中文摘要：

OAuth2.0是一个开放标准的第三方授权协议,允许用户授权第三方平台获取在某一网站上存储的用户个人资源,而无需将用户名和密码提供给第三方平台。这个协议的主要作用就是定义了一个标准协议,允许一个Web或APP在用户授权下访问用户的隐私数据而无须了解用户的账号信息,这些数据可以存储在诸如微信、支付宝中。Spring Security For OAuth 2.0为OAuth2.0的软件实现提供了一个开源Java库,广泛用于基于Spring框架的Web站点上,与Spring Security框架无缝衔接,易于Web后端服务器的升级,简化了基于Web的OAuth2.0协议的开发。文中分析了OAuth2.0协议细则以及关键流程,重点阐述了Spring Security For OAuth 2.0的优点、应用以及服务器配置,并以此为基础快速构建OAuth2.0服务器软件平台。该协议库具有易于使用、易于维护与使用安全等特点,目前已经广泛应用在互联网以及金融等领域。

英文摘要：

OAuth2.0 is a third party authorization protocol of open standard,and allows the user to authorize a third party to obtain a user＇ s personal resources stored on a Web site without having to provide the user name and password to a third party platform. The main role of this agreement is to define a standard protocol that allows a Web or APP access the private data of the user in the case of author- ized, and the data can be stored in areas such as Alipay and WeChat. Spring Security For OAuth 2.0 provides an open source Java library for OAuth2.0 implementations widely used in Web sites based on the Spring framework and Spring Security framework for seamless, easy to upgrade for Web back-end, simplification of the development of Web-based OAuth 2.0. The OAuth2.0 protocol rules as well as the key process are analyzed, and the Spring Security For OAuth 2.0 advantages, applications and server configuration are described, and as a foundation to quickly build the OAuth2.0 server software platform. The protocol library has features of easy to use, easy to maintain and use security, now widely used in the Internet, as well as financial and other fields.