๋ณธ๋ฌธ ๋ฐ”๋กœ๊ฐ€๊ธฐ
Spring/Spring Security

spring security2 (spring boot , ํƒ€์ž„๋ฆฌํ”„ ์‚ฌ์šฉ / form๋กœ๊ทธ์ธ) - view

by ํƒœ์˜น 2022. 3. 18.

๐Ÿ‘‡1ํŽธ์˜ ๋‚ด์šฉ์„ ์ง„ํ–‰ํ•œ ํ›„ 2ํŽธ์„ ํ™•์ธํ•ด์ฃผ์„ธ์š”.

 

spring security1 (spring boot , ํƒ€์ž„๋ฆฌํ”„ ์‚ฌ์šฉ / form๋กœ๊ทธ์ธ) - ๊ตฌ์กฐ ๋ถ„์„ ๋ฐ ๋กœ์ง ์ฝ”๋“œ ์ž‘์„ฑ

๊ฐœ์ธ์ ์œผ๋กœ ๊ณต๋ถ€ํ•œ ๋‚ด์šฉ์„ ์ •๋ฆฌํ•œ ๊ธ€์ž…๋‹ˆ๋‹ค. ํ‹€๋ฆฐ ๋‚ด์šฉ์ด ์žˆ์„ ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค. ์žˆ๋‹ค๋ฉด ๋Œ“๊ธ€๋กœ ์•Œ๋ ค์ฃผ์‹œ๋ฉด ๊ฐ์‚ฌํ•˜๊ฒ ์Šต๋‹ˆ๋‹ค๐Ÿ˜Š ์ด๋ฏธ์ง€๋กœ ํ™•์ธํ•˜๋Š” spring security ๊ตฌ์กฐ AuthenticationFilter๋กœ ๋จผ์ € ์š”์ฒญ์ด

taetoungs-branch.tistory.com

 

 

์ž‘์„ฑํ•œ view์˜ ํ•ต์‹ฌ ์ฝ”๋“œ๋งŒ ์†Œ๊ฐœํ•ฉ๋‹ˆ๋‹ค. 

์ „์ฒด ์ฝ”๋“œ๊ฐ€ ํ•„์š”ํ•˜์‹  ๊ฒฝ์šฐ github์—์„œ ํ™•์ธํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค. ๐Ÿ™‚

https://github.com/ty990520/spring-security/tree/master

 

GitHub - ty990520/spring-security: spring-security form login

spring-security form login. Contribute to ty990520/spring-security development by creating an account on GitHub.

github.com


10. view ์—ฐ๊ฒฐ

 

์‹œํ๋ฆฌํ‹ฐ์—์„œ ์‚ฌ์šฉํ•˜๋Š” ์ฝ”๋“œ๊ฐ€ ์•„๋‹Œ ๊ฒฝ์šฐ Controller์ฝ”๋“œ๋Š” ์ƒ๋žตํ•˜์˜€๋‹ค.

 

๋จผ์ € join.html ์ฝ”๋“œ๋ฅผ ์ž‘์„ฑํ•ด๋ณด์ž.

<form action="/join" method="post">
    userid : <input type="text" name="userid" value="taeong">
    password : <input type="password" name="password" value="12345">
    <input type="radio" name="authRole" value="ADMIN,USER"> admin
    <input type="radio" name="authRole" value="USER" checked="checked"> user <br>
    <button type="submit">join</button>
</form>

์•ž ๊ฒŒ์‹œ๊ธ€์—์„œ ์„ค๋ช…ํ–ˆ๋“ฏ์ด, input๊ฐ’์— value="ADMIN,USER" ์ฒ˜๋Ÿผ ๊ฐ’์„ ์ง€์ •ํ•˜๋ฉด SecurityConfig์—์„œ hasAuthority()๋ฅผ ์‚ฌ์šฉํ•ด์•ผ ํ•˜๊ณ , value="ROLE_ADMIN, ROLE_USER"๋กœ ๊ฐ’์„ ์ง€์ •ํ•˜๋ฉด hasRole()์„ ์‚ฌ์šฉํ•ด์•ผํ•จ์„ ์žŠ์ง€๋ง์ž.

