ÃֽŠ°Ô½Ã±Û(JAVA)
HOME > JAVA > ÃֽŠ°Ô½Ã±Û(JAVA)
2018.07.30 / 10:28

Spring boot Security : 1. ¼³Ä¡ ¹× ÆäÀÌÁö ¼³Á¤

summerman
Ãßõ ¼ö 222 
Spring boot Security ½Ã¸®Áî
1. ¼³Ä¡ ¹× ÆäÀÌÁö ¼³Á¤
- https://gs.saro.me/#!m=elec&jn=790
2. ÀÎÁõ·ÎÁ÷À» ¸¸µé¾îº¸ÀÚ.
- https://gs.saro.me/#!m=elec&jn=791
3. ÀÎÁõ·ÎÁ÷ - ÀáÀçÀû À§Çè
- https://gs.saro.me/#!m=elec&jn=792
4. ÀÎÁõ ÆäÀÌÁöºä
- https://gs.saro.me/#!m=elec&jn=793
5. ȸ¿ø°¡ÀÔ
- https://gs.saro.me/#!m=elec&jn=794
ºÎ·Ï : Spring Security login (¼º°ø / ½ÇÆÐ) À̺¥Æ® ¸®½º³Ê 
- https://gs.saro.me/#!m=elec&jn=825


¼­·Ð
»ç½Ç ÇÊÀÚ´Â ½ºÇÁ¸µ ºÎÆ® ½ÃÅ¥¸®Æ¼°¡ À¯¿ëÇÑÁö Àß ¸ð¸£°Ú½À´Ï´Ù.
¾ÆÁ÷ ¾È½áºÁ¼­ ±×·±Áöµµ ¸ð¸£ÁÒ.. ÇÏÇÏ... ±×·¡¼­!!
Á÷Á¢ ½áº» ÈÄ Ã¼°¨ÇÏ°í ÆÇ´ÜÇϱâ À§Çؼ­ ¼³Ä¡Çغ¸¾Ò½À´Ï´Ù.
(°ú¿¬.. »ý°¢ÀÌ ¹Ù²ð°ÍÀΰ¡.!!)


¸ÞÀÌºì ¼³Á¤
  1. <dependency>
  2. 	<groupId>org.springframework.boot</groupId>
  3. 	<artifactId>spring-boot-starter-security</artifactId>
  4. </dependency>
¾ÛÀ» ´Ù½Ã ½ÇÇàÇÏ¸é ±âº»°ªÀ¸·Î ÀÛµ¿Çϸç, »çÀÌÆ® Àüü°¡ Àá°Ü(ÀÎÁõÇʼö ÆäÀÌÁö·Î º¯ÇÔ)¹ö¸³´Ï´Ù.


»çÀÌÆ® ÆäÀÌÁö¸¦ ºñÀÎÁõÀ¸·Î ¸¸µé¾îº¸ÀÚ.
¼³Á¤ Ŭ·¡½º¸¦ ¸¸µì´Ï´Ù.
À̸§Àº SecurityConfig ·Î ÇÏ°Ú½À´Ï´Ù.
¾ÕÀ¸·Î SecurityConfig ¸¦ °è¼Ó °í󳪰¥ °Ì´Ï´Ù.
  1. @Configuration
  2. public class SecurityConfig extends WebSecurityConfigurerAdapter
  3. {
  4. 	@Override
  5. 	public void configure(WebSecurity web) throws Exception
  6. 	{
  7. 		web.ignoring().antMatchers("/**");
  8. 	}
  9. }
¾ÛÀ» ½ÇÇàÇÏ¸é ¸ðµç ÆäÀÌÁö°¡ Ç®·ÁÀÖ½À´Ï´Ù.


