Framework/Spring Framework

(23.01.05)Spring 프레임워크: 로그인 보안 (SimpleSecurity)

프로그래머 오월 2023. 1. 9.

●●Spring 프레임워크를 사용한 보안된 로그인 기능●●

먼저 폼 설정을 해줘야한다.

 	<dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-security</artifactId>
      </dependency>
      <dependency>
          <groupId>org.springframework.security</groupId>
          <artifactId>spring-security-taglibs</artifactId>
      </dependency>
      <dependency>
          <groupId>org.springframework.security</groupId>
          <artifactId>spring-security-web</artifactId>
      </dependency>
      <dependency>
          <groupId>org.springframework.security</groupId>
          <artifactId>spring-security-config</artifactId>
      </dependency>

pom.xml 에 dependency에 위 코드를 넣어줘야 한다.

SimpleSecurityConfig.java

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.access.AccessDeniedHandler;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
 
@Configuration
@EnableWebSecurity
public class SimpleSecurityConfig {
    @Bean
    BCryptPasswordEncoder passwordEncoder() {
        BCryptPasswordEncoder enc = new BCryptPasswordEncoder();
        System.out.println("employee->" + enc.encode("employee"));
        System.out.println("imadmin->" + enc.encode("imadmin"));
        System.out.println("guest->" + enc.encode("guest"));
        return enc;
    }
 
    @Bean
    WebSecurityCustomizer webSecurityCustomizer() {
        return (webSecurity) -> webSecurity.ignoring().requestMatchers("/resources/**", "/ignore2");
    }
 
    @Bean
    SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
        System.out.println("접근제한 설정");
        return http.authorizeHttpRequests()/* 권한에 따른 인가(Authorization) */
                .requestMatchers("/", "/sec", "/sec/loginForm", "/sec/denied", "/logout").permitAll()
                .requestMatchers("/sec/hello").hasAnyRole("USER", "ADMIN")
                .requestMatchers("/sec/getemps").hasAnyRole("USER", "ADMIN")
                .requestMatchers("/sec/addemp").hasAnyRole("ADMIN")
                .requestMatchers("/sec/menu").hasAnyRole("USER", "GUEST", "ADMIN")
                .requestMatchers("/sec/sample").hasAnyRole("GUEST", "ADMIN")
                // .anyRequest().authenticated() // 위의 설정 이외의 모든 요청은 인증을 거쳐야 한다
                .anyRequest().permitAll() // 위의 설정 이외의 모든 요청은 인증 요구하지 않음
 
                .and().csrf().disable() // csrf 기능을 사용하지 않을 때
                // .csrf().ignoringAntMatchers("/logout") //요청시 'POST' not supported 에러 방지
                // .ignoringAntMatchers("/sec/loginForm")
                // .ignoringAntMatchers("/doLogin")
 
                .formLogin().loginPage("/sec/loginForm") // 지정된 위치에 로그인 폼이 준비되어야 함
                .loginProcessingUrl("/doLogin") // 컨트롤러 메소드 불필요, 폼 action과 일치해야 함
                .failureUrl("/sec/loginForm?error=T") // 로그인 실패시 다시 로그인 폼으로
                // .failureForwardUrl("/login?error=Y") //실패시 다른 곳으로 forward
                .defaultSuccessUrl("/sec/main", true)
                .usernameParameter("userid") // 로그인 폼에서 이용자 ID 필드 이름, 디폴트는 username
                .passwordParameter("userpwd") // 로그인 폼에서 이용자 암호 필트 이름, 디폴트는 password
                .permitAll() //누구에게나 허용함
 
                .and() // 디폴트 로그아웃 URL = /logout
                .logout().logoutRequestMatcher(new AntPathRequestMatcher("/logout")) // 로그아웃 요청시 URL
                .logoutSuccessUrl("/sec/loginForm?logout=T")
                .invalidateHttpSession(true) //서버에서 흔적 없애기
                .deleteCookies("JSESSIONID") //로컬에서도 흔적 없애기
                .permitAll()
 
                .and()
                .exceptionHandling().accessDeniedPage("/sec/denied")
                .and().build();
    }
 
    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder authenticationMgr) throws Exception {
                                    //  ↑인증매니저객체
        authenticationMgr.inMemoryAuthentication() /* 메모리 기반 인증(Authentication) */
                .withUser("employee").password("$2a$10$MZ2ANCUXIj5mrAVbytojruvzrPv9B3v9CXh8qI9qP13kU8E.mq7yO")
                .authorities("ROLE_USER").and()
                .withUser("imadmin")
                .password("$2a$10$FA8kEOhdRwE7OOxnsJXx0uYQGKaS8nsHzOXuqYCFggtwOSGRCwbcK")
                .authorities("ROLE_USER", "ROLE_ADMIN").and()
                .withUser("guest")
                .password("$2a$10$ABxeHaOiDbdnLaWLPZuAVuPzU3rpZ30fl3IKfNXybkOG2uZM4fCPq").authorities("ROLE_GUEST");
    }
}
Colored by Color Scripter

cs

SecurityController.java

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21

import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.ResponseBody;
 
@Controller
@RequestMapping("/sec")
public class SecurityController {
    @GetMapping("/loginForm")
 
    public String loginForm() {
        return "thymeleaf/loginForm";
    }
 
    @GetMapping("/main")
 
    public String goMain() {
        return "thymeleaf/main";
    }
}
 
Colored by Color Scripter

cs

loginForm.html

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29

<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>로그인해주세요</title>
<style>
    h1{width:fit-content; margin:0 auto;}
   label{display:inline-block;width:3em; text-align: right; 
      margin-right:1em; }
   input { width: 5em; }
   form {width:fit-content; padding:0.5em; margin:0 auto; 
      border:1px solid black;}
   button { margin: 5px; }
   div:last-child { text-align: center;} 
</style>
</head>
<body>
<h1>로그인</h1>
<form action="/doLogin" method="post">
   <div><label>아이디</label> 
      <input id="uid" type="text" name="userid" value="">
   </div>
   <div><label>암 호</label> 
      <input id="pwd" type="password" name="userpwd" value="">
   </div>
   <div><button type="submit">로그인</button></div>
</form>
</body>
</html>
Colored by Color Scripter

cs

main.html

1
2
3
4
5
6
7
8
9
10

<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>메인페이지</title>
</head>
<body>
<a th:href="${'/logout'}">로그아웃</a>
</body>
</html>

cs

실행결과 :

id, pw 둘다 employee 넣으면 로그인이 성공하여 main.html로 가는걸 볼 수 있다.

'Framework > Spring Framework' 카테고리의 다른 글

(23.01.11.)Spring 프레임워크 : Spring Security -JDBC Authentication (1)	2023.01.11
(23.01.06)Spring 프레임워크 : thymeleaf를 이용한 보안 로그인 - 로그인 에러 (0)	2023.01.09
(23.01.04)Spring 프레임워크 : Java Mail Sending (POP을 통한 메일보내기) (0)	2023.01.04
(23.01.02)Spring 프레임워크: 웹소켓을 이용한 채팅프로그램 만들기 (0)	2023.01.02
(22.12.30)Spring 프레임워크:WebSocket을 사용한 채팅 프로그램 만들기 (1)	2022.12.30

(23.01.05)Spring 프레임워크: 로그인 보안 (SimpleSecurity)

●●Spring 프레임워크를 사용한 보안된 로그인 기능●●

'Framework > Spring Framework' 카테고리의 다른 글

댓글

티스토리툴바