스프링 시큐리티 자동 로그인(remember-me)

DB 테이블 생성

CREATE TABLE PERSISTENT_LOGINS(
    USERNAME VARCHAR2(64) NOT NULL,
    SERIES VARCHAR2(64) PRIMARY KEY,
    TOKEN VARCHAR2(64) NOT NULL,
    LAST_USED TIMESTAMP NOT NULL
);

 

 

 

security-context.xml

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">

<bean id="customAccessDenied"
class="com.mystudy.security.CustomAccessDeniedHandler"></bean>

<bean id="customLoginSuccess"
class="com.mystudy.security.CustomLoginSuccessHandler"></bean>

<!--  <bean id="customPasswordEncoder" 
class="com.mystudy.security.CustomNoOpPasswordEncoder"></bean> -->

<bean id="bcryptPasswordEncoder"
class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder" />

<bean id="customUserDetailsService"
class="com.mystudy.security.CustomUserDetailsService" />


<security:http>

<security:intercept-url pattern="/sample/all"
access="permitAll" />

<security:intercept-url
pattern="/sample/member" access="hasRole('ROLE_MEMBER')" />

<security:intercept-url pattern="/sample/admin"
access="hasRole('ROLE_ADMIN')" />

<security:access-denied-handler
ref="customAccessDenied" />

<security:form-login login-page="/customLogin"
authentication-success-handler-ref="customLoginSuccess" />

<security:logout logout-url="/customLogout"
invalidate-session="true" />

<security:remember-me
data-source-ref="dataSource" token-validity-seconds="604800" />

</security:http>





<security:authentication-manager>
<security:authentication-provider 
user-service-ref="customUserDetailsService" >

 <security:password-encoder ref="bcryptPasswordEncoder" />

</security:authentication-provider>
</security:authentication-manager>

</beans>

 

 

 

customLogin.jsp

 

<%@ page language="java" contentType="text/html; charset=UTF-8"
    pageEncoding="UTF-8"%>
<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
    
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Insert title here</title>
</head>
<body>
  
  <h1>Custom Login Page</h1>
  <h2><c:out value="${error}"/></h2>
  <h2><c:out value="${logout}"/></h2>
  
  <form method='post' action="/login">
  
  <div>
    <input type='text' name='username' value='admin'>
  </div>
  <div>
    <input type='password' name='password' value='admin'>
  </div>
 
  <div>
    <input type='checkbox' name='remember-me'> Remember Me
  </div>

  <div>
    <input type='submit'>
  </div>
    <input type="hidden" name="${_csrf.parameterName}"
    value="${_csrf.token}" />
  
  </form>
  
</body>
</html>

 

 

 

 

 

 

로그인하면

 

 

remember-me가 생성됨

 

 

remember-me 쿠키는 유효기간이 있다.

브라우저 완전 종료 후 로그인됨.

 

 

 

 

 

 

로그아웃 시 쿠키 삭제

security-context.xml

 

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">

<bean id="customAccessDenied"
class="com.mystudy.security.CustomAccessDeniedHandler"></bean>

<bean id="customLoginSuccess"
class="com.mystudy.security.CustomLoginSuccessHandler"></bean>

<!--  <bean id="customPasswordEncoder" 
class="com.mystudy.security.CustomNoOpPasswordEncoder"></bean> -->

<bean id="bcryptPasswordEncoder"
class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder" />

<bean id="customUserDetailsService"
class="com.mystudy.security.CustomUserDetailsService" />


<security:http>

<security:intercept-url pattern="/sample/all"
access="permitAll" />

<security:intercept-url
pattern="/sample/member" access="hasRole('ROLE_MEMBER')" />

<security:intercept-url pattern="/sample/admin"
access="hasRole('ROLE_ADMIN')" />

<security:access-denied-handler
ref="customAccessDenied" />

<security:form-login login-page="/customLogin"
authentication-success-handler-ref="customLoginSuccess" />

<security:logout logout-url="/customLogout"
invalidate-session="true" />

<security:remember-me
data-source-ref="dataSource" token-validity-seconds="604800" />

<security:logout logout-url="/customLogout"
invalidate-session="true" delete-cookies="remember-me,JSESSION_ID" />

</security:http>





<security:authentication-manager>
<security:authentication-provider 
user-service-ref="customUserDetailsService" >

 <security:password-encoder ref="bcryptPasswordEncoder" />
 
 
 
<!-- <security:jdbc-user-service data-source-ref="dataSource" /> -->

<!--   <security:jdbc-user-service data-source-ref="dataSource" 
users-by-username-query="select userid , 
userpw, enabled from tbl_member where userid = ? " 
authorities-by-username-query="select 
userid, auth from tbl_member_auth where userid = ? " /> -->  

 
<!-- <security:password-encoder ref="customPasswordEncoder" /> -->
 
<!--  <security:user-service>
<security:user name="member" password="{noop}member"
authorities="ROLE_MEMBER"/>
<security:user name="admin" password="{noop}admin"
authorities="ROLE_MEMBER, ROLE_ADMIN"/>
</security:user-service> -->

</security:authentication-provider>
</security:authentication-manager>

</beans>

ex06.zip

0.05MB