ºÎºÐº°·Î ÀÎÁõÆäÀÌÁö¸¦ ÁຸÀÚ.
´ëºÎºÐÀÇ »çÀÌÆ®´Â °³ÀÎÁ¤º¸¿¡ Á¢±ÙÇÏ´Â °èÁ¤Á¤º¸, °áÁ¦ÀÌ·Â, ±Û¾²±âµî ȸ¿ø°ú °ü·ÃµÈ ºÎºÐÀÌ ¾Æ´Ï¶ó¸é ±âº»ÀûÀ¸·Î ·Î±×ÀÎÀÌ ÇÊ¿ä¾ø½À´Ï´Ù.
ÇÏÁö¸¸ ½ºÇÁ¸µ ½ÃÅ¥¸®Æ¼ °°Àº°æ¿ì´Â ±âº»ÀûÀ¸·Î ¸ðµÎ ÀÎÁõÆäÀÌÁöÀ̸ç ÀϺθ¦ ¿­¾îÁÖ´Â ÇüÅ·ΠµÇ¾îÀÖ½À´Ï´Ù.
¹°·Ð ½ºÇÁ¸µ ½ÃÅ¥¸®Æ¼ °°Àº ÀÛ¾÷¹æ¹ýÀÌ ÇÁ·Î±×·¡¸Ó°¡ ½Å±Ô ÀÎÁõ ÆäÀÌÁö¸¦ ¸¸µé°í Ãß°¡¸¦ ±ô¹ÚÇÏ´õ¶óµµ º¸¾È»óÀ¸·Î´Â ´õ ÁÁÀº ¹æ¹ýÀÔ´Ï´Ù.
ÇÏÁö¸¸ ¹Ý´ëÀÇ °æ¿ìµµ ½Ç½ÀÀ» Çغ¸°Ú½À´Ï´Ù.
¿ì¼± /mypage ¶ó´Â °£´ÜÇÑ ÆäÀÌÁö¸¦ ¸¸µé°í ¾Æ·¡ÀÇ ¿¹Á¦¸¦ µû¶óÇغ¾´Ï´Ù.
  1. // Àû´çÇÑ ÄÁÆ®·Ñ·¯¿¡!!
  2. @ResponseBody
  3. @RequestMapping(path="/mypage", produces="text/plain")
  4. public String mypage()
  5. {
  6. 	return "is mypage !!";
  7. }
  1. @Configuration
  2. public class SecurityConfig extends WebSecurityConfigurerAdapter
  3. {
  4. 	@Override
  5. 	public void configure(WebSecurity web) throws Exception
  6. 	{
  7. 		web.ignoring().antMatchers("/**");
  8. 	}
  9. 	@Override
  10. 	protected void configure(HttpSecurity http) throws Exception
  11. 	{
  12. 		http.authorizeRequests()
  13. 			.antMatchers("/mypage").authenticated();
  14. 	}
  15. }
ÇÏÁö¸¸ /mypage ¿¡ ³Ê¹«³ªµµ Àß Á¢¼ÓµË´Ï´Ù....
web.ignoring() ÀÇ ¿ì¼±¼øÀ§°¡ ´õ ³ôÀº °Í °°½À´Ï´Ù.
  1. @Configuration
  2. public class SecurityConfig extends WebSecurityConfigurerAdapter
  3. {
  4. 	@Override
  5. 	public void configure(WebSecurity web) throws Exception
  6. 	{
  7. 		// web.ignoring().antMatchers("/**");
  8. 	}
  9. 	@Override
  10. 	protected void configure(HttpSecurity http) throws Exception
  11. 	{
  12. 		http.authorizeRequests()
  13. 			.antMatchers("/**").permitAll()
  14. 			.antMatchers("/mypage").authenticated();
  15. 	}
  16. }
À̹ø¿£ ¾î¶³±î¿ä? ¿ª½Ã³ª /mypage ¿¡ Àß µé¾î°¡Áý´Ï´Ù.
¼³¸¶...... ¼ø¼­¸¦ ¹Ù²ãº¸°Ú½À´Ï´Ù.
  1. @Configuration
  2. public class SecurityConfig extends WebSecurityConfigurerAdapter
  3. {
  4. 	@Override
  5. 	protected void configure(HttpSecurity http) throws Exception
  6. 	{
  7. 		http.authorizeRequests()
  8. 			.antMatchers("/mypage").authenticated()
  9. 			.antMatchers("/**").permitAll();
  10. 	}
  11. }
µåµð¾î ÀϹÝÆäÀÌÁö´Â Á¢¼ÓÀÌ µÇ°í /mypage ´Â ±ÇÇÑÀÌ ¾ø¾î Á¢±ÙµÇÁö ¾Ê½À´Ï´Ù.
¸ÕÀú ¼³Á¤µÈ °ªÀÌ ±â¾ïµÇ°í µÎ¹ø° ÀÌÈÄ ¼³Á¤Àº ¹«½ÃµÇ´Â°Ç°¡??
https://docs.spring.io/spring-security/site/docs/current/apidocs/org/springframework/security/config/annotation/web/builders/HttpSecurity.html#authorizeRequests--
½ºÇÁ¸µ ¹®¼­¸¦ º¸´Ï ¿ª½Ã ±×·¸°Ô ½áÀÖ½À´Ï´Ù.
¿¹¸¦µé¾î Çã°¡¸¦ .antMatchers("/**") ÀÌ·±½ÄÀ¸·Î ³»ÁÖ¸é /mypage µµ Çã°¡°¡ µÈ°ÍÀÌ°í ±×µÚ¿¡ .antMatchers("/mypage").authenticated() À» »ç¿ëÇÏ´õ¶óµµ µÎ¹ø° ¼Ó¼ºÀº ¹«½ÃµË´Ï´Ù.
Áï, ¸ÕÀú Á¤ÇØÁø °ªÀº ºÒº¯µË´Ï´Ù.


