의미
- 애플리케이션의 보안(인증과 권한, 인가 등)을 담당하는 스프링 하위 프레임워크로, '인증'과 '권한'에 대한 부분을 Filter 흐름에 따라 처리함
설정 방법
- 라이브러리 추가
<!-- Security -->
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>3.2.5.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>3.2.5.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>3.2.5.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-taglibs</artifactId>
<version>3.2.4.RELEASE</version>
</dependency>
- web.xml 추가
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/spring/root-context.xml /WEB-INF/spring/appServlet/security-context.xml
</param-value>
</context-param>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
- spring bean configuration 추가 (servlet-context.xml과 같은 위치)
<security:http auto-config="true">
<security:intercept-url pattern="/login.html*" access="ROLE_USER" />
<security:intercept-url pattern="/welcome.html*" access="ROLE_ADMIN" />
</security:http>
<security:authentication-manager>
<security:authentication-provider>
<security:user-service>
<security:user name="user" password="123" authorities="ROLE_USER"/>
<security:user name="admin" password="123" authorities="ROLE_ADMIN, ROLE_USER"/>
</security:user-service>
</security:authentication-provider>
</security:authentication-manager>
- Controller 추가
@RequestMapping("login.html")
public String login() {
return "security/login";
}
- 결과 화면 (login.html 입력)
- xml에서 설정되지 않은 아이디, 비밀번호 입력시 나오는 화면
⇒ 로그인 폼 변경
- security 설정 xml (login form 관련 코드 추가)
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.2.xsd">
<security:http auto-config="true">
<security:form-login login-page="/loginForm.html"
authentication-failure-url="/loginForm.html?ng=777"
default-target-url="/success"/>
<security:intercept-url pattern="/login.html*" access="ROLE_USER" />
<security:intercept-url pattern="/welcome.html*" access="ROLE_ADMIN" />
</security:http>
<security:authentication-manager>
<security:authentication-provider>
<security:user-service>
<security:user name="user" password="123" authorities="ROLE_USER"/>
<security:user name="admin" password="123" authorities="ROLE_ADMIN, ROLE_USER"/>
</security:user-service>
</security:authentication-provider>
</security:authentication-manager>
</beans>- jsp
// loginForm.jsp
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>Insert title here</title>
</head>
<body>
<h1>Login Form</h1>
<form method="post" action="j_spring_security_check">
<c:if test="${param.ng == '777'}">
<p>Login NG!</p>
</c:if>
id : <input type="text" name="j_username" /><br />
pw : <input type="text" name="j_password" /><br />
<input type="submit" value="login" />
</form>
</body>
</html>
// success.jsp
<body>
Login Success
</body>- Controller
@RequestMapping("loginForm.html")
public String loginForm() {
return "security/loginForm";
}
@RequestMapping("/success")
public String success() {
return "security/success";
}'java,jsp,spring > Spring' 카테고리의 다른 글
| Spring 트랜잭션 (0) | 2022.10.19 |
|---|---|
| Spring 프레임워크 표준형 (0) | 2022.10.17 |
| Spring MyBatis로 전환 (0) | 2022.10.14 |
| MyBatis (0) | 2022.10.14 |
| Spring Jdbc Template (0) | 2022.10.14 |
