[Spring Security] User Authentication Example - 1. configuration

Spring Security를 이용하여 사용자 인증을 하기 위해서 다음과 같은 설정이 필요하다.

1. Maven을 기준으로 pom.xml에 Spring security 관련 dependency 추가
2. Spring Security를 위한 별도 빈 설정 파일 생성 (security-context.xml)
3. web.xml에 새로 생성한 security-context.xml 등록
4. web.xmlSpring security Filter 등록

1. pom.xml

Sprint Security Dependency 추가

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19

<dependency>     <artifactId>spring-security-web</artifactId>     <version>4.0.1.RELEASE</version> </dependency> <dependency>     <groupId>org.springframework.security</groupId>     <artifactId>spring-security-config</artifactId>     <version>4.0.1.RELEASE</version> </dependency> <dependency>     <groupId>org.springframework.security</groupId>     <artifactId>spring-security-core</artifactId>     <version>4.0.1.RELEASE</version> </dependency> <dependency>     <groupId>org.springframework.security</groupId>     <artifactId>spring-security-taglibs</artifactId>     <version>4.0.1.RELEASE</version> </dependency> Colored by Color Scripter

cs

2. security-context.xml

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38

<?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:security="http://www.springframework.org/schema/security" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans           http://www.springframework.org/schema/beans/spring-beans-3.0.xsd           http://www.springframework.org/schema/security           http://www.springframework.org/schema/security/spring-security.xsd">     <security:http>         <security:intercept-url pattern="/login" access="isAnonymous()" />         <security:intercept-url pattern="/login_duplicate" access="isAnonymous()" />         <security:intercept-url pattern="/user/**" access="hasRole('ROLE_USER')" />         <security:form-login login-page="/login"                     username-parameter="email"                     password-parameter="password"                         login-processing-url="/loginProcess"                     default-target-url="/"                     authentication-failure-url="/"                     always-use-default-target="true"                     />         <security:logout logout-success-url="/" delete-cookies="JSESSIONID" invalidate-session="true" />         <security:session-management>             <security:concurrency-control max-sessions="1" expired-url="/login_duplicate"/>         </security:session-management>     </security:http>     <bean class="org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler" /> <!-- Custom Authentication Provider 등록 -->     <security:authentication-manager>         <security:authentication-provider ref="customAuthenticationProvider" />     </security:authentication-manager> <!-- Custom Authentication Provider 빈 정의 -->     <bean id="customAuthenticationProvider" class="com.mypt.security.CustomAuthenticationProvider">         <property name="userService" ref="userService"></property>     </bean> </beans> Colored by Color Scripter

cs

• <http> 태그에 대한 설명은 아래 사이트 참조http://docs.spring.io/spring-security/site/docs/3.0.x/reference/appendix-namespace.html

3. web.xml

- security-context.xml 등록

- Spring Security Filter 등록

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16

<!-- The definition of the Root Spring Container shared by all Servlets and Filters -->     <context-param>         <param-name>contextConfigLocation</param-name>         <param-value>/WEB-INF/spring/root-context.xml         /WEB-INF/spring/security/security-context.xml</param-value>     </context-param>          <!-- Spring Security Filter -->     <filter>         <filter-name>springSecurityFilterChain</filter-name>         <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>     </filter>     <filter-mapping>         <filter-name>springSecurityFilterChain</filter-name>         <url-pattern>/*</url-pattern>     </filter-mapping> Colored by Color Scripter

cs