBootWebSecurityConfiguration() {
        
        }
    
        @Bean
        @Order(2147483642)
        SecurityFilterChain defaultSecurityFilterChain(HttpSecurity http) throws Exception {
        
            ((HttpSecurity)((HttpSecurity)((AuthorizedUrl)http.authorizeRequests().anyRequest()).authenticated().and()).formLogin().and()).httpBasic();
            // 表示对http所有请求认证之后才能访问,同时支持表单认证和httpBasic认证(弹框)
            return (SecurityFilterChain)http.build();
        }
    }

这就是为什么请求被拦截的原因

通过上面对自动配置分析，我们也能看出默认生效条件为`@ConditionalOnDefaultWebSecurity`

class DefaultWebSecurityCondition extends AllNestedConditions {
        
        DefaultWebSecurityCondition() {
        
            super(ConfigurationPhase.REGISTER_BEAN);
        }
    
        @ConditionalOnMissingBean({
        WebSecurityConfigurerAdapter.class, SecurityFilterChain.class})
        static class Beans {
        
            Beans() {
        
            }
        }
    
        @ConditionalOnClass({
        SecurityFilterChain.class, HttpSecurity.class})
        static class Classes {
        
            Classes() {
        
            }
        }
    }

*  ***条件一***： classpath 中存在 **SecurityFilterChain.class**，**HttpSecurity.class**
 *  ***条件二***：没有自定义 **WebSecurityConfigurerAdapter.class**，**SecurityFilterChain.class**

默认条件下都是满足的，**WebSecurityConfigurerAdapter.class** 这个类极其重要的，Spring Security 核心配置都在这个类中

![在这里插入图片描述][c5c6bd9b8fa3478ab2fd45750068bb49.png_pic_center]

#### 3.5 生成默认登录页面 ####

> 流程分析

![在这里插入图片描述][f79a47badb164032bad064b90b4278a5.png_pic_center]

1.  请求 /hello 接口，在引入 Spring Security 之后会先经过一些过滤器
2.  在请求到达 FliterSecurityInterceptor时，发现请求并未认证。请求拦截下来，并抛出异常 **AccessDeniedException** 异常
3.  抛出 **AccessDeniedException** 异常会被 **ExceptionTranslationFilter** 捕获，这个 Filter 中会调用 **LoginUrlAuthenticationEntryPoint** 的方法commence给客户端返回 302，要求客户端进行重定向到 /login 页面
4.  客户端发送 /login 请求
5.  /login 请求会再次被拦截器中 **DefaultLoginPageGeneratingFilter** 拦截到，并在拦截器中返回生成登录页面

*  **默认拼接的html**

![在这里插入图片描述][ebf2f0485cd24e858443f8363f0adf40.png_pic_center]

就是通过这种方式，Spring Security 默认过滤器中生成了登陆页面，并返回

#### 3.6 默认用户的生成 ####

1.  查看 SpringBootWebSecurityConfiguration\#**defaultSecurityFilterChain**()函数

![在这里插入图片描述][589f6c87c8e844f4acf2d282599e9013.png_pic_center]

1.  处理登录通过 **FormLoginConfigurer** 类中的 **UsernamePasswordAuthenticationFilter** 这个类

![在这里插入图片描述][86e43398d3e64fba95dc93876944726d.png_pic_center]

1.  查看类中 UsernamePasswordAuthenticationFilter\#**attemptAuthentication** 方法得知实际调用 **AuthenticationManager** 中的 **authenticate**() 方法

![在这里插入图片描述][6b721841afe844d0b5e685e7f475e54d.png_pic_center]

1.  调用 **ProviderManager** 类中方法 **authenticate**

![在这里插入图片描述][32921db80f714e2d8fdc2e5e73e51860.png_pic_center]

1.  调用了 **ProviderManager** 实现类中 **AbstractUserDetailsAuthenticationProvider** 类中的 **authenticate**()方法

![在这里插入图片描述][cdcc7e28d497486697872250f20f1d66.png_pic_center]

1.  最终调用实现类 **DaoAuthenticationProvider** 类中方法比较

![在这里插入图片描述][cc55c22710af47aa98082a838b2cafaf.png_pic_center]

![在这里插入图片描述][bd5c7f63cbb148aa9948fccbdfd7a095.png_pic_center]

看到这里就知道默认实现是基于 InMemoryUserDetailsManager 这个类，也就是内存的实现

> UserDetailsService

通过刚才源码分析也能得知 **UserDetailsService** 是顶层父接口，接口中 **loadUserByUsername** 方法 是用来在认证时进行用户名认证方法，默认实现方式是使用内存，如果想要修改数据库实现，只需要自定义 UserDetailsService 实现，返回 UserDetails 实例即可

public interface UserDetailsService {
        
        UserDetails loadUserByUsername(String username) throws UsernameNotFoundException;
    }

![在这里插入图片描述][ad5225f7aca746adb16ebf71b157cecc.png_pic_center]

