오늘은 저번에 만들어본 로그인을 좀더 보안에 취약하지 않게 해보도록 하겠습니다.
pom.xml 에 라이브러리를 추가로 적용시킵니다.
<!-- 시큐리티 관련 -->
<!-- https://mvnrepository.com/artifact/org.springframework.security/spring-security-core -->
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>${org.springframework-version}</version>
</dependency>
<!-- https://mvnrepository.com/artifact/org.springframework.security/spring-security-web -->
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>${org.springframework-version}</version>
</dependency>
<!-- https://mvnrepository.com/artifact/org.springframework.security/spring-security-config -->
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>${org.springframework-version}</version>
</dependency>
<!-- https://mvnrepository.com/artifact/org.springframework.security/spring-security-taglibs -->
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-taglibs</artifactId>
<version>${org.springframework-version}</version>
</dependency>
web.xml 에도 설정을 해줘야 하는데요.
contextConfigLocation 되어있던걸 밑에 처럼 변경해주시고요.
filter를 추가해줍니다.
밑에 전체 코드 이니 참조해주세요~
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee https://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
<!-- The definition of the Root Spring Container shared by all Servlets and Filters -->
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/spring/*-context.xml</param-value>
</context-param>
<!-- Creates the Spring Container shared by all Servlets and Filters -->
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<!-- Processes application requests -->
<servlet>
<servlet-name>appServlet</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/spring/appServlet/servlet-context.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>appServlet</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
</web-app>
자, 이제 security 관련 설정 파일을 만들어 주겠습니다.
security-context.xml 을 root-context.xml와 같은 곳에 만들어주세요.
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.2.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">
<security:http>
<security:intercept-url pattern="/security/all" access="permitAll" />
<security:intercept-url pattern="/security/member" access="hasRole('ROLE_MEMBER')" />
<security:form-login />
</security:http>
<security:authentication-manager>
<security:authentication-provider>
<security:user-service>
<security:user name="member" password="{noop}member" authorities="ROLE_MEMBER"/>
</security:user-service>
</security:authentication-provider>
</security:authentication-manager>
</beans>
<security:intercept-url pattern="/security/all" access="permitAll" />
// /security/all 이라는 url 을 접속에는 모든 권한을 가진 사람들이 접속이 가능하고요.
<security:intercept-url pattern="/security/member" access="hasRole('ROLE_MEMBER')" />
// /security/member 에는 ROLE_MEMBER 권한을 가진 사람만 접속 할 수 있도록 했습니다.
<security:user name="member" password="{noop}member" authorities="ROLE_MEMBER"/>
// 오늘은 DB를 연결 하지 않고 구현하기 위해 member권한을 가진 아이디를 설정해보았습니다.
security를 확인해보기 위해 admin.jsp와 member.jsp를 만들어보겟습니다.
- > admin.jsp 내용
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>Insert title here</title>
</head>
<body>
<p>admin 페이지</p>
</body>
</html>
- > member.jsp 내용
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>Insert title here</title>
</head>
<body>
<p>member</p>
</body>
</html>
com.spring.example.controller 패키지를 만들어주시고 SecurityController.java 클래스를 만들어주세요.
package com.spring.example.Controller;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
@RequestMapping("/security/*")
@Controller
public class SecurityController {
@GetMapping("/all")
public String all() {
return "home";
}
@GetMapping("/member")
public String member() {
return "security/member";
}
@GetMapping("/admin")
public String admin() {
return "security/admin";
}
}
내용을 추가해주시고 실행해보겠습니다.
를 치게 되면 홈으로 이동하게 되고
권한이 걸린 페이지를 들어가게 되면
이 화면이 뜨게 되고 맞는 id와 pw를 쳐야 페이지 안에 들어가게 됩니다.
저희가 만들어둔 member, member 치면 member페이지로 들어가게됩니다.
다음에는 패스워드 인코딩과 db를연결하여 맞는 권한에 따라 가도록 해보록 하겠습니다.
'프로그래밍 > 스프링(spring)' 카테고리의 다른 글
| [Spring] 스프링 IoC, Bean, DI 정리 (0) | 2022.06.15 |
|---|---|
| [스프링/spring] 스프링 시큐리티적용 ( Spring-security) (0) | 2020.04.12 |
| [스프링/spring] 스프링 로그인 기능 만들기(DB 사용) (10) | 2020.04.12 |
| [스프링/java] 스프링 메인화면 만들어 보기 (2) | 2020.04.12 |
| [스프링/spring] 스프링 데이터베이스(DB) 연결 (0) | 2020.04.12 |
