ÃֽŠ°Ô½Ã±Û(JAVA)
2018.07.30 / 10:28
Spring boot Security : 1. ¼³Ä¡ ¹× ÆäÀÌÁö ¼³Á¤
summerman
Ãßõ ¼ö 222
Spring boot Security ½Ã¸®Áî
1. ¼³Ä¡ ¹× ÆäÀÌÁö ¼³Á¤
- https://gs.saro.me/#!m=elec&jn=790
2. ÀÎÁõ·ÎÁ÷À» ¸¸µé¾îº¸ÀÚ.
- https://gs.saro.me/#!m=elec&jn=791
3. ÀÎÁõ·ÎÁ÷ - ÀáÀçÀû À§Çè
- https://gs.saro.me/#!m=elec&jn=792
4. ÀÎÁõ ÆäÀÌÁöºä
- https://gs.saro.me/#!m=elec&jn=793
5. ȸ¿ø°¡ÀÔ
- https://gs.saro.me/#!m=elec&jn=794
ºÎ·Ï : Spring Security login (¼º°ø / ½ÇÆÐ) À̺¥Æ® ¸®½º³Ê
- https://gs.saro.me/#!m=elec&jn=825
¼·Ð
»ç½Ç ÇÊÀÚ´Â ½ºÇÁ¸µ ºÎÆ® ½ÃÅ¥¸®Æ¼°¡ À¯¿ëÇÑÁö Àß ¸ð¸£°Ú½À´Ï´Ù.
¾ÆÁ÷ ¾È½áºÁ¼ ±×·±Áöµµ ¸ð¸£ÁÒ.. ÇÏÇÏ... ±×·¡¼!!
Á÷Á¢ ½áº» ÈÄ Ã¼°¨ÇÏ°í ÆÇ´ÜÇϱâ À§Çؼ ¼³Ä¡Çغ¸¾Ò½À´Ï´Ù.
(°ú¿¬.. »ý°¢ÀÌ ¹Ù²ð°ÍÀΰ¡.!!)
¸ÞÀÌºì ¼³Á¤¾ÛÀ» ´Ù½Ã ½ÇÇàÇÏ¸é ±âº»°ªÀ¸·Î ÀÛµ¿Çϸç, »çÀÌÆ® Àüü°¡ Àá°Ü(ÀÎÁõÇʼö ÆäÀÌÁö·Î º¯ÇÔ)¹ö¸³´Ï´Ù.
- <dependency>
- <groupId>org.springframework.boot</groupId>
- <artifactId>spring-boot-starter-security</artifactId>
- </dependency>
»çÀÌÆ® ÆäÀÌÁö¸¦ ºñÀÎÁõÀ¸·Î ¸¸µé¾îº¸ÀÚ.
¼³Á¤ Ŭ·¡½º¸¦ ¸¸µì´Ï´Ù.
À̸§Àº SecurityConfig ·Î ÇÏ°Ú½À´Ï´Ù.
¾ÕÀ¸·Î SecurityConfig ¸¦ °è¼Ó °í󳪰¥ °Ì´Ï´Ù.¾ÛÀ» ½ÇÇàÇÏ¸é ¸ðµç ÆäÀÌÁö°¡ Ç®·ÁÀÖ½À´Ï´Ù.
- @Configuration
- public class SecurityConfig extends WebSecurityConfigurerAdapter
- {
- @Override
- public void configure(WebSecurity web) throws Exception
- {
- web.ignoring().antMatchers("/**");
- }
- }
ºÎºÐº°·Î ÀÎÁõÆäÀÌÁö¸¦ ÁຸÀÚ.
´ëºÎºÐÀÇ »çÀÌÆ®´Â °³ÀÎÁ¤º¸¿¡ Á¢±ÙÇÏ´Â °èÁ¤Á¤º¸, °áÁ¦ÀÌ·Â, ±Û¾²±âµî ȸ¿ø°ú °ü·ÃµÈ ºÎºÐÀÌ ¾Æ´Ï¶ó¸é ±âº»ÀûÀ¸·Î ·Î±×ÀÎÀÌ ÇÊ¿ä¾ø½À´Ï´Ù.
ÇÏÁö¸¸ ½ºÇÁ¸µ ½ÃÅ¥¸®Æ¼ °°Àº°æ¿ì´Â ±âº»ÀûÀ¸·Î ¸ðµÎ ÀÎÁõÆäÀÌÁöÀ̸ç ÀϺθ¦ ¿¾îÁÖ´Â ÇüÅ·ΠµÇ¾îÀÖ½À´Ï´Ù.
¹°·Ð ½ºÇÁ¸µ ½ÃÅ¥¸®Æ¼ °°Àº ÀÛ¾÷¹æ¹ýÀÌ ÇÁ·Î±×·¡¸Ó°¡ ½Å±Ô ÀÎÁõ ÆäÀÌÁö¸¦ ¸¸µé°í Ãß°¡¸¦ ±ô¹ÚÇÏ´õ¶óµµ º¸¾È»óÀ¸·Î´Â ´õ ÁÁÀº ¹æ¹ýÀÔ´Ï´Ù.
ÇÏÁö¸¸ ¹Ý´ëÀÇ °æ¿ìµµ ½Ç½ÀÀ» Çغ¸°Ú½À´Ï´Ù.
¿ì¼± /mypage ¶ó´Â °£´ÜÇÑ ÆäÀÌÁö¸¦ ¸¸µé°í ¾Æ·¡ÀÇ ¿¹Á¦¸¦ µû¶óÇغ¾´Ï´Ù.
- // Àû´çÇÑ ÄÁÆ®·Ñ·¯¿¡!!