> UserDetailsServiceAutoConfiguration（登录数据源）

*  **关键代码**

@Configuration(
        proxyBeanMethods = false
    )
    @ConditionalOnClass({
        AuthenticationManager.class})
    @ConditionalOnBean({
        ObjectPostProcessor.class})
    @ConditionalOnMissingBean(
        value = {
        AuthenticationManager.class, AuthenticationProvider.class, UserDetailsService.class, AuthenticationManagerResolver.class},
        type = {
        "org.springframework.security.oauth2.jwt.JwtDecoder", "org.springframework.security.oauth2.server.resource.introspection.OpaqueTokenIntrospector", "org.springframework.security.oauth2.client.registration.ClientRegistrationRepository"}
    )
    public class UserDetailsServiceAutoConfiguration {
        
    	
        public UserDetailsServiceAutoConfiguration() {
        
        }
    
        @Bean
        @Lazy
        public InMemoryUserDetailsManager inMemoryUserDetailsManager(SecurityProperties properties, ObjectProvider<PasswordEncoder> passwordEncoder) {
        
            User user = properties.getUser();
            List<String> roles = user.getRoles();
            return new InMemoryUserDetailsManager(new UserDetails[]{
        org.springframework.security.core.userdetails.User.withUsername(user.getName()).password(this.getOrDeducePassword(user, (PasswordEncoder)passwordEncoder.getIfAvailable())).roles(StringUtils.toStringArray(roles)).build()});
        }
    }

**结论**

*  从自动装配源码中得知 calsspath 下存在 **AuthenticationManager** 类
 *  项目中，系统没有提供 **AuthenticationManager.class、AuthenticationProvider.class、UserDetailsService.class、AuthenticationManagerResolver.class** 实例

默认情况下都会满足，此时 Spring Security 会提供一个 **InMemoryUserDetailsManager** 实例

![在这里插入图片描述][155fde07c16249f8900ccf768852c66e.png_pic_center]

@ConfigurationProperties(
        prefix = "spring.security"
    )
    public class SecurityProperties {
        
    
        private final SecurityProperties.User user = new SecurityProperties.User();
    
        public SecurityProperties.User getUser() {
        
            return this.user;
        }
    
    
        public static class User {
        
            private String name = "user";
            private String password = UUID.randomUUID().toString();
            private List<String> roles = new ArrayList();
            private boolean passwordGenerated = true;
    
            public User() {
        
            }        
    }

![在这里插入图片描述][e25007ddd8b6406e9f178084c78c878f.png_pic_center]

![在这里插入图片描述][2e7e1d4c4d6445a4a3e2eb2275203283.png_pic_center]

这就是默认生成 user 以及 uuid 密码过程，另外在了解清楚之后，如果需要自定义用户名、密码、角色等，可以在配置文件中加入以下配置进行覆盖即可

spring.security.user.name=root
    spring.security.user.password=root
    spring.security.user.roles=admin,users

#### 3.7 总结 ####

*  **AuthenticationManager**、**ProviderManager** 以及 **AuthenticationProvider** 关系

![在这里插入图片描述][8674ca8e0f31473fb05b4ac9aa6a5af5.png_pic_center]

*  **WebSecurityConfigurerAdapter** 扩展 SpringSecurity 所有默认配置

![在这里插入图片描述][613f7745a0574a119a12b71a7013d937.png_pic_center]

*  **UserDetailService** 用来修改默认认证的数据源信息

![在这里插入图片描述][451e17ffaea647e5967720244e7ebca7.png_pic_center]

