๐ŸŒฑ Spring MVC (10) Filter๋ฅผ ์ด์šฉํ•œ ์‚ฌ์šฉ์ž ๊ถŒํ•œ ๊ฒ€์ฆ ๋ฐ ๋ถ„๊ธฐ ์ฒ˜๋ฆฌ

Kim Dae Hyunยท2021๋…„ 7์›” 15์ผ
0
post-thumbnail

Github ์†Œ์Šค์ฝ”๋“œ

๐Ÿ”Ž Filter์˜ ๋™์ž‘ ์‹œ์ 


๐Ÿ”Ž Filter ๊ตฌํ˜„

Filter๋ฅผ ๊ตฌํ˜„ํ•˜๋Š” ํด๋ž˜์Šค ์ •์˜

javax.servlet์˜ Filter ์ธํ„ฐํŽ˜์ด์Šค๋ฅผ ๊ตฌํ˜„ํ•ด์•ผ ํ•ฉ๋‹ˆ๋‹ค.

๊ตฌํ˜„ ๋ฉ”์„œ๋“œ๋Š” init, doFilter, destroy 3๊ฐœ ์ด์ง€๋งŒ init๊ณผ destroy๋Š” defaultํ‚ค์›Œ๋“œ๊ฐ€ ๋ถ™์–ด์žˆ์œผ๋ฏ€๋กœ ํ•„์ˆ˜ ๊ตฌํ˜„์€ ์•„๋‹™๋‹ˆ๋‹ค.

์ง€๊ธˆ ์˜ˆ์ œ์—์„œ๋Š” ์‚ฌ์ „(init), ์‚ฌํ›„(destroy) ์ฒ˜๋ฆฌ๋ฅผ ํ•˜์ง€ ์•Š์„ ๊ฒƒ์ด๊ธฐ ๋•Œ๋ฌธ์— doFilter ๋ฉ”์„œ๋“œ๋งŒ ์˜ค๋ฒ„๋ผ์ด๋”ฉ ํ•ด์ค๋‹ˆ๋‹ค.

๊ฐ€์žฅ ๋จผ์ € ๋กœ๊ทธ์ธํ•˜์ง€ ์•Š์€ ์‚ฌ์šฉ์ž(๊ถŒํ•œ์ด ์—†๋Š” ์‚ฌ์šฉ์ž)๊ฐ€ ์ ‘๊ทผ ๊ฐ€๋Šฅํ•œ ํŽ˜์ด์ง€ ๋ฐ ์ •์  ๋ฆฌ์†Œ์Šค๋ฅผ ๋ช…์‹œํ•ด์ค๋‹ˆ๋‹ค.

  • ํ™ˆ, ํšŒ์›๊ฐ€์ž…, ๋กœ๊ทธ์ธ, css ๊ฒฝ๋กœ๋ฅผ ์ ‘๊ทผ ๊ฐ€๋Šฅํ•œ ๊ฒฝ๋กœ๋กœ ์„ค์ •ํ•˜์˜€์Šต๋‹ˆ๋‹ค.
private static final String[] unAuthList = {"/", "/members/add", "/login", "/css/*"};

์‚ฌ์šฉ์ž ๋กœ๊ทธ์ธ ์—ฌ๋ถ€ ๊ฒ€์ฆ์„ ์œ„ํ•œ doFilter ๋ฉ”์„œ๋“œ ๊ตฌํ˜„

HttpServletRequest์™€ HttpServletResponse๋ฅผ ์‚ฌ์šฉํ•˜๊ธฐ ์œ„ํ•ด ๋‹ค์šด์บ์ŠคํŒ… ํ•ด์ค๋‹ˆ๋‹ค.

๋กœ๊ทธ์ธ ์„ฑ๊ณต์‹œ ์ง์ „ ์š”์ฒญ url๋กœ redirect๋ฅผ ์œ„ํ•ด ํ˜„์žฌ ์š”์ฒญ์˜ URI๋ฅผ ํŒŒ์‹ฑํ•ฉ๋‹ˆ๋‹ค.

