본문 바로가기
SPRING

시큐리티 간단 설정

by brilliant-growth 2023. 7. 5.

security.zip
0.15MB

깃 : brilliant-growth/spring_board_security_using_db2 at main · kdh11112/brilliant-growth (github.com)

 

web.xml

	<!-- 시큐리티 설정 -->
	<filter>
		<filter-name>springSecurityFilterChain</filter-name>
		<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
	</filter>
	
	<filter-mapping>
		<filter-name>springSecurityFilterChain</filter-name>
		<url-pattern>/*</url-pattern>
	</filter-mapping>

 

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xmlns:security="http://www.springframework.org/schema/security"
	xsi:schemaLocation="http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-5.8.xsd
		http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">

<security:http auto-config="true" use-expressions="true">
	<security:intercept-url pattern="/board/*" access="isAuthenticated()"/>
	<security:intercept-url pattern="/admin/*" access="hasRole('ROLE_ADMIN')"/>
	<security:intercept-url pattern="/member/*" access="hasRole('ROLE_USER')"/>
	<security:intercept-url pattern="/public/*" access="permitAll"/>
	
	<!-- 커스텀 로그인 페이지를 이용해서 로그인 -->
	<security:form-login login-page="/common/cLogin"/>
	
	<!-- CSRF 비활성화 -->
	<!-- <security:csrf disabled="true"/> -->
	
	<!-- 커스텀 로그 아웃 페이지를 이용해서 로그아웃 -->
	<security:logout delete-cookies="JSESSIONID" invalidate-session="true" logout-url="/common/cLogout" logout-success-url="/"/>
	
</security:http>

<bean id="passwordEncoder" class="kr.co.jhta.web.security.CustomPasswordEncoder"></bean>

<security:authentication-manager>
	<security:authentication-provider>
		<security:jdbc-user-service data-source-ref="dataSource" users-by-username-query="select id,pw,enabled from member1 where id = ?" 
									authorities-by-username-query="select id, authority from auth where id = ?"/> 
									<!-- db에 있는 데이터 들로 접속하는방법 member1에 enabled컬럼은 필수로 있어야 하고 auth에 있는 컬럼 authority도 필수로 있어야함-->
		<security:password-encoder ref="passwordEncoder"/>
<!-- 		<security:user-service>
			<security:user name="user" authorities="ROLE_USER" password="{noop}123"/> 임의로 값을 넣어준것 비밀번호 123이라고
			<security:user name="admin" authorities="ROLE_ADMIN,ROLE_USER" password="{noop}123"/>
		</security:user-service> -->
	</security:authentication-provider>
</security:authentication-manager>

</beans>

 

'SPRING' 카테고리의 다른 글

스프링에서 dispatcherservlet 설정하는 방법  (0) 2023.07.05
UTF-8 필터 xml 처리  (0) 2023.07.05
스프링 어노테이션을 사용하기 위한 xml설정  (0) 2023.07.05
DI의 종류  (0) 2023.07.05
aop적용방식  (0) 2023.07.05