12-01 02:24
Recent Posts
Recent Comments
Tags
- ํ์ด์
- ์กํ๊ณ
- DB
- ํ์ด์ฌ
- ICT๋ฉํ ๋ง
- SQL
- python
- linux
- Spring
- ์๋ฐ
- appetizer
- API๋ง์ผํ๋ ์ด์ค
- ๋ฐ์ดํฐ๋ฒ ์ด์ค
- ์คํฝ์ค๋น
- mysql
- ICT
- ์คํฝ๋ ํ
- Java
- ํ๋ก๋ณด๋ ธ
- ์จ์ผ๋ํ
- RaspberryPi
- ์ด๋ธ์
- ์๋์ด๋ ธ
- ํ์ด์๊ณต๋ชจ์
- Naver Cloud
- API MarketPlace ๊ธ๋ก๋ฒ ์ํฌํฐ์ฆ
- ict๊ณต๋ชจ์
- TSQL
- DATABASE
- JOBํ๊ณ
- Today
- Total
miinsun
[Spring] Spring Security ๋ก๊ทธ์ธ/๋ก๊ทธ์์/ํจ์ค์๋ ์ํธํ ๊ธฐ๋ฅ ๊ตฌํ ๋ณธ๋ฌธ
WebApp/Spring
[Spring] Spring Security ๋ก๊ทธ์ธ/๋ก๊ทธ์์/ํจ์ค์๋ ์ํธํ ๊ธฐ๋ฅ ๊ตฌํ
miinsun 2021. 12. 20. 19:10
๐ป ์ค์ต ํ๊ฒฝ
Language: Java8
Spring Boot
IDE: IntelliJ
๐ฌ ์๊ตฌ ์ฌํญ
Spring Security๋ฅผ ์ด์ฉํด ๋ก๊ทธ์ธ, ๋ก๊ทธ์์, ํจ์ค์๋ ์ํธํ ๊ธฐ๋ฅ์ ๊ตฌํํ๋ค
๐ ์คํ๋ง ์ํ๋ฆฌํฐ ํ๋ ์์ํฌ ์ถ๊ฐ
build.gradleํ์ผ์ ์๋ ํ๋จ์ ์ฝ๋ ์ถ๊ฐ
// ์คํ๋ง ์ํ๋ฆฌํฐ
implementation 'org.springframework.boot:spring-boot-starter-security'
// Thymeleaf (๋ทฐ ํ
ํ๋ฆฟ ์์ง)
implementation 'org.springframework.boot:spring-boot-starter-thymeleaf'
๐ ์คํ๋ง ์ํ๋ฆฌํฐ ํ์ฑํ
WebSecurityConfig.java ํ์ผ ์์ฑ
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@Configuration
@EnableWebSecurity // ์คํ๋ง Security ์ง์์ ๊ฐ๋ฅํ๊ฒ ํจ
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable();
http.headers().frameOptions().disable();
http.authorizeRequests()
.anyRequest().authenticated()
.and()
.formLogin()
.defaultSuccessUrl("/")
.permitAll()
.and()
.logout()
.permitAll();
}
}
๐ Spring Security ๊ธฐ๋ณธ ๋์ ์ฌ์ฉ ๋ฐฉ๋ฒ
- Username : user
- Password : Springํ๋ก์ ํธ์ ๋ก๊ทธ 'Using generated security password : ~~'๋ฅผ ํ์ธ
- ์๋ฒ ์ฌ์์ ์ ๋ณ๊ฒฝ
๐ Spring Security๋ก ๋น๋ฐ๋ฒํธ ์ํธํ
์คํ๋ง ์ํ๋ฆฌํฐ์์ ์ ๊ณตํด์ฃผ๊ณ ๊ถ๊ณ ๋๋ 'BCrypt' ํด์ ํจ์๋ฅผ ์ด์ฉํด ํจ์ค์๋๋ฅผ ์ํธํํ์ฌ DB์ ์ ์ฅ
1. WebSecurityConfig ํ์ผ์ ํด๋น ํจ์ ์ถ๊ฐ
@Bean
public BCryptPasswordEncoder encodePassword() {
return new BCryptPasswordEncoder();
}
2. User Register ํ์๊ฐ์ ํจ์ Password ๋ฑ๋ก ๋ถ๋ถ ์์
import org.springframework.security.crypto.password.PasswordEncoder;
private final PasswordEncoder passwordEncoder;
// ํจ์ค์๋ ์ธ์ฝ๋ฉ
String password = passwordEncoder.encode(requestDto.getPassword());
๐ Spring Security๋ก ๋ก๊ทธ์ธ ๊ตฌํ
AuthenticationManager๋ฅผ ํตํด ์ธ์ฆ/์ธ๊ฐ ์ฑ๊ณต ์์๋ง, Controller์๊ฒ ํ์ ์ ๋ณด(UserDetails)๋ฅผ ์ ๋ฌํ๋๋ก ํ๋ค.
