java/Spring
Spring Security 설정
킨글
2022. 8. 5. 17:14
Maven pom.xml에 스프링 시큐리티 추가
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
</dependencies>
스프링 시큐리티 모든 페이지를 설정해주는 경우
package com.myapp.lms;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@EnableWebSecurity
@Configuration
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/", "/**") // 모두 허용하겠다.
.permitAll();
super.configure(http);
}
}
특정 URL만 허용하는 경우
package com.myapp.lms;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@EnableWebSecurity
@Configuration
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers(
"/",
"/member/register",
"/member/email-auth"
)
.permitAll();
super.configure(http);
}
}
ADMIN 처리 하는 방법
SecurityConfiguration 파일 내 아래 코드 추가
@Override
protected void configure(HttpSecurity http) throws Exception {
// ADMIN 페이지 설정. /admin/이 붙은 도메인은 모두 ADMIN 처리
http.authorizeRequests()
.antMatchers("/admin/**")
.hasAuthority("ROLE_ADMIN");
// 에러 페이지 핸들링
http.exceptionHandling()
.accessDeniedPage("/error/denied");
super.configure(http);
}
MemberServiceImpl.java의 loadUserByUsername에서 grantedAuthorities.add 추가
package com.myapp.lms.configuration;
import org.springframework.security.authentication.InternalAuthenticationServiceException;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
public class UserAuthenticationFailureHandler extends SimpleUrlAuthenticationFailureHandler {
@Override
public void onAuthenticationFailure(
HttpServletRequest request,
HttpServletResponse response,
AuthenticationException exception) throws IOException, ServletException {
String msg = "로그인에 실패했습니다.";
if(exception instanceof InternalAuthenticationServiceException){
msg = exception.getMessage();
}else{
msg = exception.getMessage();
if(exception.equals("자격 증명에 실패하였습니다.")){
msg = "아이디나 비밀번호가 틀립니다.";
}
}
setUseForward(true);
setDefaultFailureUrl("/member/login?error=true");
request.setAttribute("errorMessage", msg);
System.out.println(msg);
super.onAuthenticationFailure(request, response, exception);
}
}