본문 바로가기
Java/Spring Boot

Spring Security Xml Config

by ddss6565 2023. 7. 16.

web.xml

<filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>

<filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

 

context-security.xml

<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
             xmlns:beans="http://www.springframework.org/schema/beans"
             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
             xsi:schemaLocation="http://www.springframework.org/schema/beans
                                 http://www.springframework.org/schema/beans/spring-beans.xsd
             					 http://www.springframework.org/schema/security
             					 http://www.springframework.org/schema/security/spring-security.xsd">

    <http pattern="/static/**" security="none" />

    <http auto-config="true" use-expressions="true">

        <intercept-url pattern="/admin/**" access="isAuthenticated()" />
        <intercept-url pattern="/login.do" access="permitAll" />
        <intercept-url pattern="/**" access="permitAll" />

        <form-login
            username-parameter="username"
            password-parameter="password"
            login-page="/login.do"
            login-processing-url="/login-process.do"
            default-target-url="/"
            authentication-failure-url="/login.do"
            authentication-success-handler-ref="loginSuccessHandler"
            authentication-failure-handler-ref="loginFailureHandler"
            always-use-default-target="true" />
        
        <logout
            logout-url="/logout.do"
            logout-success-url="/"
            invalidate-session="true" />

        <csrf disabled="true" />

        <session-management>
            <concurrency-control max-sessions="1" expired-url="/login.do"/>
        </session-management>

    </http>

    <authentication-manager>
        <authentication-provider ref="authenticationProvider" />
    </authentication-manager>

    <beans:bean id="authenticationProvider" class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
        <beans:property name="userDetailsService" ref="loginService"/>
        <beans:property name="passwordEncoder" ref="encoder"/>
    </beans:bean>

    <beans:bean id="loginService" class="com.gaon.visit.common.security.LoginService" />
    <beans:bean id="encoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder" />

    <beans:bean id="loginSuccessHandler" class="com.gaon.visit.common.security.LoginSuccessHandler" />
    <beans:bean id="loginFailureHandler" class="com.gaon.visit.common.security.LoginFailHandler" />

</beans:beans>

 

LoginService.java

public class LoginService implements UserDetailsService
{
    @Autowired
    private UserService userService;

    @Override
    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException
    {
        LoginUser loginUser = new LoginUser();
        loginUser.setUserId(username);
        try
        {
            loginUser = userService.selectUser(loginUser);
            if(loginUser == null)
            {
                throw new UsernameNotFoundException("로그인 정보가 존재하지 않습니다.");
            }
            loginUser.setUsername(username);
            loginUser.setAuthorities(Arrays.asList(new SimpleGrantedAuthority("ROLE_USER")));
        }
        catch (Exception e)
        {
            throw new UsernameNotFoundException("로그인 정보가 존재하지 않습니다.");
        }

        return loginUser;
    }
}

 

LoginUser.java

@Data
public class LoginUser implements UserDetails
{
    private static final long serialVersionUID = 1L;

    private String username;
    private String password;

    private String email;
    private String mobile;
    private String comtel;

    private LocalDateTime createdDate;
    private LocalDateTime modifiedDate;

    private List<GrantedAuthority> authorities;
    private boolean isEnabled = true;
    private boolean isAccountNonExpired = true;
    private boolean isAccountNonLocked = true;
    private boolean isCredentialsNonExpired = true;
}

 

LoginSuccessHandler.java

@Slf4j
public class LoginSuccessHandler implements AuthenticationSuccessHandler
{
    @Override
    public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException
    {
        log.info("onAuthenticationSuccess");
        response.sendRedirect("/home");
    }

}

LoginFailHandler.java

@Slf4j
public class LoginFailHandler implements AuthenticationFailureHandler
{
    @Override
    public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, AuthenticationException exception) throws IOException, ServletException
    {
        log.info("onAuthenticationFailure");
        response.sendRedirect("/login.do?fail=yes");
    }
}

 

@AuthenticationPrincipal 비어 있을 경우

context-common.xml

<mvc:annotation-driven>
    <mvc:argument-resolvers>
        <bean class="org.springframework.security.web.method.annotation.AuthenticationPrincipalArgumentResolver" />
    </mvc:argument-resolvers>
</mvc:annotation-driven>
반응형

'Java > Spring Boot' 카테고리의 다른 글

파일 다운로드(HttpServletResponse, ResponseEntity)  (0) 2023.07.16
Spring Security Java Config  (0) 2023.07.16
Spring Security 로그인 된 사용자 정보 가져오기  (0) 2023.07.16
Spring Security Java에서 로그인, 로그아웃  (0) 2023.07.16
Spring Boot MyBatis 설정법  (0) 2021.06.07

관련글

댓글

티스토리툴바