๋กœ๊ทธ์ธ ์ •๋ณด๋ฅผ ๋‹ด๊ณ ์žˆ๋Š” session์„ ์–ป์–ด์˜ต๋‹ˆ๋‹ค.
null์ผ์‹œ session์„ ์ƒˆ๋กœ ์ƒ์„ฑํ•˜์ง€ ์•Š๊ธฐ ์œ„ํ•ด getSession๋ฉ”์„œ๋“œ๋Š” false๋กœ ์„ค์ •ํ•ฉ๋‹ˆ๋‹ค.

PatternMatchUtils ์œ ํ‹ธ ํด๋ž˜์Šค์˜ simpleMatch ๋ฉ”์„œ๋“œ๋ฅผ ์ด์šฉํ•ด์„œ ๊ถŒํ•œ ์—†์ด ์ ‘๊ทผ ๊ฐ€๋Šฅํ•œ ๋ชฉ๋ก(unAuthList)์— ์š”์ฒญ๋œ URI๊ฐ€ ์žˆ๋Š”์ง€ ํ™•์ธํ•ฉ๋‹ˆ๋‹ค. ์ธ์ฆ์ด ํ•„์š”ํ•œ ์š”์ฒญ์ธ์ง€ ํ™•์ธ

์ ‘๊ทผ ๊ฐ€๋Šฅ ๋ชฉ๋ก์— ์—†๋‹ค๋ฉด ์ธ์ฆ์„ ์ˆ˜ํ–‰ํ•ฉ๋‹ˆ๋‹ค. (์š”์ฒญ๋œ ์„ธ์…˜์ฟ ํ‚ค๋ฅผ ํ™•์ธ)
๋งŒ์•ฝ ์ธ์ฆ์— ์‹คํŒจํ–ˆ๋‹ค๋ฉด HttpServletResponse์˜ sendRedirect ๋ฉ”์„œ๋“œ๋ฅผ ์ด์šฉํ•ด์„œ ๋กœ๊ทธ์ธ ํŽ˜์ด์ง€๋กœ redirect ์‹œ์ผœ์ค๋‹ˆ๋‹ค.

redirect ํ›„์— ๋ฐ˜๋“œ์‹œ return์„ ํ•ด์ค˜์•ผ ํ•ฉ๋‹ˆ๋‹ค. return์˜ ์˜๋ฏธ๋Š” ๋” ์ด์ƒ ๋‹ค์Œ ํ•„ํ„ฐ๋กœ๋“  ์„œ๋ธ”๋ฆฟ์œผ๋กœ๋“  ์ง„ํ–‰ํ•˜์ง€ ์•Š๊ฒ ๋‹ค๋Š” ๊ฒƒ ์ž…๋‹ˆ๋‹ค.
redirect๋กœ ์š”์ฒญ์„ ๋ณด๋‚ด๊ณ  ํ•„ํ„ฐ์˜ ์—ญํ• ์„ ๋๋‚ด๋Š” ๊ฒƒ์ด์ง€์š”.

๋งŒ์•ฝ ์ธ์ฆ์— ์„ฑ๊ณตํ•œ ์‚ฌ์šฉ์ž๋ผ๋ฉด chain.doFilter(request, response)๋ฅผ ์ด์šฉํ•ด ๋‹ค์Œ ํ•„ํ„ฐ ํ˜น์€ ์„œ๋ธ”๋ฆฟ์œผ๋กœ ์ญ‰ ์ง„ํ–‰ํ•ฉ๋‹ˆ๋‹ค.

