보안처리하는법
1.컨트롤러 단 마다 보안처리(권장되지않음)
2. aop만들어서하기
3. 스프링 시큐리티!
자 이제 다시 sts랑 스프링으로 돌아가자,,, 인텔리제이랑 부트에 너무 익숙해져서 다 까먹은 것 같다
spring legecy project 만들어서 templates => spring mvc project
로그에 쿼리찍는거, 이거
1. pom.xml
<!-- <org.springframework-version>3.1.1.RELEASE</org.springframework-version> -->
<org.springframework-version>4.2.5.RELEASE</org.springframework-version>
버전 변경
<!-- JDBC Template -->
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-jdbc</artifactId>
<version>4.1.4.RELEASE</version>
</dependency>
<dependency>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
<version>1.18.24</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.mybatis</groupId>
<artifactId>mybatis</artifactId>
<version>3.2.8</version>
</dependency>
<dependency>
<groupId>org.mybatis</groupId>
<artifactId>mybatis-spring</artifactId>
<version>1.2.2</version>
</dependency>
<!-- https://mvnrepository.com/artifact/org.bgee.log4jdbc-log4j2/log4jdbc-log4j2-jdbc4 -->
로그에 쿼리찍는 log4j 설정
<dependency>
<groupId>org.bgee.log4jdbc-log4j2</groupId>
<artifactId>log4jdbc-log4j2-jdbc4</artifactId>
<version>1.16</version>
</dependency>
<!-- 시큐리티 -->
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>3.2.5.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>3.2.5.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>3.2.5.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-taglibs</artifactId>
<version>3.2.4.RELEASE</version>
</dependency>
</dependencies>
2. log4jdbc 파일추가(log4j 있는곳에 복붙)
log4jdbc.log4j2.properties
0.00MB
3. servlet-context
<beans:bean name="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource">
<beans:property name="driverClassName" value="net.sf.log4jdbc.sql.jdbcapi.DriverSpy"></beans:property>
<beans:property name="url" value="jdbc:log4jdbc:oracle:thin:@localhost:1521:xe"></beans:property>
<beans:property name="username" value="scott"></beans:property>
<beans:property name="password" value="tiger"></beans:property>
</beans:bean>
4. log4j 추가
<!-- SQL 로그 출력을 위한 설정 추가 시작 -->
<logger name="jdbc.sqlonly" additivity="false">
<level value="info"/>
<appender-ref ref="console"/>
</logger>
<logger name="jdbc.sqltiming" additivity="false">
<level value="warn" />
<appender-ref ref="console"/>
</logger>
<logger name="jdbc.audit" additivity="false">
<level value="warn"/>
<appender-ref ref="console"/>
</logger>
<logger name="jdbc.resultset" additivity="false">
<level value="warn" />
<appender-ref ref="console"/>
</logger>
<logger name="jdbc.resultsettable" additivity="false">
<level value="info"/>
<appender-ref ref="console"/>
</logger>
<!-- SQL 로그 출력을 위한 설정 추가 끝 -->
web.xml
<!-- The definition of the Root Spring Container shared by all Servlets and Filters -->
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/spring/root-context.xml
<!-- security 추가 -->
/WEB-INF/spring/appServlet/security-context.xml
</param-value>
</context-param>
<!-- 보안 설정 추가 시작 -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- 보안 설정 추가 종료 -->ctrl shift r 파일 찾기
ctrl h 단어찾기
자 이제 security context 에 계속 추가한다
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">
<!-- 보안 자동설정함 -->
<security:http auto-config="true">
<!-- security:intercept-url : url 해당 패턴을 가로채기(정해진 화면으로 이동) -->
<!-- /login.html* : ex> login.html, login.html1, login.htmlaaa -->
<!-- access="ROLE_USER => ROLE_USER 권한에 해당하는 계정만 접속 -->
<security:intercept-url pattern="/login.html*" access="ROLE_USER"/>
</security:http>
<!-- <security:authentication-manager> : 보안 인증 관리 -->
<security:authentication-manager>
<!-- 보안 인증 제공 -->
<security:authentication-provider>
<!-- 보안 사용자 서비스 -->
<security:user-service>
<!-- 보안 계정 설정 -->
<security:user name="user" password="123" authorities="ROLE_USER"/>
</security:user-service>
</security:authentication-provider>
</security:authentication-manager>
</beans>이제 homeController로.
ctrl shift r 로 home검색해서 바로 가자!
