SecurityConfig.java 안의 configure 함수
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable();
http.authorizeRequests().antMatchers("/user/**").hasAnyRole("USER").antMatchers("/admin/**").hasAnyRole("ADMIN")
.antMatchers("/**").permitAll();
http.formLogin();
}
auth.userDetailsService(customUserDetailsService).passwordEncoder(new BCryptPasswordEncoder());
에 따라서@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
log.warn("Load User By UserVO number: " + username);
UserVO vo = userMapper.getUser(username);
log.warn("queried by UserVO mapper: " + vo);
return vo == null ? null : new UserDetailsVO(vo);
}
UserMapper.java (admin 관련 코드 추가)
@Insert("insert into AUTHORITIES (username,AUTHORITY) values(#{username},'ROLE_ADMIN')")
public void insertAdminAuthorities(UserVO UserVO);
UserMapperTest.java (admin 관련 코드 추가)
@Test
void testInsertAdminUser() {
UserVO user = new UserVO();
user.setUsername("admin2");
user.setPassword(new BCryptPasswordEncoder().encode("admin2"));
user.setEnabled(1);
userMapper.insertUser(user);
userMapper.insertAdminAuthorities(user);
}
adminHome.jsp
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%>
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
<%@ taglib prefix="form" uri="http://www.springframework.org/tags/form" %>
<%@ taglib prefix="sec" uri="http://www.springframework.org/security/tags" %>
<!DOCTYPE html>
<html lang="ko">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>관리자 홈</title>
</head>
<body>
<h1>관리자 페이지 입니다.</h1>
<h3>[<a href="<c:url value="/" />">홈</a>]</h3>
</body>
</html>
userHome.jsp
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<%@ taglib prefix="form" uri="http://www.springframework.org/tags/form"%>
<%@ taglib prefix="sec"
uri="http://www.springframework.org/security/tags"%>
<!DOCTYPE html>
<html lang="ko">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>유저 페이지</title>
</head>
<body>
<h1>유저 페이지 입니다.</h1>
<p>
principal:
<sec:authentication property="principal" />
</p>
<%-- <p>EmpVO: <sec:authentication property="principal.emp"/></p>
<p>사용자이름: <sec:authentication property="principal.emp.ename"/></p>
<p>사용자월급: <sec:authentication property="principal.emp.sal"/></p>
<p>사용자입사일자: <sec:authentication property="principal.emp.hiredate"/></p> --%>
<p>
<a href="<c:url value="/" />">홈</a>
</p>
</body>
</html>
home.jsp
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<%@ taglib prefix="form" uri="http://www.springframework.org/tags/form"%>
<%@ taglib prefix="sec"
uri="http://www.springframework.org/security/tags"%>
<!DOCTYPE html>
<html lang="ko">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>메인페이지</title>
</head>
<body>
<h1>메인페이지</h1>
<sec:authorize access="isAnonymous()">
<p>
<a href="<c:url value="/login/loginForm" />">로그인</a>
</p>
</sec:authorize>
<sec:authorize access="isAuthenticated()">
<form:form action="${pageContext.request.contextPath}/logout"
method="POST">
<input type="submit" value="로그아웃" />
</form:form>
<p>
<a href="<c:url value="/loginInfo" />">로그인 정보 확인 방법3 가지</a>
</p>
</sec:authorize>
<h3>
[<a href="<c:url value="/add/addForm" />">회원가입</a>] [<a
href="<c:url value="/user/userHome" />">유저 홈</a>] [<a
href="<c:url value="/admin/adminHome" />">관리자 홈</a>]
</h3>
</body>
</html>
LoginController.java
package edu.global.ex.controller;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.GetMapping;
import lombok.extern.slf4j.Slf4j;
@Slf4j
@Controller
public class LoginController {
@GetMapping("/login")
public String login() {
log.info("login() ..");
return "login/login";
}
}
login.jsp
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<%@ taglib prefix="form" uri="http://www.springframework.org/tags/form"%>
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>로그인 페이지</title>
</head>
<body onload="document.f.id.focus();">
<h3>아이디와 비밀번호를 입력해주세요.</h3>
<c:url value="/login" var="loginUrl" />
<p>${loginUrl}</p>
<form:form name="f" action="${loginUrl}" method="POST">
<c:if test="${param.error != null}">
<p>아이디와 비밀번호가 잘못되었습니다.</p>
</c:if>
<c:if test="${param.logout != null}">
<p>로그아웃 하였습니다.</p>
</c:if>
<p>
<label for="username">아이디</label> <input type="text" id="id"
name="username" />
</p>
<p>
<label for="password">비밀번호</label> <input type="password"
id="password" name="password" />
</p>
<%-- <input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}" /> --%>
<button type="submit" class="btn">로그인</button>
</form:form>
</body>
</html>
http.formLogin();
: 기본 로그인 폼 사용, 주석처리해도 기본적으로 나온다.http.formLogin().loginPage("/login").permitAll();
: login을 치고 왔을 때 로그인 화면을 들어가게 하고, 그 화면을 모두가 볼 수 있게 한다.login.jsp
<p>
<label for="username">아이디</label> <input type="text" id="id"
name="id" />
</p>
<p>
<label for="password">비밀번호</label> <input type="password"
id="password" name="pw" />
SecurityConfig.java
http.formLogin().loginPage("/login")
.usernameParameter("id").passwordParameter("pw")
.permitAll();