@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {

    HttpServletRequest httpRequest = (HttpServletRequest) request;
    HttpServletResponse httpResponse = (HttpServletResponse) response;
    String requestURI = httpRequest.getRequestURI();
    HttpSession session = httpRequest.getSession(false);
    try {
        if (!PatternMatchUtils.simpleMatch(unAuthList, requestURI)) {  
            if (session == null || session.getAttribute("SESSION-KEY") == null) {
                httpResponse.sendRedirect("/login?redirectURL=" + requestURI);
                return;
            }
        }

        chain.doFilter(request, response);
    } catch (Exception e) {
        throw e;
    } finally {
        log.info("LoginValidFilter ์ข…๋ฃŒ");
    }
}

sendRedirect์‹œ reqeustURI๋ฅผ ํ•จ๊ป˜ ๋„˜๊ธฐ๋Š” ์ด์œ 

๋กœ๊ทธ์ธ์„ ํ•„์š”๋กœ ํ•˜๋Š” ์›น ์‚ฌ์ดํŠธ๋ฅผ ๋Œ์•„๋‹ค๋‹ˆ๋‹ค ๋ณด๋ฉด ํ”ํžˆ ๊ฒฝํ—˜ํ•˜๋Š” ํ˜„์ƒ์ž…๋‹ˆ๋‹ค.

์–ด๋–ค ์›น ์‚ฌ์ดํŠธ์— ๋“ค์–ด๊ฐ€ ์—ฌ๋Ÿฌ ํŽ˜์ด์ง€๋ฅผ ๋Œ์•„ ๋‹ค๋‹ˆ๋ฉฐ ์–ด๋–ค ์ž‘์—…์„ ํ•˜๋Š” ์ค‘์ธ๋ฐ ์ค‘๊ฐ„์— ๋กœ๊ทธ์ธ์ด ํ•„์š”ํ•œ ํŽ˜์ด์ง€๋ฅผ ๋ˆ„๋ฅด๊ฒŒ ๋˜์–ด ๋กœ๊ทธ์ธ ํŽ˜์ด์ง€๋กœ redirect ๋˜์—ˆ๋‹ค๊ณ  ๊ฐ€์ •ํ•ด๋ณผ๊ป˜์š”.

๊ท€์ฐฎ๊ฒŒ ์ผ๋‹จ ๋กœ๊ทธ์ธ์„ ํ–ˆ๋Š”๋ฐ ํ•ด๋‹น ์›น ์‚ฌ์ดํŠธ์˜ ํ™ˆ ํŽ˜์ด์ง€๋กœ ์ด๋™๋˜๋ฉด ์‚ฌ์šฉ์ž๋Š” ๋‹ค์‹œ ์ด์ „์˜ ๋กœ๊ทธ์ธ์ด ํ•„์š”ํ•œ ํŽ˜์ด์ง€๋กœ ์ด๋™์„ ํ•ด์•ผ ํ•ฉ๋‹ˆ๋‹ค.

์ด๋Ÿฐ ์ƒํ™ฉ์„ ๋ฐฉ์ง€ํ•˜๊ธฐ ์œ„ํ•ด ํ•„ํ„ฐ์— ๊ฑธ๋ฆฌ๊ธฐ ์ „ ์ฆ‰ ๋กœ๊ทธ์ธ ํŽ˜์ด์ง€๋กœ ์ด๋™๋˜๊ธฐ ์ง์ „์˜ ์š”์ฒญ์œผ๋กœ ์ด๋™์‹œ์ผœ์ค˜์•ผ ํ•ฉ๋‹ˆ๋‹ค.

์ธ์ฆ์— ์‹คํŒจํ•ด์„œ ํ•„ํ„ฐ์— ์˜ํ•ด ๋กœ๊ทธ์ธ ํŽ˜์ด์ง€๋กœ ์ด๋™์‹œ URL์€ /login?redirectURL=/์ง์ „์š”์ฒญURI์ž…๋‹ˆ๋‹ค.
์ด๋ ‡๊ฒŒ ์ฟผ๋ฆฌ ํŒŒ๋ผ๋ฏธํ„ฐ๋กœ ์ „๋‹ฌ๋˜๋Š” redirectURI๋ฅผ ์ฒ˜๋ฆฌํ•˜๊ธฐ ์œ„ํ•ด POST /login์ปจํŠธ๋กค๋Ÿฌ๋ฅผ ์ˆ˜์ •ํ•ด์ค๋‹ˆ๋‹ค.

