Heestory

Security 기본 설정 본문

개발(~국비)/Spring

Security 기본 설정

까만밀가루 2022. 7. 21. 16:40

1.pom.xml  : 이때 java 버전 5.2.12로 맞춰줌

 

<!-- 스프링 스큐리티 -->
<!-- https://mvnrepository.com/artifact/org.springframework.security/spring-security-core -->
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>5.2.12.RELEASE</version>
</dependency>
<!-- https://mvnrepository.com/artifact/org.springframework.security/spring-security-web -->
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>5.2.12.RELEASE</version>
</dependency>
<!-- https://mvnrepository.com/artifact/org.springframework.security/spring-security-config -->
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>5.2.12.RELEASE</version>
</dependency>
<!-- https://mvnrepository.com/artifact/org.springframework.security/spring-security-taglibs -->
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-taglibs</artifactId>
<version>5.2.12.RELEASE</version>
</dependency>

 

 

 

 

 

2. security-config.xml 생성

 

이때 Bean File로 생성해야하며

서블릿을 위한 servlet.xml

jdbc를 위한 root.xml

security를 위한 xml 총 3개가 spring 파일 안에 있으면 db 연동과 서블릿, 시큐리티 이용 가능하다.

Namespaces 에서 beans와 security 클릭

 

 

xml 설정시 security를 쉽게 쓰기 위헤 sec로 변경

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:sec="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-5.2.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.3.xsd">
   
  <!-- 비밀번호 잉코딩을 위한 bean 생성 -->
  <bean id="passwordEncoding" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder"/>
  <!-- 로그인 후 바로 실행되는 핸들러 설정 -->
  <bean id="loginSuccessHandler" class="com.jhta.spring12.security.LoginSuccessHandler"/>


   <!-- 요청에 따른 권한 설정 -->
    <sec:http> 
      <sec:intercept-url pattern="/member/**" access="hasAnyRole('ROLE_ADMIN','ROLE_MEMBER')"/> <!-- member링크에 둘 다 접근 가능 -->
      <sec:intercept-url pattern="/admin/**" access="hasRole('ROLE_ADMIN')"/>
      <sec:intercept-url pattern="/**" access="permitAll"/> <!-- 순서는 여기 있어야 함, 초반에 좁은 범위여야 한다. -->
      <sec:form-login login-page="/login" authentication-success-handler-ref="loginSuccessHandler"/>
      <sec:logout logout-url="/logout" invalidate-session="true" logout-success-url="/"/>
    </sec:http>
    
    <!-- 인증 매니저 설정 -->
    <sec:authentication-manager>
      <sec:authentication-provider>
        <sec:jdbc-user-service data-source-ref="dataSource"/> <!-- db 연동  -->
        <sec:password-encoder ref="passwordEncoding"/>
      </sec:authentication-provider>
    </sec:authentication-manager>
    
</beans>

 

3.web.xml - security 설정해준다

    <!-- 시큐리티에 대한 필터설정 -->
    <filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>

<!-- 서블릿 설정 이외 모든 파일 여기에 설정 -->
<context-param>
<param-name>contextConfigLocation</param-name>
<!-- 시큐리티 설정 파일 정보 지정 -->
<param-value>/WEB-INF/spring/root-context.xml
/WEB-INF/spring/security-config.xml</param-value>
</context-param>

 

이와 같은 설정 안할 때 > security 관련 보이지된 링크나 핸들러등 제대로 작동 안함

'개발(~국비) > Spring' 카테고리의 다른 글

01.스프링  (0) 2022.10.20
DefaultHandlerExceptionResolver No converter found for return value of type: class java.util.ArrayList  (0) 2022.08.01
org.springframework.beans.factory.UnsatisfiedDependencyException  (0) 2022.07.20
javaconfig 설정 기본1  (0) 2022.07.19
java.sql.SQLSyntaxErrorException: ORA-00917: 누락된 콤마  (0) 2022.07.16
'개발(~국비)/Spring' Related Articles more