spring security 사용자에 권한 추가하기

Mysql 쿼리

create table tbl_member(
userId varchar(50) primary key,
userPwd varchar(200) not null,
userName varchar(100) not null,
regDate datetime default now(),
updateDate datetime default now(),
enabled char(1) default '1');

create table tbl_member_auth(
userId varchar(50) not null,
auth varchar(50) not null,
constraint fk_member_auth foreign key(userId) references tbl_member(userId));

테이블 생성한다

그 후 security.xml에다가

	<!-- bcrypt : 패스워드를 저장하는 용도로 설계된 해시 함수
   		특정 문자열을 암호화하고, 체크하는 쪽에서는 암호화된 패스워드가 가능한 패스워드인지만 확인 -->
   	<security:jdbc-user-service data-source-ref="dataSource"/>
   	<security:password-encoder ref="bcryptPasswordEncoder"/>

추가한다

security.xml 전체코드

전체코드 공유

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
   xmlns:security="http://www.springframework.org/schema/security"
   xsi:schemaLocation="http://www.springframework.org/schema/security https://www.springframework.org/schema/security/spring-security-5.2.xsd
      http://www.springframework.org/schema/beans https://www.springframework.org/schema/beans/spring-beans.xsd">


   <security:http auto-config="true" use-expressions="true">
   <security:intercept-url pattern="/sample/all" access="permitAll" />
   <security:intercept-url pattern="/sample/member" access="hasRole('ROLE_MEMBER')" />
   <security:intercept-url pattern="/sample/admin" access="hasRole('ROLE_ADMIN')" />
      <security:form-login login-page="/customLogin" authentication-success-handler-ref="customLoginSuccess"/>
      <!-- 내가 만든 로그인 페이지(/customLogin) 를 쓰겠다고 하는거 -->
      <security:logout logout-url="/customLogout" invalidate-session="true"/>
   <security:access-denied-handler ref="customAccessDenied"/>
   </security:http>
   <security:authentication-manager>
   <security:authentication-provider>
   	<security:user-service>
   		<security:user name="member" password="{noop}member" authorities="ROLE_MEMBER"/>
   		<security:user name="admin" password="{noop}admin" authorities="ROLE_MEMBER, ROLE_ADMIN"/>
   	</security:user-service>
   	<!-- bcrypt : 패스워드를 저장하는 용도로 설계된 해시 함수
   		특정 문자열을 암호화하고, 체크하는 쪽에서는 암호화된 패스워드가 가능한 패스워드인지만 확인 -->
   	<security:jdbc-user-service data-source-ref="dataSource"/>
   	<security:password-encoder ref="bcryptPasswordEncoder"/>
   </security:authentication-provider>
   </security:authentication-manager>
		
<bean id="customAccessDenied" class="org.conan.security.CustomAccessDeniedHandler"></bean>
<bean id="customLoginSuccess" class="org.conan.security.CustomLoginSuccessHandler"></bean>
<bean id="bcryptPasswordEncoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder"/>
</beans>

그다음

MemberTest.java

여기에 MemberTest.java생성

그다음
test해준다

package org.conan.test;

import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.SQLException;

import javax.sql.DataSource;

import org.junit.Test;
import org.junit.runner.RunWith;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.test.context.ContextConfiguration;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;

import lombok.Setter;
import lombok.extern.log4j.Log4j;

@RunWith(SpringJUnit4ClassRunner.class)
@ContextConfiguration({"file:src/main/webapp/WEB-INF/spring/root-context.xml",
	"file:src/main/webapp/WEB-INF/spring/security-context.xml"
})
@Log4j
public class MemberTest {
	@Setter(onMethod_= {@Autowired})
	private PasswordEncoder pwencoder;
	@Setter(onMethod_= {@Autowired})
	private DataSource ds;
	
	@Test
	public void testInsertMember() {
		String sql = "insert into tbl_member(userid, userpwd, username) values (?,?,?)";
		Connection conn = null;
		PreparedStatement pstmt = null;
		for(int i=0; i<30; i++) {
			try {
				conn=ds.getConnection();
				pstmt= conn.prepareStatement(sql);
				pstmt.setString(2, pwencoder.encode("pw"+i));
				if(i<10) {
					pstmt.setString(1, "user"+i);
					pstmt.setString(3, "일반 사용자"+i);
				}else if(i<20) {
					pstmt.setString(1, "member"+i);
					pstmt.setString(3, "운영자"+i);
				}else {
					pstmt.setString(1, "admin"+i);
					pstmt.setString(3,"관리자"+i);
				}
				pstmt.executeUpdate();
			}catch(SQLException e) {}
			finally {
				if(pstmt!=null) {
					try {
						pstmt.close();
					}catch(SQLException e) {}
					if(conn!=null) {
						try {
							conn.close();
						}catch(SQLException e) {}
					}
				}
			}
		}
	}
	
	//생성된 사용자에 권한 추가하기
	// user**에게 ROLE_USER권한
	//member**에게 ROLE_MEMBER권한
	//admin**에게 ROLE_ADMIN권한
	@Test
	public void testInsertAuth() {
		String sql = "insert into tbl_member_auth(userid,auth) values(?,?)";
		Connection conn = null;
		PreparedStatement pstmt = null;
		for(int i=0; i<30; i++) {
			try {
				conn = ds.getConnection();
				pstmt = conn.prepareStatement(sql);
				if(i<10) {
					pstmt.setString(1, "user"+i);
					pstmt.setString(2, "ROLE_USER");
				}else if(i<20) {
					pstmt.setString(1, "member"+i);
					pstmt.setString(2, "ROLE_MEMBER");
				}else {
					pstmt.setString(1, "admin"+i);
					pstmt.setString(2, "ROLE_ADMIN");	
				}
				pstmt.executeUpdate();
			}catch(SQLException e) {}
			finally {
				if(pstmt!=null) {
					try {
						pstmt.close();
					}catch(SQLException e) {}
					if(conn!=null) {
						try {
							conn.close();
						}catch(SQLException e) {}
					}
				}
			}
		} //for문 end
	}
	
}

일일히 junit으로 테스트해서
db에 insert 시켜줌


잘 들어간 모습이다.