web socket μ±ν - μ€ν¬λ‘€, μ΄λͺ¨ν°μ½
New > Spring Legacy Project > Spring MVC Project > "SecurityTest" > "com.test.spring" > Finish
μ΄λ €μ°λκΉ μ§μ€νμ!
νλ‘μ νΈ μ€μ
1. μΌκ΄ μ€μ
- pom.xml
- web.xml
- root-context.xml
Web-INF > lib > ojdbc6.jar
pom.xml
<!-- Security -->
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>5.0.7.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>5.0.7.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>5.0.7.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-taglibs</artifactId>
<version>5.0.7.RELEASE</version>
</dependency>
ν¨ν€μ§
servlet-context.xml
<context:component-scan base-package="com.test.controller" />
<context:component-scan base-package="com.test.persistence" />
<context:component-scan base-package="com.test.security" />
security-context.xml
- νμΌ μμ±
- /WEB-INF/spring/security-context.xml
- μ€νλ§ μν리ν°μ μ λ°μ μΈ μ€μ
"-5.0" μ κ±°νκΈ°
web.xml
<!-- μνλ¦¬ν° νν°(λ°λμ μΈμ½λ© νν° λ€μμ μμΉ) -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy
</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
μ€ν
8.1. web.xml > security-context.xml μμΉ μΆκ°
ν μ€ μΆκ°
8.2. security-context.xml > κΈ°λ³Έ ꡬ문 μμ±
9.1. νμΌ μμ±
- com.test.controller > "TestController.java"
- views > "index.jsp"
> "member" > "member.jsp"
> "admin" > "admin.jsp"
> "inc" > "header.jsp"
9.2. μ€ν
- μ μ μ€ν
10.1. pattern μμ±
- μ κ·Όν URI
10.2. access μμ±
- ννμ
- μ κ·Ό κΆν
10.3. μ€ν
- index.do
Β Β Β Β > μ κ·Ό μ±κ³΅
- member.do
Β Β Β Β > μ κ·Ό μ€ν¨
Β Β Β Β > http://localhost:8090/spring/login
Β Β Β Β > λΉνΈμΈ λ‘κ·ΈμΈ νμ΄μ§λ‘ μ΄λ(κΆν μμ΄μ..)
11. λ¨μ λ‘κ·ΈμΈ
- μ§μ ꡬν(X)
- λ΄μ₯ ꡬν(O)
11.1. μ£Όμμ (***)
- μΌλ° μμ€ν
(id) == μ€νλ§ μν리ν°
11.2. security-context.xml μμ
- κ³μ μΆκ°
11.3. λ‘κ·Έμμ
12.1. security-context.xml
12.2. μ€ν
- hong λ‘κ·ΈμΈ
- member.do > μ±κ³΅
- admin.do > μ€ν¨ > 403
403 νμ΄μ§ ꡬν
λ‘κ·ΈμΈ νμ΄μ§ ꡬν
14.1. security-context.xml
14.2. AuthController.xml
- "AuthController.java"
- views > "mylogin.jsp"
14.3. CSRF, Cross-site request forgery
- ν΄νΉ κΈ°λ²
- μμ² μ 보λ₯Ό λ€λ₯Έ μ¬μ΄νΈμμ 보λ΄μ μμ‘°νλ κΈ°λ²
- μ€νλ§ μνλ¦¬ν° > CSFR λ°©μ§
- λͺ¨λ POST μμ²μ ν λ > μμ‘°κ° λμ§ μμλ€λ μ¬μ€μ μ¦λͺ
ν΄μΌνλ€.
15. λ‘κ·ΈμΈ μ±κ³΅ μ΄ν μ²λ¦¬
- μ ν΄μ§ URIλ‘ μ΄λνκΈ°
- μΌλ° νμ > member.do μ΄λ
- κ΄λ¦¬μ > admin.do μ΄λ
15.1.
- com.test.security > "CustomLoginSuccessHandler.java"
15.2. security-context.xml
16. λ‘κ·Έμμ μ²λ¦¬
- λ‘κ·ΈμΈμ²λΌ νΉμ ν URIλ₯Ό μ§μ νκ³ , λ‘κ·Έμμ μ²λ¦¬ ν μ§μ λ‘μ§μ μ²λ¦¬νλ νΈλ€λ¬λ₯Ό λ±λ‘νλ€.
16.1 security-context.xml
16.2 AuthController
16.3 views > auth > "mylogout.jsp"
λ΄μΌ
κ³μ μ 보(μ€λΌν΄) + μνλ¦¬ν° μ°λ
aws μμ => μ μ©μΉ΄λ κ°μ Έμ€κΈ°