Spring Security
Authorization(권한) + Authentication(인증)
Cookie & Session Based
● 보안 기본 용어
Pricipal : 기본 정보(no, name, email)
Credential : password
Authority: 권한 role
● 보안은 개념적으로 application 외부에서 막아야 한다.
● 스프링 Filter Layer 에서 동작한다.(필터는 스프링 외부에서, 인터셉터는 내부에서 동작)
동작 플로우
tomcat -> tomcat filter -> spring filter (springSecurityFilterchain) -> Servlet
| proxy
| delegate
16가지 Filterchain 실행
1) (권한+인증) Web Based
2) oAuth Client
tomcat <- tomcat filter <- spring filter (springSecurityFilterchain) <- Servlet
시스템 구조
Client: 인증 토큰을 요청시마다 함께 전달
MSA : 클라이언트로 부터 요청받을시 OAuth Server에서 인증
OAuth Server
16가지 Security Filter Chain
1. ChannelProcessingFilter
2. SecurityContextPersistenceFilter ( auto-config default )
3. ConcurrentSessionFilter
4. LogoutFilter ( auto-config default )
5. UsernamePasswordAuthenticationFilter ( auto-config default )
6. DefaultLoginPageGeneratingFilter ( auto-config default )
7. CasAuthenticationFilter
8. BasicAuthenticationFilter ( auto-config default )
9. RequestCacheAwareFilter ( auto-config default )
10. SecurityContextHolderAwareRequestFilter ( auto-config default )
11. JaasApiIntegrationFilter
12. RememberMeAuthenticationFilter
13. AnonymousAuthenticationFilter ( auto-config default )
14. SessionManagementFilter ( auto-config default )
15. ExceptionTranslationFilter ( auto-config default )
16. FilterSecurityInterceptor ( auto-config default )
설정
의존성 추가
1-1. 기본 스프링
<!-- Spring Security -->
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>4.1.3.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>4.1.3.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-taglibs</artifactId>
<version>4.1.3.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-acl</artifactId>
<version>4.1.3.RELEASE</version>
</dependency>
1-2. 스프링 부트
<!-- https://mvnrepository.com/artifact/org.springframework.boot/spring-boot-starter-security -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
<version>2.1.6.RELEASE</version>
</dependency>
-- 3버젼 --
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
-- 4버젼 --
AbstractSecurityWebApplicationInitializer를 상속받는 클래스 생성
-- 5버젼 --
관례로 이미 설정되어 있다.
ACL이란?
● 참고 URL
메모
UserDao
role 필드 추가. 암호화(BCrypt Based
- 단방향 BCrypt** Scrypt SHA-512
SS TagLib
access expression <sec:authorize />
Authentication Tag <sec:authentication property="name" /> <sec:authentication property="principal.name" />
<sec:authorized access="hasRole('ADMIN')" />
csrf tag
@AuthUser 기존 Security(Spring Interceptor & Annotation) 버리기
Denial Handler
password Encoder (BCrypt Based)
rememberme: 다음 자동 로그인 할때 사용.
SS support AJAX(JSON + WEB response)
filter 최적화
oAuth2
'규린이 IT 개발 > 규린이 필살 정리' 카테고리의 다른 글
| 리눅스 Redis 설치 방법 (0) | 2021.11.06 |
|---|---|
| [리눅스] pacemaker/corosync 설치 및 활용 (0) | 2019.09.05 |
| [postgresql] 확장 모듈 설치 (0) | 2019.07.05 |
| [리눅스] node.js 설치 (0) | 2019.07.03 |
| [리눅스] apache - django 연동 (0) | 2019.07.02 |