- @ResponseBody
- @RequestMapping(path="/mypage", produces="text/plain")
- public String mypage()
- {
- return "is mypage !!";
- }
ÇÏÁö¸¸ /mypage ¿¡ ³Ê¹«³ªµµ Àß Á¢¼ÓµË´Ï´Ù....
- @Configuration
- public class SecurityConfig extends WebSecurityConfigurerAdapter
- {
- @Override
- public void configure(WebSecurity web) throws Exception
- {
- web.ignoring().antMatchers("/**");
- }
- @Override
- protected void configure(HttpSecurity http) throws Exception
- {
- http.authorizeRequests()
- .antMatchers("/mypage").authenticated();
- }
- }
web.ignoring() ÀÇ ¿ì¼±¼øÀ§°¡ ´õ ³ôÀº °Í °°½À´Ï´Ù.À̹ø¿£ ¾î¶³±î¿ä? ¿ª½Ã³ª /mypage ¿¡ Àß µé¾î°¡Áý´Ï´Ù.
- @Configuration
- public class SecurityConfig extends WebSecurityConfigurerAdapter
- {
- @Override
- public void configure(WebSecurity web) throws Exception
- {
- // web.ignoring().antMatchers("/**");
- }
- @Override
- protected void configure(HttpSecurity http) throws Exception
- {
- http.authorizeRequests()
- .antMatchers("/**").permitAll()
- .antMatchers("/mypage").authenticated();
- }
- }
¼³¸¶...... ¼ø¼¸¦ ¹Ù²ãº¸°Ú½À´Ï´Ù.µåµð¾î ÀϹÝÆäÀÌÁö´Â Á¢¼ÓÀÌ µÇ°í /mypage ´Â ±ÇÇÑÀÌ ¾ø¾î Á¢±ÙµÇÁö ¾Ê½À´Ï´Ù.
- @Configuration
- public class SecurityConfig extends WebSecurityConfigurerAdapter
- {
- @Override
- protected void configure(HttpSecurity http) throws Exception
- {
- http.authorizeRequests()
- .antMatchers("/mypage").authenticated()
- .antMatchers("/**").permitAll();
- }
- }
¸ÕÀú ¼³Á¤µÈ °ªÀÌ ±â¾ïµÇ°í µÎ¹ø° ÀÌÈÄ ¼³Á¤Àº ¹«½ÃµÇ´Â°Ç°¡??
https://docs.spring.io/spring-security/site/docs/current/apidocs/org/springframework/security/config/annotation/web/builders/HttpSecurity.html#authorizeRequests--
½ºÇÁ¸µ ¹®¼¸¦ º¸´Ï ¿ª½Ã ±×·¸°Ô ½áÀÖ½À´Ï´Ù.
¿¹¸¦µé¾î Çã°¡¸¦ .antMatchers("/**") ÀÌ·±½ÄÀ¸·Î ³»ÁÖ¸é /mypage µµ Çã°¡°¡ µÈ°ÍÀÌ°í ±×µÚ¿¡ .antMatchers("/mypage").authenticated() À» »ç¿ëÇÏ´õ¶óµµ µÎ¹ø° ¼Ó¼ºÀº ¹«½ÃµË´Ï´Ù.
Áï, ¸ÕÀú Á¤ÇØÁø °ªÀº ºÒº¯µË´Ï´Ù.
À̹øÀåÀÇ ¿äÁ¡!!
ºñÀÎÁõ ¹üÀ§¿¡ ÀÎÁõ¹üÀ§±îÁö ¼³Á¤ÇÑ ÈÄ ´Ù½Ã ÀÎÁõÀ» ¼³Á¤ÇÏ´õ¶óµµ µÎ¹ø° ¼³Á¤Àº ¹«½ÃµË´Ï´Ù.
Áï!! ÀÎÁõ¹üÀ§´Â ¸®¼Ò½º (css, js...) ¸¦ Á¦¿ÜÇÏ°ï °¡Àå ¸¶Áö¸·¿¡ ÀÎÁõÀ» Ç®¾î ÁÖµµ·Ï ¼³Á¤ÇÏ´Â °ÍÀÌ ÁÁÀ» °Í °°½À´Ï´Ù.
»ç½Ç ´õ ÁÁÀº ¹æ¹ýÀº HttpSecurityÅëÇÑ ÀÎÁõ/ºñÀÎÁõ ¹üÀ§¸¦ ¼³Á¤ÇÏ´Â°Ô ¾Æ´Ñ WebSecurity¸¦ ÅëÇÑ ÀÎÁõ¹üÀ§¸¸ °ñ¶óÁÖ´Â °ÍÀÌ ´õ ÁÁÀº °Í °°½À´Ï´Ù.
- @Configuration
- public class SecurityConfig extends WebSecurityConfigurerAdapter
- {
- @Override
- public void configure(WebSecurity web) throws Exception
- {
- // ¿¹¸¦µé¾î ÀÌ·±½ÄÀ¸·Î ÀÎÁõÇҰ͵éÀ» Ç®¾îÁִ°̴ϴÙ. (ÁÖ·Î ¸®¼Ò½º)
- web.ignoring().antMatchers("/css/**", "/script/**", "/");
- }
- @Override
- protected void configure(HttpSecurity http) throws Exception
- {
- // ¿©±â¿¡¼± ¸®¼Ò½º¿Ü¿¡ ÆäÀÌÁöÀÇ ÀÎÁõ/ºñÀÎÁõ/ÀÎÁõ±ÇÇѵîÀ» ¼³Á¤ÇÏ´Â°Ô ÁÁÀº°Í °°½À´Ï´Ù.
- http.authorizeRequests()
- // ¾îµå¹Î ±ÇÇÑÀ¸·Î¸¸ Á¢±ÙÇÒ ¼ö ÀÖ´Â °æ·Î.
- .antMatchers("/admin/**").access("ROLE_ADMIN");
- }
- }