(23.01.06)Spring 프레임워크 : thymeleaf를 이용한 보안 로그인 - 로그인 에러

로그인 에러 메시지 띄우기

 

pom.xml 설정은 (23.01.05)게시글 참고!

 

 

SimpleSecurityConfig.java

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.access.AccessDeniedHandler;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
 
@Configuration
@EnableWebSecurity
public class SimpleSecurityConfig
{
   @Bean
   BCryptPasswordEncoder  passwordEncoder()
   {
      BCryptPasswordEncoder enc = new BCryptPasswordEncoder();
      System.out.println("employee->" + enc.encode("employee"));
      System.out.println("imadmin->" + enc.encode("imadmin"));
      System.out.println("guest->" + enc.encode("guest"));
       return enc;
   } 
 
    @Bean
    WebSecurityCustomizer webSecurityCustomizer() 
    {
       return (webSecurity) -> webSecurity.ignoring().antMatchers("/resources/**", "/ignore2");
    }
 
    @Bean
   SecurityFilterChain filterChain(HttpSecurity http) throws Exception 
    {
      System.out.println("접근제한 설정");
      return http.authorizeHttpRequests()/* 권한에 따른 인가(Authorization) */
            .antMatchers("/", "/sec/", "/sec/loginForm", "/sec/denied", "/logout").permitAll()
              .antMatchers("/sec/hello").hasAnyRole("USER", "ADMIN")
               .antMatchers("/sec/getemps").hasAnyRole("USER", "ADMIN")
               .antMatchers("/sec/addemp").hasAnyRole("ADMIN")
               .antMatchers("/sec/menu").hasAnyRole("USER","GUEST","ADMIN")
               .antMatchers("/sec/sample").hasAnyRole("GUEST", "ADMIN")
            //.anyRequest().authenticated()  // 위의 설정 이외의 모든 요청은 인증을 거쳐야 한다
               .anyRequest().permitAll()        // 위의 설정 이외의 모든 요청은 인증 요구하지 않음
               
            .and()
            .csrf().disable()    //csrf 기능을 사용하지 않을 때
            //.csrf().ignoringAntMatchers("/logout") //요청시 'POST' not supported 에러 방지
            //.ignoringAntMatchers("/sec/loginForm")
            //.ignoringAntMatchers("/doLogin")
 
            .formLogin().loginPage("/sec/loginForm")   // 지정된 위치에 로그인 폼이 준비되어야 함
               .loginProcessingUrl("/doLogin")            // 컨트롤러 메소드 불필요, 폼 action과 일치해야 함
               .failureUrl("/sec/login-error")      // 로그인 실패시 다시 로그인 폼으로
               //.failureForwardUrl("/login?error=Y")  //실패시 다른 곳으로 forward
               .defaultSuccessUrl("/sec/main", true)
               .usernameParameter("userid")  // 로그인 폼에서 이용자 ID 필드 이름, 디폴트는 username
               .passwordParameter("userpwd")  // 로그인 폼에서 이용자 암호 필트 이름, 디폴트는 password
               .permitAll()
               
               .and()   // 디폴트 로그아웃 URL = /logout
               .logout().logoutRequestMatcher(new AntPathRequestMatcher("/logout")) //로그아웃 요청시 URL
             .logoutSuccessUrl("/sec/loginForm?logout=T")
             .invalidateHttpSession(true) 
             .deleteCookies("JSESSIONID")
             .permitAll()
             
             .and()
             .exceptionHandling().accessDeniedPage("/sec/denied")
             .and().build();
    }
 
    @Autowired 
    public void configureGlobal(AuthenticationManagerBuilder authenticationMgr) throws Exception 
    {
        authenticationMgr.inMemoryAuthentication() /* 메모리 기반 인증(Authentication) */
        .withUser("employee").password("$2a$10$MZ2ANCUXIj5mrAVbytojruvzrPv9B3v9CXh8qI9qP13kU8E.mq7yO")
            .authorities("ROLE_USER")
        .and()
        .withUser("imadmin").password("$2a$10$FA8kEOhdRwE7OOxnsJXx0uYQGKaS8nsHzOXuqYCFggtwOSGRCwbcK")
            .authorities("ROLE_USER", "ROLE_ADMIN")
        .and()
        .withUser("guest").password("$2a$10$ABxeHaOiDbdnLaWLPZuAVuPzU3rpZ30fl3IKfNXybkOG2uZM4fCPq")
            .authorities("ROLE_GUEST");
    }
}

 

 

 

 

SecurityController.java

import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.ResponseBody;
 
@Controller
@RequestMapping("/sec")
public class SecurityController {
    @GetMapping("/")
 
    public String index() {
        return "thymeleaf/index";
    }
    @GetMapping("/loginForm")
 
    public String loginForm() {
        return "thymeleaf/loginForm";
    }
 
    @GetMapping("/main")
    public String goMain() {
        return "thymeleaf/main";
    }
 
    @GetMapping("/login-error")
    public String fail(Model model) {
        model.addAttribute("loginError",true);
        return "thymeleaf/loginForm";
    }
}

 

 

 

index.html

<!DOCTYPE html>
<html xmlns:th="http://www.thymeleaf.org"
     xmlns:sec="http://www.thymeleaf.org/extras/thymeleaf-extras-springsecurity5">
<head>
<meta charset="utf-8">
<title>INDEX</title>
</head>
<body>
<h2>Welcome</h2>
        <p>Spring Security Thymeleaf tutorial</p>
        <div sec:authorize="isAnonymous()">
           You should login in for using this.
           
        </div>
        <div sec:authorize="hasRole('USER')">
           Text visible to user.
        </div>
        <div sec:authorize="hasRole('ADMIN')">
           Text visible to admin.
        </div>
        <div sec:authorize="hasAnyRole('ADMIN','USER')">
           Text visible to admin or user.
        </div>
        <div sec:authorize="isAuthenticated()">
            <div>Authenticated username:
              <span sec:authentication="name"></span>
           </div>
           <div>Authenticated user roles:
              <span sec:authentication="principal.authorities"></span>
           </div>
        </div>
</body>
</html>

 

 

 

loginForm.html

<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>로그인해주세요</title>
<style>
    h1{width:fit-content; margin:0 auto;}
   label{display:inline-block;width:3em; text-align: right; 
      margin-right:1em; }
   input { width: 5em; }
   form {width:fit-content; padding:0.5em; margin:0 auto; 
      border:1px solid black;}
   button { margin: 5px; }
   div:last-child { text-align: center;} 
   .error {color: red; text-align: center;}
</style>
</head>
<body>
<h1>로그인</h1>
<p th:if= "${loginError}" class="error">Wrong userid or password</p>
<form action="/doLogin" method="post">
   <div><label>아이디</label> 
      <input id="uid" type="text" name="userid" value="">
   </div>
   <div><label>암 호</label> 
      <input id="pwd" type="password" name="userpwd" value="">
   </div>
   <div><button type="submit">로그인</button></div>
</form>
</body>
</html>

 

 

 

실행결과 :