// security: intercept-url pattern ="/login.html" 대상이 됨
@RequestMapping("login.html")
public String login() {
return "security/login";
}만들어
alt shift x 로 런온 서버 바로가자
login.html 입력하면?
프로젝트 복제
security-context.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">
<!-- 보안 자동설정함 -->
<security:http auto-config="true">
<!-- security:intercept-url : url 해당 패턴을 가로채기(정해진 화면으로 이동) -->
<!-- /login.html* : ex> login.html, login.html1, login.htmlaaa -->
<!-- access="ROLE_USER => ROLE_USER 권한에 해당하는 계정만 접속 -->
<security:intercept-url pattern="/login.html*" access="ROLE_USER"/>
<security:intercept-url pattern="/welcome.html*" access="ROLE_ADMIN"/>
</security:http>
<!-- <security:authentication-manager> : 보안 인증 관리 -->
<security:authentication-manager>
<!-- 보안 인증 제공 -->
<security:authentication-provider>
<!-- 보안 사용자 서비스 -->
<security:user-service>
<!-- 보안 계정 설정 -->
<security:user name="user" password="123" authorities="ROLE_USER"/>
<security:user name="admin" password="123" authorities="ROLE_ADMIN,ROLE_USER"/>
</security:user-service>
</security:authentication-provider>
</security:authentication-manager>
</beans>
homecontroller로 고고
// security: intercept-url pattern ="/login.html" 대상이 됨
@RequestMapping("login.html")
public String login() {
return "security/login";
}
// @RequestMapping("/welcome.html"): 로긴되면 @RequestMapping(value = "/" 로 이동
@RequestMapping("welcome.html")
public String welcome() {
return "security/welcome";
}welcome.html입력
1.welcome인데 user입력하면? => 403에러
2. welcome에 admin입력하면?=> welcome.jsp
3.login.html을 admin으로 들어가본다면?(당연히되겟지만) =>login.jsp
이제 또 복사해서 security3번 만들자,
security-context.html
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">
<!-- 보안 자동설정함 -->
<security:http auto-config="true">
<!-- security:intercept-url : url 해당 패턴을 가로채기(정해진 화면으로 이동) -->
<!-- /login.html* : ex> login.html, login.html1, login.htmlaaa -->
<!-- access="ROLE_USER => ROLE_USER 권한에 해당하는 계정만 접속 -->
<!-- security:form-login : 별도의 로긴화면 추가 -->
<!-- security:form-login : security:intercept-url 의 패턴으로 접속시 화면 전환 -->
<security:form-login login-page="/loginForm.html"/>
<security:intercept-url pattern="/login.html*" access="ROLE_USER"/>
<security:intercept-url pattern="/welcome.html*" access="ROLE_ADMIN"/>
</security:http>
<!-- <security:authentication-manager> : 보안 인증 관리 -->
<security:authentication-manager>
<!-- 보안 인증 제공 -->
<security:authentication-provider>
<!-- 보안 사용자 서비스 -->
<security:user-service>
<!-- 보안 계정 설정 -->
<security:user name="user" password="123" authorities="ROLE_USER"/>
<security:user name="admin" password="123" authorities="ROLE_ADMIN,ROLE_USER"/>
</security:user-service>
</security:authentication-provider>
</security:authentication-manager>
</beans>loginForm.html
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>Insert title here</title>
</head>
<body>
<h1>loginForm</h1>
<form action="post" action="j_spring_security_check">
security id:<input type="text" name="j_username"><br>
security pw:<input type="text" name="j_password"><br>
<input type="submit" name="S login">
</form>
</body>
</html>login.html들어가보자
인터셉터해서 loginForm이 뜬다.
'백 > spring' 카테고리의 다른 글
| 스프링 기본파싱전략과 json통신 (0) | 2023.07.30 |
|---|---|
| 스프링 시큐리티 2- ng처리 (0) | 2023.07.12 |
| 파일 업로드 부터 수정까지 (0) | 2023.06.28 |
| 트랜잭션이란!??!?!!?!??! (0) | 2023.06.22 |
| Spring Validator를 이용한 검증 (0) | 2023.06.22 |