Srping Security - 커스텀 UserDetailsService

Programming/Java 2017.11.22 13:26 Posted by 파란크리스마스

출처 : Spring Security part V : Security tags | DuyHai's Java Blog
Spring security authorize taglib with jstl variable if statement not working

UserDetails 구현

package com.iot.dao.domain;

import java.util.Collection;

import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;

public class UserInfo implements UserDetails {

	// pk
	private String user_id;

	private String passwd;
	private int level;
	
	private Collection<? extends GrantedAuthority> authorities;

	public void setUser_id(String user_id) {
		this.user_id = user_id;
	}

	public String getUser_id() {
		return this.user_id;
	}

	public void setPasswd(String passwd) {
		this.passwd = passwd;
	}

	public String getPasswd() {
		return this.passwd;
	}

	public int getLevel() {
		return level;
	}

	public void setLevel(int level) {
		this.level = level;
	}

	public void setAuthorities(Collection<? extends GrantedAuthority> authorities) {
		this.authorities = authorities;
	}

	@Override
	public Collection<? extends GrantedAuthority> getAuthorities() {
		return this.authorities;
	}

	@Override
	public String getPassword() {
		return this.passwd;
	}

	@Override
	public String getUsername() {
		return this.user_id;
	}

	@Override
	public boolean isAccountNonExpired() {
		return true;
	}

	@Override
	public boolean isAccountNonLocked() {
		return true;
	}

	@Override
	public boolean isCredentialsNonExpired() {
		return true;
	}

	@Override
	public boolean isEnabled() {
		return true;
	}
}

UserDetailsService 구현

package com.iot.dao.service;

import java.util.ArrayList;
import java.util.List;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Service;

import com.iot.dao.domain.UserInfo;

@Service
public class AuthDetailsService implements UserDetailsService {

	@Autowired
	private UserInfoService userService;

	@Override
	public UserInfo loadUserByUsername(String user_id) throws UsernameNotFoundException {
		UserInfo userInfo = userService.selectUserInfo(user_id);

		//
		if (userInfo == null || userInfo.getDelete_yn().equals("Y")) {
			throw new UsernameNotFoundException("User details not found with this username: " + user_id);
		}

		String role = userInfo.getAuthority();

		List<GrantedAuthority> authList = getAuthorities(role);

		//
		userInfo.setAuthorities(authList);

		return userInfo;
	}

	private List<GrantedAuthority> getAuthorities(String role) {
		List<GrantedAuthority> authList = new ArrayList<GrantedAuthority>();
		authList.add(new SimpleGrantedAuthority("ROLE_USER"));

		// 
		if (role != null && role.trim().length() > 0) {
			if (role.equals("A")) {
				authList.add(new SimpleGrantedAuthority("ROLE_ADMIN"));
			} else if (role.equals("S")) {
				authList.add(new SimpleGrantedAuthority("ROLE_MBER_MANAGER"));
			}
		}

		return authList;
	}
}

***-security.xml

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
	xmlns:security="http://www.springframework.org/schema/security"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://www.springframework.org/schema/beans
           http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
           http://www.springframework.org/schema/security
           http://www.springframework.org/schema/security/spring-security-3.2.xsd">

	<!-- 확장자를 이용해 패턴을 걸때는 /**/*.해당 확장자 로 할 것(Ant Pattern 규칙) -->
	<security:http pattern="/**/*.js" security="none" />
	<security:http pattern="/**/*.css" security="none" />
	<security:http pattern="/images/*" security="none" />
	<security:http pattern="/login.iot" security="none" />

	<bean id="userService" class="com.iot.dao.service.AuthDetailsService" />

	<security:http auto-config="true">
		<security:intercept-url pattern="/json.iot" access="ROLE_ANONYMOUS,ROLE_USER" />
		<security:intercept-url pattern="/**/*.iot" access="ROLE_USER" />
		<security:intercept-url pattern="/user_add_ajax.iot" access="ROLE_ANONYMOUS" />

		<security:intercept-url pattern="/loginfailed.iot" access="ROLE_ANONYMOUS" />
		<security:intercept-url pattern="/logout" access="ROLE_ANONYMOUS" />

		<security:form-login login-page="/login.iot" default-target-url="/iot/transinfo_list.iot" authentication-failure-url="/loginfailed.iot" />
		<security:logout logout-success-url="/login.iot" />
		<security:access-denied-handler error-page="/loginfailed.iot" />

		<security:logout logout-url="/logout" success-handler-ref="/login.iot" />
	</security:http>

	<security:authentication-manager>
		<security:authentication-provider user-service-ref="userService" />
		<security:authentication-provider>
			<security:jdbc-user-service
				data-source-ref="dataSource"
				users-by-username-query="select user_id username, passwd, 1 as enabled from user_info where user_id = ? and delete_yn = 'N'"
				authorities-by-username-query="select name username, 'ROLE_USER' authority from user_info where user_id = ? and delete_yn = 'N'" />
		</security:authentication-provider>
	</security:authentication-manager>

</beans>

JSP

<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<%@ taglib prefix="sec" uri="http://www.springframework.org/security/tags" %>

<sec:authentication property="principal.level" var="user_level"/>
${user_level}

<li class="dropdown">
	<a href="javascript:;" class="dropdown-toggle">사용자관리 <b class="caret"></b></a>
	<ul class="dropdown-menu">
		<c:if test="${user_level == 1}">
			<li class=""><a href="<c:url value="/car/user_list.car"/>">사용자관리</a></li>
		</c:if>
		<li><a href="<c:url value="/car/user_info.car"/>">내 정보</a></li>
		<li><a href="<c:url value="/logout"/>">로그아웃</a></li>
	</ul>
</li>