보라코딩

스프링 시큐리티 기본 설정, 로그인 본문

코딩/Spring

스프링 시큐리티 기본 설정, 로그인

new 보라 2023. 5. 15. 16:44

 

 

pom.xml

 

<dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-core</artifactId>
            <version>5.0.6.RELEASE</version>
        </dependency>
        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-web</artifactId>
            <version>5.0.6.RELEASE</version>
        </dependency>
        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-config</artifactId>
            <version>5.0.6.RELEASE</version>
        </dependency>
        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-taglibs</artifactId>
            <version>5.0.6.RELEASE</version>
        </dependency>

 

 

 

 

 

 

security-context.xml

 

직접 생성

 

 

 

 

 

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">

    <security:http>
<security:form-login />
</security:http>
<security:authentication-manager>
</security:authentication-manager>

</beans>

 

 

 

 

web.xml

 

<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>

<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>

 

 

<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/spring/root-context.xml
/WEB-INF/spring/security-context.xml
</param-value>
</context-param>

 

 

 

 

 여기까지 최소한의 설정

 

security-context.xml

 

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">

<bean id="customAccessDenied"
class="com.mystudy.security.CustomAccessDeniedHandler"></bean>

<security:http>

<security:intercept-url pattern="/sample/all"
access="permitAll" />

<security:intercept-url
pattern="/sample/member" access="hasRole('ROLE_MEMBER')" />

<security:intercept-url pattern="/sample/admin"
access="hasRole('ROLE_ADMIN')" />

<security:access-denied-handler
ref="customAccessDenied" />

<security:form-login login-page="/customLogin" />

</security:http>

<security:authentication-manager>
<security:authentication-provider>
<security:user-service>
<security:user name="member" password="{noop}member"
authorities="ROLE_MEMBER"/>
<security:user name="admin" password="{noop}admin"
authorities="ROLE_MEMBER, ROLE_ADMIN"/>
</security:user-service>
</security:authentication-provider>
</security:authentication-manager>

</beans>

 

 

 

 

sample/member로 들어가면

로그인 화면 만들지 않았는데도 아래와 같이 뜨고

아이디 비밀번호 넣어주면

sample/member 화면으로 이동!

 

 

 

 

로그아웃은 세션 지워주기!

 

 

 

 

 

member 로 로그인하고

admin 접근시 에러페이지!

 

 

 

 

CommonController

 

package com.mystudy.spring3;

import org.springframework.security.core.Authentication;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.GetMapping;

import lombok.extern.log4j.Log4j;

@Controller
@Log4j
public class CommonController {

@GetMapping("/accessError")
public void accessDenied(Authentication auth, Model model) {
log.info("access Denied : " + auth);

model.addAttribute("msg", "Access Denied");
}


  
  @GetMapping("/customLogin") public void loginInput(String error, String
  logout, Model model) {
  
  log.info("error : " + error); log.info("logout : " + logout);
  
  if(error != null) { model.addAttribute("error",
  "Login Error Check Your Account"); }
  
  if(logout != null) { model.addAttribute("logout", "Logout!!"); }
  
  }

}

 

 

 

accessError.jsp

 

<%@ page language="java" contentType="text/html; charset=UTF-8"
    pageEncoding="UTF-8"%>
<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c"%>
<%@ taglib uri="http://www.springframework.org/security/tags"
prefix="sec"%>
<%@ page import="java.util.*"%>

<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>Insert title here</title>
</head>
<body>
<h1>Access Denied Page</h1>
<h2>
<c:out value="${SPRING_SECURITY_403_EXCEPTION.getMessage() }" />
</h2>
<h2>
<c:out value="${msg}" />
</h2>
</body>
</html>

 

 

 

CustomAccessDeniedHandler

 

package com.mystudy.security;

import java.io.IOException;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.web.access.AccessDeniedHandler;

import lombok.extern.log4j.Log4j;

@Log4j
public class CustomAccessDeniedHandler implements AccessDeniedHandler{@Override


public void handle(HttpServletRequest request, HttpServletResponse response,
AccessDeniedException accessDeniedException) throws IOException, ServletException {

log.error("access denied handler");
log.error("Redirect.....");

response.sendRedirect("/accessError");

}

}

 

 

customLogin.jsp

 

<%@ page language="java" contentType="text/html; charset=UTF-8"
    pageEncoding="UTF-8"%>
<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
    
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Insert title here</title>
</head>
<body>
  
  <h1>Custom Login Page</h1>
  <h2><c:out value="${error}"/></h2>
  <h2><c:out value="${logout}"/></h2>
  
  <form method='post' action="/login">
  
  <div>
    <input type='text' name='username' value='admin'>
  </div>
  <div>
    <input type='password' name='password' value='admin'>
  </div>
  <div>
  <div>
    <input type='checkbox' name='remember-me'> Remember Me
  </div>

  <div>
    <input type='submit'>
  </div>
    <input type="hidden" name="${_csrf.parameterName}"
    value="${_csrf.token}" />
  
  </form>
  
</body>
</html>

 

 

 

https://boracoding.tistory.com/164

 

스프링 시큐리티 CSRF 토큰, 로그아웃

admin으로 로그인하면 admin 페이지로 member로 로그인하면 member 페이지로 security-context.xml CustomLoginSuccessHandler.java package com.mystudy.security; import java.io.IOException; import java.util.ArrayList; import java.util.List; im

boracoding.tistory.com

 

'코딩 > Spring' 카테고리의 다른 글

스프링 시큐리티 JDBC 간편인증/권한처리 (BCryptPasswordEncoder 클래스)  (0) 2023.05.15
스프링 시큐리티 CSRF 토큰, 로그아웃  (0) 2023.05.15
스프링 파일 업로드 (ajax)  (0) 2023.05.14
페이징처리, 검색 처리 SQL  (0) 2023.05.12
RestController test (MockMVC)  (0) 2023.05.12
'코딩/Spring' Related Articles more