# security

#### OAuth2的主要概念

1. **资源所有者（Resource Owner）**：通常是用户，拥有资源并能授权第三方应用访问其资源。
2. **客户端（Client）**：需要访问资源的应用程序，它代表用户发起请求。
3. **资源服务器（Resource Server）**：存储资源的服务器，负责验证访问令牌并提供资源。
4. **授权服务器（Authorization Server）**：颁发访问令牌的服务器，负责用户认证和授权。
5. **访问令牌（Access Token）**：客户端用来访问资源的令牌，具有一定的有效期和权限。

#### OAuth2的流程

1. **用户授权（Authorization Grant）**：用户向客户端授予访问资源的权限。
2. **授权码（Authorization Code）**：客户端从授权服务器获取授权码。
3. **访问令牌（Access Token）**：客户端使用授权码向授权服务器请求访问令牌。
4. **资源访问（API Request）**：客户端使用访问令牌访问资源服务器上的受保护资源。


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://jiuyou2020.gitbook.io/java/security.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.