ํ•ด๋‹น ์ปจํŠธ๋กค๋Ÿฌ์— ์•„๋ž˜ ํŒŒ๋ผ๋ฏธํ„ฐ๋ฅผ ์ถ”๊ฐ€ํ•ด์ค๋‹ˆ๋‹ค.

@RequestParam(defaultValue = "/")String redirectURL

๊ทธ๋ฆฌ๊ณ  ๋ฆฌํ„ด์‹œ redirect url์€ ์•„๋ž˜์™€ ๊ฐ™์ด ๊ตฌ์„ฑํ•ด์ค๋‹ˆ๋‹ค.
์ด๋ ‡๊ฒŒ ํ•ด์ฃผ๋ฉด redirectURL๋กœ items(์ƒํ’๋ชฉ๋ก์กฐํšŒ)๊ฐ€ ํ•จ๊ป˜ ์ „๋‹ฌ๋œ๋‹ค๋ฉด redirect:/items๊ฐ€ ๋  ๊ฒƒ์ด๊ณ  redirectURL์ด ์—†๋‹ค๋ฉด redirect:/๋กœ ํ‰๋ฒ”ํ•œ ๋กœ๊ทธ์ธ ์š”์ฒญ ์„ฑ๊ณต์œผ๋กœ ํ™ˆ ํŽ˜์ด์ง€๋กœ ์ด๋™ํ•ฉ๋‹ˆ๋‹ค.

return "redirect:" + redirectURL;

๐Ÿ”Ž Filter ๋“ฑ๋ก

์„ค์ •์„ ์œ„ํ•œ ํด๋ž˜์Šค๋ฅผ ํ•˜๋‚˜ ์ •์˜ํ•ฉ๋‹ˆ๋‹ค. (WebConfig.class)

ํ•„ํ„ฐ๋ฅผ Bean์œผ๋กœ ๊ด€๋ฆฌํ•˜๊ธฐ ์œ„ํ•ด ์„ค์ • ํด๋ž˜์Šค๊ฐ€ ์ปดํฌ๋„ŒํŠธ ์Šค์บ”์˜ ๋Œ€์ƒ์ด ๋˜๋„๋ก @Configuration๋ฅผ ๊ผญ ๋ถ™์—ฌ์ค˜์•ผ ํ•ฉ๋‹ˆ๋‹ค.

๋นˆ ๋“ฑ๋ก

ํ•„ํ„ฐ์˜ ์šฐ์„ ์ˆœ์œ„, ํ•„ํ„ฐ๋ฅผ ์ ์šฉํ•˜๊ณ ์ž ํ•˜๋Š” ์š”์ฒญ URL ๋“ฑ์„ ์„ค์ •ํ•ฉ๋‹ˆ๋‹ค.
/* ๋Š” ๋ชจ๋“  ์š”์ฒญ URL์„ ์˜๋ฏธํ•ฉ๋‹ˆ๋‹ค.

@Bean
public FilterRegistrationBean loginCheckFilter() {
    FilterRegistrationBean<Filter> filterRegistrationBean = new FilterRegistrationBean<>();
    filterRegistrationBean.setFilter(new LoginCheckFilter());
    filterRegistrationBean.setOrder(1);
    filterRegistrationBean.addUrlPatterns("/*");
    return filterRegistrationBean;
}

์ธํ”„๋Ÿฐ ๊น€์˜ํ•œ๋‹˜์˜ ์Šคํ”„๋ง MVC 2ํŽธ ์„ ์ˆ˜๊ฐ•ํ•˜๊ณ  ์ •๋ฆฌํ•œ ๋‚ด์šฉ์ž…๋‹ˆ๋‹ค.

profile
์ข€ ๋” ์ฒœ์ฒœํžˆ ๊นŒ๋จน๊ธฐ ์œ„ํ•ด ๊ธฐ๋กํ•ฉ๋‹ˆ๋‹ค. ๐Ÿง

0๊ฐœ์˜ ๋Œ“๊ธ€