Spring

[Spring] Spring Security(์Šคํ”„๋ง ์‹œํ๋ฆฌํ‹ฐ) Form Login ์ธ์ฆ

DAHLIA CHOI 2023. 11. 1. 11:22

 

๐ŸŒฑ ์Šคํ”„๋ง ์‹œํ๋ฆฌํ‹ฐ๊ฐ€ ๊ธฐ๋ณธ์ ์œผ๋กœ ์ œ๊ณตํ•˜๋Š” ๋กœ๊ทธ์ธ ๋กœ์ง

form์„ ํ†ตํ•ด์„œ ์•„์ด๋””์™€ ๋น„๋ฐ€๋ฒˆํ˜ธ๋ฅผ ์ž…๋ ฅํ•˜๋ฉด ์„ธ์…˜ ๋ฐ ์ธ์ฆ ํ† ํฐ์„ ์ €์žฅํ•œ๋‹ค.

์ถ”ํ›„์—๋Š” ํ•ด๋‹น ์ธ์ฆ์„ ํ†ตํ•ด์„œ ์ž‘์—… ๊ฐ€๋Šฅํ•˜๋‹ค.

 

 

๋กœ๊ทธ์ธ API

์—ฌ๊ธฐ์„œ ๋ง๋ถ™์—ฌ์„œ ์„ค๋ช…ํ•˜๋ฉด

 

  • loginProcessingUrl : form ํƒœ๊ทธ์— ์žˆ๋Š” action url , ํƒ€์ž„๋ฆฌํ”„ ์“ฐ๋ฉด th:action
  • successHandler : ์„ฑ๊ณตํ–ˆ์„ ๋•Œ ๋‚ด๊ฐ€ ์ถ”๊ฐ€์ ์œผ๋กœ ์ œ์–ดํ•  ์ˆ˜ ์žˆ๋Š” ํ•ธ๋“ค๋Ÿฌ
  • failureHandler : ์‹คํŒจํ–ˆ์„ ๋•Œ ๋‚ด๊ฐ€ ์ถ”๊ฐ€์ ์œผ๋กœ ์ œ์–ดํ•  ์ˆ˜ ์žˆ๋Š” ํ•ธ๋“ค๋Ÿฌ 

๐Ÿ‘‰ successUrl์ด๋ž€ failureUrl์ด๋ž‘ ๋น„์Šทํ•˜๋‹ค๋Š” ์ƒ๊ฐ์„ ํ•  ์ˆ˜๋„ ์žˆ๊ฒ ์ง€๋งŒ ์•ž์— ๋‘ ๊ฐœ๋Š” url์„ค์ •๋ฐ–์— ํ•˜์ง€ ๋ชปํ•œ๋‹ค.

 

 

Controller

    @GetMapping("/loginPage")
    public String loginPage() {
        return "loginPage";
    }

 

SecurityConfig

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import java.io.IOException;

@Configuration
@EnableWebSecurity
public class SecurityConfig {

    @Bean
    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {

        http.authorizeHttpRequests()
                        .anyRequest().authenticated();

        http
                .formLogin()
                .loginPage("/loginpage")
                .defaultSuccessUrl("/")
                .failureUrl("/login")
                .usernameParameter("userId")
                .passwordParameter("passwd")
                .loginProcessingUrl("/login_proc")
                .successHandler(new AuthenticationSuccessHandler() {
                    @Override
                    public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException {

                            System.out.println("authentication" + authentication.getName());

                            response.sendRedirect("/");
                    }
                })
                .failureHandler(new AuthenticationFailureHandler() {
                    @Override
                    public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, AuthenticationException exception) throws IOException, ServletException {

                                System.out.println("exception" + exception.getMessage());

                                response.sendRedirect("/login");
                    }
                })
                .permitAll();

        return http.build();
    }


}

 

 

Login Form ์ธ์ฆ

 

  • UsernamePasswordAuthenticationFilter : ํ˜„์žฌ ์‚ฌ์šฉ์ž๊ฐ€ ์š”์ฒญํ•œ ์ •๋ณด๋ฅผ ํ™•์ธ
  • AntPathRequestMatcher : ์š”์ฒญ ์ •๋ณด๊ฐ€ ๋งค์นญ๋˜๋Š”์ง€ ํ™•์ธ (๋””ํดํŠธ ๊ฐ’์€ /login)
    • Authentication : ์š”์ฒญ ์ •๋ณด๊ฐ€ ๋งž๋‹ค๋ฉด ์‚ฌ์šฉ์ž์˜ ์•„์ด๋””, ํŒจ์Šค์›Œ๋“œ๋กœ ์ธ์ฆ ๊ฐ์ฒด ์ƒ์„ฑ
    • chain.doFilter : ์š”์ฒญ ์ •๋ณด๊ฐ€ ๋‹ค๋ฅด๋‹ค๋ฉด filter ์‹คํ–‰
  • AuthenticationManager : AuthenticationProvider๋ฅผ ํ†ตํ•ด์„œ ์ธ์ฆ ๊ฐ์ฒด ์œ„์ž„
    • AuthenticationProvider ํด๋ž˜์Šค๊ฐ€ ์ธ์ฆ์— ์‹คํŒจํ•˜๋ฉด AuthenticationException์˜ˆ์™ธ ๋ฐœ์ƒ -> ์ธ์ฆ ์‹คํŒจ
    • ์ธ์ฆ์— ์„ฑ๊ณตํ•œ๋‹ค๋ฉด Authentication ์บ์‹œ๋ฅผ ๋งŒ๋“ค์–ด์„œ ๊ฐ์ฒด์— ์ €์žฅํ•˜๊ณ  ๋‹ค์‹œ Authentication Manager์—๊ฒŒ ๋„˜๊น€
  • ์ดˆ๋ก์ƒ‰ Authentication : ๋„˜๊ฒจ๋ฐ›์€ ์ธ์ฆ ๊ฐ์ฒด๋ฅผ ๋ฐ›์Œ (์ตœ์ข…์ ์œผ๋กœ ์„ฑ๊ณตํ•œ ์œ ์ € ๊ฐ์ฒด์™€ ๊ถŒํ•œ ์ •๋ณด๋ฅผ ๊ฐ€์ง„ ๊ฐ์ฒด๋ฅผ ๋ฐ›์Œ)
  • SecurityContext : ํ•ด๋‹น ์ •๋ณด๋ฅผ ์ €์žฅ (์ธ์ฆ ๊ฐ์ฒด ์ €์žฅ์†Œ) -> session์—๋„ ์ €์žฅ์ด ๋จ
  • SuccessHandler : ์„ฑ๊ณต ํ•ธ๋“ค๋Ÿฌ ์ž‘๋™

 

 

 


ํ•ด๋‹น ๊ธ€์€ ์ธํ”„๋Ÿฐ์˜ ์Šคํ”„๋ง์‹œํ๋ฆฌํ‹ฐ-Spring Boot ๊ธฐ๋ฐ˜์œผ๋กœ ๊ฐœ๋ฐœํ•˜๋Š” Spring Security๋ฅผ ๋ณด๊ณ  ์ž‘์„ฑํ•œ ๊ธ€์ž…๋‹ˆ๋‹ค.