์ฌ๊ธฐ์ ์ฐ๋ฆฌ๊ฐ ๊ตฌํํด์ผ ํ ํด๋์ค๋ ๋ค์๊ณผ ๊ฐ๋ค.
- UserDetailsService ์ธํฐํ์ด์ค → UserDetailsServiceImpl ํด๋์ค
- UserDetails ์ธํฐํ์ด์ค → UserDetailsImpl ํด๋์ค
1) UserDetailsServiceImpl ์์ฑ
import com.sparta.springcore.model.User;
import com.sparta.springcore.repository.UserRepository;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Service;
import java.util.Optional;
@Service
public class UserDetailsServiceImpl implements UserDetailsService{
@Autowired
private UserRepository userRepository;
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
User user = userRepository.findByUsername(username)
.orElseThrow(() -> new UsernameNotFoundException("Can't find " + username));
return new UserDetailsImpl(user);
}
}
2) UserDetailsImpl.java ์์ฑ
import com.sparta.springcore.model.User;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
import java.util.Collection;
import java.util.Collections;
public class UserDetailsImpl implements UserDetails {
private final User user;
public UserDetailsImpl(User user) {
this.user = user;
}
public User getUser() {
return user;
}
@Override
public String getPassword() {
return user.getPassword();
}
@Override
public String getUsername() {
return user.getUsername();
}
@Override
public boolean isAccountNonExpired() {
return true;
}
@Override
public boolean isAccountNonLocked() {
return true;
}
@Override
public boolean isCredentialsNonExpired() {
return true;
}
@Override
public boolean isEnabled() {
return true;
}
@Override
public Collection<? extends GrantedAuthority> getAuthorities() {
return Collections.emptyList();
}
}
๐ Spring Security๋ก ๋ก๊ทธ์์ ๊ตฌํ
GET '/user/logout'์ ํธ์ถํ๋ ๊ฒ ๋ง์ผ๋ก ์คํ๋ง ์ํ๋ฆฌํฐ๊ฐ ๋ก๊ทธ์์์ ์ฒ๋ฆฌํด์ค๋ค.
@Configuration
@EnableWebSecurity // ์คํ๋ง Security ์ง์์ ๊ฐ๋ฅํ๊ฒ ํจ
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable();
http.headers().frameOptions().disable();
http.authorizeRequests()
.anyRequest().authenticated()
.and()
.formLogin()
.defaultSuccessUrl("/")
.permitAll()
.and()
.logout()
.logoutUrl("/user/logout")
.permitAll();
}
}
'WebApp > Spring' ์นดํ ๊ณ ๋ฆฌ์ ๋ค๋ฅธ ๊ธ
[JPA] ๋ณตํฉํค ์ค์ (0) | 2022.02.04 |
---|---|
[Spring] ํ๊ธ ํ๋ผ๋ฏธํฐ ๊นจ์ง ํด๊ฒฐ ๋ฐฉ๋ฒ (0) | 2022.02.03 |
[Spring] Spring Boot๋ฅผ ์ด์ฉํ ๋จ์ยทํตํฉ ํ ์คํธ (0) | 2022.01.13 |
[Spring] Spring Security - ์น์ ์ธ์ฆ ๋ฐ ์ธ๊ฐ, OAuth ์์ ๋ก๊ทธ์ธ (0) | 2021.12.20 |
[Spring] Spring ํ์ ๊ฐ๋ ์ ๋ฆฌ (0) | 2021.12.20 |
Comments