spring security - 1 (pom, context, web) xml 설정
2021. 9. 13. 10:46ㆍ(구)공부/Spring
728x90
pom.xml 스프링 시큐리티 라이브러리들 추가
<security.version>5.0.6.RELEASE</security.version>
<!-- 스프링 시큐리티 -->
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>${security.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>${security.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>${security.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-taglibs</artifactId>
<version>${security.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-test</artifactId>
<version>${security.version}</version>
</dependency>
스프링 시큐리티는 단독 설정 가능하기에 security-context.xml 파일 생성
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">
<bean id="customAccessDenied" class="CustomAccessDenied를 만들어둔 경로"></bean>
<bean id="customLoginSuccess" class="CustomLoginSuccess를 만들어둔 경로"></bean>
<bean id="customBCryptPasswordEncoder" class="CustomBCryptPasswordEncoder 를 만들어둔 경로"></bean>
<bean id="bcryptPasswordEncoder" class="BcryptPasswordEncoder 를 만들어둔 경로"></bean>
<bean id="customUserDetailsService" class="CustomUserDetailsService 를 만들어둔 경로"></bean>
<security:http>
<!-- hasAuthority('admin')은 계정의 권한이 admin일때 접근 가능하다는 뜻, permitAll은 제한없이 접속가능 -->
<!-- <security:intercept-url pattern="/everyBody/**" access="permitAll"/> -->
<!-- <security:intercept-url pattern="/admin/**" access="hasAuthority('admin')"/> -->
<!-- csrf 보안 사용할건지 끌거면 true -->
<security:csrf disabled="false"/>
<!--권한 실패로인한 접속 실패시 표시할 페이지-->
<security:access-denied-handler ref="customAccessDenied"/>
<!-- 자신이 사용할 로그인 페이지 -->
<security:form-login login-page="/user/login" authentication-success-handler-ref="customLoginSuccess"/>
<!-- 리맴버미 설정-->
<security:remember-me data-source-ref="dataSource" token-validity-seconds="604800"/>
<!-- 리맴버미 쿠키 삭제 -->
<security:logout logout-url="/logout" invalidate-session="true" delete-cookies="remember-me" logout-success-url="/"/>
</security:http>
<security:authentication-manager>
<security:authentication-provider
user-service-ref="customUserDetailsService">
<security:password-encoder ref="bcryptPasswordEncoder"/>
</security:authentication-provider>
</security:authentication-manager>
</beans>web.xml - security-context.xml를 로딩할 수 있도록 설정
<!-- Spring Security -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy
</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value> /WEB-INF/spring/root-context.xml
/WEB-INF/spring/security-context.xml
</param-value>
</context-param>
<listener>
<listener-class>org.springframework.security.web.session.HttpSessionEventPublisher
</listener-class>
</listener>728x90
'(구)공부 > Spring' 카테고리의 다른 글
| spring security - 2 (controller, login) (0) | 2021.09.16 |
|---|---|
| 에러페이지 (0) | 2021.09.07 |
| Spring 유효성 검사 - hibernate (0) | 2021.08.24 |
| 파일 업로드 (0) | 2021.08.16 |
| lombok (0) | 2021.08.04 |