Spring Security

Programming/Java 2014/10/03 08:03 Posted by 파란크리스마스

출처 : Spring Security login/logout 관련 글
Spring Security Logout Example
Spring Security 3 - 맛보기와 기본 설정의 이해


web.xml

	<context-param>
		<param-name>contextConfigLocation</param-name>
		<param-value>
			/WEB-INF/baroCOST-datasource.xml
			/WEB-INF/baroCOST-security.xml
		</param-value>
	</context-param>
	
	<listener>
		<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
	</listener>
	
	<filter>
		<filter-name>springSecurityFilterChain</filter-name>
		<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
	</filter>
	<filter-mapping>
		<filter-name>springSecurityFilterChain</filter-name>
		<url-pattern>/*</url-pattern>
	</filter-mapping>	

baroCOST-security.xml

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
	xmlns:security="http://www.springframework.org/schema/security"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://www.springframework.org/schema/beans
           http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
           http://www.springframework.org/schema/security
           http://www.springframework.org/schema/security/spring-security-3.2.xsd">

	<security:http auto-config="true">
		<security:intercept-url pattern="/favicon.ico" access="ROLE_ANONYMOUS" />
		<security:intercept-url pattern="/**" access="ROLE_USER" />
	</security:http>

	<security:authentication-manager>
		<security:authentication-provider>
			<security:user-service>
				<security:user name="guest" password="guest" authorities="ROLE_USER" />
			</security:user-service>
		</security:authentication-provider>
	</security:authentication-manager>
</beans>

Spring Security 에서 기본 제공해주는 로그인 페이지(spring_security_login)

<html><head><title>Login Page</title></head><body onload='document.f.j_username.focus();'>
<h3>Login with Username and Password</h3>
<form name='f' action='/baroCOST/j_spring_security_check' method='POST'>
 <table>
    <tr><td>User:</td><td><input type='text' name='j_username' value=''></td></tr>
    <tr><td>Password:</td><td><input type='password' name='j_password'/></td></tr>
    <tr><td colspan='2'><input name="submit" type="submit" value="Login"/></td></tr>
  </table>
</form></body></html>

DB 사용

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
	xmlns:security="http://www.springframework.org/schema/security"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://www.springframework.org/schema/beans
           http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
           http://www.springframework.org/schema/security
           http://www.springframework.org/schema/security/spring-security-3.2.xsd">

	<security:http auto-config="true">
		<security:intercept-url pattern="/favicon.ico" access="ROLE_ANONYMOUS" />
		<security:intercept-url pattern="/**" access="ROLE_USER" />
		<security:intercept-url pattern="/" access="ROLE_USER" />
	</security:http>

	<security:authentication-manager>
		<security:authentication-provider>
			<!-- 
            <security:user-service>
                <security:user name="guest" password="guest" authorities="ROLE_USER" />
            </security:user-service>
            -->		
			<security:jdbc-user-service data-source-ref="dataSource"
				users-by-username-query="select user_id username, password, 1 as enabled from user_info where user_id = ?"
				authorities-by-username-query="select user_id username, 'ROLE_USER' authority from user_info where user_id = ?"
			/>
		</security:authentication-provider>
	</security:authentication-manager>
</beans>

로그인 페이지 변경

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
	xmlns:security="http://www.springframework.org/schema/security"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://www.springframework.org/schema/beans
           http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
           http://www.springframework.org/schema/security
           http://www.springframework.org/schema/security/spring-security-3.2.xsd">
           
	<security:http pattern="/common/css/**" security="none" />
	<security:http pattern="/common/image/**" security="none" />
	<security:http pattern="/common/js/**" security="none" />           

	<security:http auto-config="true">
		<security:intercept-url pattern="/favicon.ico" access="ROLE_ANONYMOUS" />
		<security:intercept-url pattern="/login.cmx" access="ROLE_ANONYMOUS" />
		<security:intercept-url pattern="/**" access="ROLE_USER" />
		<security:intercept-url pattern="/" access="ROLE_USER" />
		
		<security:form-login login-page="/login.cmx" default-target-url="/index.html"
			authentication-failure-url="/loginfailed" />
		<security:logout logout-success-url="/logout" />		
	</security:http>

	<security:authentication-manager>
		<security:authentication-provider>
			<!-- 
            <security:user-service>
                <security:user name="guest" password="guest" authorities="ROLE_USER" />
            </security:user-service>
            -->		
			<security:jdbc-user-service data-source-ref="dataSource"
				users-by-username-query="select user_id username, password, 1 as enabled from user_info where user_id = ?"
				authorities-by-username-query="select user_id username, 'ROLE_USER' authority from user_info where user_id = ?"
			/>
		</security:authentication-provider>
	</security:authentication-manager>
</beans>




 

티스토리 툴바