À̹øÀåÀÇ ¿äÁ¡!!
ºñÀÎÁõ ¹üÀ§¿¡ ÀÎÁõ¹üÀ§±îÁö ¼³Á¤ÇÑ ÈÄ ´Ù½Ã ÀÎÁõÀ» ¼³Á¤ÇÏ´õ¶óµµ µÎ¹ø° ¼³Á¤Àº ¹«½ÃµË´Ï´Ù.
Áï!! ÀÎÁõ¹üÀ§´Â ¸®¼Ò½º (css, js...) ¸¦ Á¦¿ÜÇÏ°ï °¡Àå ¸¶Áö¸·¿¡ ÀÎÁõÀ» Ç®¾î ÁÖµµ·Ï ¼³Á¤ÇÏ´Â °ÍÀÌ ÁÁÀ» °Í °°½À´Ï´Ù.
»ç½Ç ´õ ÁÁÀº ¹æ¹ýÀº HttpSecurityÅëÇÑ ÀÎÁõ/ºñÀÎÁõ ¹üÀ§¸¦ ¼³Á¤ÇÏ´Â°Ô ¾Æ´Ñ WebSecurity¸¦ ÅëÇÑ ÀÎÁõ¹üÀ§¸¸ °ñ¶óÁÖ´Â °ÍÀÌ ´õ ÁÁÀº °Í °°½À´Ï´Ù.
  1. @Configuration
  2. public class SecurityConfig extends WebSecurityConfigurerAdapter
  3. {
  4. 	@Override
  5. 	public void configure(WebSecurity web) throws Exception
  6. 	{
  7. 		// ¿¹¸¦µé¾î ÀÌ·±½ÄÀ¸·Î ÀÎÁõÇҰ͵éÀ» Ç®¾îÁִ°̴ϴÙ. (ÁÖ·Î ¸®¼Ò½º)
  8. 		web.ignoring().antMatchers("/css/**", "/script/**", "/");
  9. 	}
  10. 	@Override
  11. 	protected void configure(HttpSecurity http) throws Exception
  12. 	{
  13. 		// ¿©±â¿¡¼± ¸®¼Ò½º¿Ü¿¡ ÆäÀÌÁöÀÇ ÀÎÁõ/ºñÀÎÁõ/ÀÎÁõ±ÇÇѵîÀ» ¼³Á¤ÇÏ´Â°Ô ÁÁÀº°Í °°½À´Ï´Ù.
  14. 		http.authorizeRequests()
  15. 			// ¾îµå¹Î ±ÇÇÑÀ¸·Î¸¸ Á¢±ÙÇÒ ¼ö ÀÖ´Â °æ·Î.
  16. 			.antMatchers("/admin/**").access("ROLE_ADMIN");
  17. 	}
  18. }