[7d9b6bce5a9c4251be20f60339dabb5a.png_pic_center]: https://image.dandelioncloud.cn/pgy_files/images/2024/04/01/598e796c687c4be5bc890a9053b2785b.png
[04ffd3777ce3418ba53cf75cc25f63a4.png_pic_center]: https://image.dandelioncloud.cn/pgy_files/images/2024/04/01/23adc453592140b4bf1d26a0bef5eab7.png
[d5d25021fcd34894b395bfdbfd0c8e58.png_pic_center]: https://image.dandelioncloud.cn/pgy_files/images/2024/04/01/fe6e3d0cbe504e5380c15f013b62157e.png
[33de40f771e84c7e8e5521d9415644b7.png_pic_center]: https://image.dandelioncloud.cn/pgy_files/images/2024/04/01/6c593d0102614a429259073b623f0274.png
[dc0a2880200c4d4cb1fa1505caa84622.png_pic_center]: https://image.dandelioncloud.cn/pgy_files/images/2024/04/01/2dca258960c14283b2abfca63fbfd653.png
[fbb8be0c42724011a0c2bb91198da5ca.png_pic_center]: https://image.dandelioncloud.cn/pgy_files/images/2024/04/01/b12ca46c69984018ba13dd0029c703a3.png
[https_docs.spring.io_spring-security_site_docs_5.5.8_reference_html5_servlet-architecture]: https://docs.spring.io/spring-security/site/docs/5.5.8/reference/html5/#servlet-architecture
[d036e2ed6c5c48f4a7cb560536646f45.png_pic_center]: https://image.dandelioncloud.cn/pgy_files/images/2024/04/01/238170fb063942d896c00db820d7495a.png
[7d89829220c44a7e992a932c1cf076fc.png_pic_center]: https://image.dandelioncloud.cn/pgy_files/images/2024/04/01/5a30ff71a7f64c7e92c679226863be72.png
[DelegatingFilterProxy]: https://docs.spring.io/spring-framework/docs/5.3.20/javadoc-api/org/springframework/web/filter/DelegatingFilterProxy.html
[SecurityFilterChain]: https://docs.spring.io/spring-security/site/docs/5.5.8/reference/html5/#servlet-securityfilterchain
[DelegatingFilterProxy 1]: https://docs.spring.io/spring-security/site/docs/5.5.8/reference/html5/#servlet-delegatingfilterproxy
[SecurityFilterChain 1]: https://docs.spring.io/spring-security/site/docs/5.5.4/api/org/springframework/security/web/SecurityFilterChain.html
[FilterChainProxy]: https://docs.spring.io/spring-security/site/docs/5.5.4/reference/html5/#servlet-filterchainproxy
[c479014f0a6240ce911c2012afbf1974.png_pic_center]: https://image.dandelioncloud.cn/pgy_files/images/2024/04/01/116cdbfe8aa44ae89c94bdf1580170c6.png
[fcfb8f12a6f24cd490d22aca0dfd36b9.png_pic_center]: https://image.dandelioncloud.cn/pgy_files/images/2024/04/01/36184e69d6ae4165b56910467a1646ee.png
[https_docs.spring.io_spring-security_site_docs_5.5.8_reference_html5_servlet-hello-auto-configuration]: https://docs.spring.io/spring-security/site/docs/5.5.8/reference/html5/#servlet-hello-auto-configuration
[c5c6bd9b8fa3478ab2fd45750068bb49.png_pic_center]: https://image.dandelioncloud.cn/pgy_files/images/2024/04/01/fd376e5fa40743b4bcc49cf7237d7a85.png
[f79a47badb164032bad064b90b4278a5.png_pic_center]: https://image.dandelioncloud.cn/pgy_files/images/2024/04/01/01a9264d46014d688dca78002f924f2d.png
[ebf2f0485cd24e858443f8363f0adf40.png_pic_center]: https://image.dandelioncloud.cn/pgy_files/images/2024/04/01/c17e74208bd84b4981a535cf7bf7b84d.png
[589f6c87c8e844f4acf2d282599e9013.png_pic_center]: https://image.dandelioncloud.cn/pgy_files/images/2024/04/01/c94eac6d55c9433da2a0992171fe1a36.png
[86e43398d3e64fba95dc93876944726d.png_pic_center]: https://image.dandelioncloud.cn/pgy_files/images/2024/04/01/b960b83334d84b4db43464f54459b155.png
[6b721841afe844d0b5e685e7f475e54d.png_pic_center]: https://image.dandelioncloud.cn/pgy_files/images/2024/04/01/b2e2d127169841c5b01254e74616e4d3.png
[32921db80f714e2d8fdc2e5e73e51860.png_pic_center]: https://image.dandelioncloud.cn/pgy_files/images/2024/04/01/9d59a55ea00f4cafb5d59f603d02c518.png
[cdcc7e28d497486697872250f20f1d66.png_pic_center]: https://image.dandelioncloud.cn/pgy_files/images/2024/04/01/731e39a0b70b4ff1a4863f567719fa66.png
[cc55c22710af47aa98082a838b2cafaf.png_pic_center]: https://image.dandelioncloud.cn/pgy_files/images/2024/04/01/6fdbf16185dd49e5922699356ba7aeca.png
[bd5c7f63cbb148aa9948fccbdfd7a095.png_pic_center]: https://image.dandelioncloud.cn/pgy_files/images/2024/04/01/7116a703869a4456a531e82951c39460.png
[ad5225f7aca746adb16ebf71b157cecc.png_pic_center]: https://image.dandelioncloud.cn/pgy_files/images/2024/04/01/caf26c717969484c859bab41e10283c0.png
[155fde07c16249f8900ccf768852c66e.png_pic_center]: https://image.dandelioncloud.cn/pgy_files/images/2024/04/01/d87610c19c48415fb2eba3fe3c612226.png
[e25007ddd8b6406e9f178084c78c878f.png_pic_center]: https://image.dandelioncloud.cn/pgy_files/images/2024/04/01/917bba87ca284bc694a01646c515abaa.png
[2e7e1d4c4d6445a4a3e2eb2275203283.png_pic_center]: https://image.dandelioncloud.cn/pgy_files/images/2024/04/01/31f0b08f07e84d15be0f78cf28c7bf34.png
[8674ca8e0f31473fb05b4ac9aa6a5af5.png_pic_center]: https://image.dandelioncloud.cn/pgy_files/images/2024/04/01/950df6a718ec42899072a60266ddb3e0.png
[613f7745a0574a119a12b71a7013d937.png_pic_center]: https://image.dandelioncloud.cn/pgy_files/images/2024/04/01/5bc4fb9e7bc8482399e68d26446702b7.png
[451e17ffaea647e5967720244e7ebca7.png_pic_center]: https://image.dandelioncloud.cn/pgy_files/images/2024/04/01/3a0aed9c322f48709fd2487c3cab9260.png