Controller์—์„œ ์œ ์ €๋ฅผ saveํ•˜๋Š” ๋ฉ”์†Œ๋“œ๋ฅผ ์‚ฌ์šฉํ•ด ์œ ์ €๋ฅผ ์ €์žฅํ•œ๋‹ค.

 

 

โ€‹

๋‹ค์Œ์€ login.html ์ฝ”๋“œ๋ฅผ ์ž‘์„ฑํ•œ๋‹ค. 

<form action="/loginProcess" method="POST">
    userid : <input type="text" name="userid" value="taeong">
    password : <input type="password" name="password" value="12345" >
    <button type="submit">login</button>
</form>

๊ฐ inputํƒœ๊ทธ์˜ name๊ฐ’์—๋Š” http.formLogin()์— ๋งคํ•‘ํ•œ ๊ฐ’๊ณผ ๊ฐ™๊ฒŒ ์ž‘์„ฑํ•œ๋‹ค.

๊ทธ๋ฆฌ๊ณ  ์ค‘์š”ํ•œ ๋ถ€๋ถ„์€ form์˜ action์ด /login์ด ์•„๋‹ˆ๋ผ /loginProcess๋กœ ์„ค์ •๋˜์–ด์•ผ ํ•œ๋‹ค๋Š” ์ ์ด๋‹ค.

์ด /loginProcess๋Š” ์Šคํ”„๋ง ์‹œํ๋ฆฌํ‹ฐ๊ฐ€ ๋‚ด๋ถ€์ ์œผ๋กœ ์ž๋™์ฒ˜๋ฆฌ๋ฅผ ํ•˜๊ธฐ ๋•Œ๋ฌธ์— Controller์— ์ง์ ‘ ์ •์˜ํ•  ํ•„์š”๊ฐ€ ์—†๋‹ค.

 

<div th:if="${param.error}"><span th:text="${param.exception}" style="color: red;"></span></div>

๋งŒ์•ฝ ๋กœ๊ทธ์ธ์ด ์‹คํŒจํ•œ ๊ฒฝ์šฐ ํŒŒ๋ผ๋ฏธํ„ฐ์— ์ œ๊ณต๋œ error์—ฌ๋ถ€๋ฅผ ํ†ตํ•ด exception๋ฉ”์‹œ์ง€๋ฅผ ์ถœ๋ ฅํ•ด์ค€๋‹ค.

์ด exception๋ฉ”์‹œ์ง€๋Š” customLoginFailureHandler์—์„œ ๋ฐ˜ํ™˜๋œ msg๊ฐ’์ด ๋œ๋‹ค.

 

login์ฒ˜๋ฆฌ ์‹œ ์ฃผ์˜ํ•  ์ ์€ Controller์— ๋กœ๊ทธ์ธํ•˜๋Š” ์ฝ”๋“œ๋ฅผ ํฌํ•จํ•œ ๋ฉ”์†Œ๋“œ๋ฅผ ์ž‘์„ฑํ•  ํ•„์š”๊ฐ€ ์—†๋‹ค๋Š” ๊ฒƒ์ด๋‹ค.

์Šคํ”„๋ง ์‹œํ๋ฆฌํ‹ฐ์—์„œ ์•Œ์•„์„œ ๋กœ๊ทธ์ธ์„ ํ•˜๊ธฐ ๋•Œ๋ฌธ์— Controller์—๋Š” loginํŽ˜์ด์ง€๋ฅผ ํ™•์ธํ•  ์ˆ˜ ์žˆ๋Š” GET๋ฐฉ์‹์˜ ๋ฉ”์†Œ๋“œ๋งŒ ์ž‘์„ฑํ•ด์ฃผ๋ฉด ๋œ๋‹ค.

 

 

 

๋กœ๊ทธ์ธ ์„ฑ๊ณต ํ›„ ์ ‘๊ทผํ•  ์ˆ˜ ์žˆ๋Š” user.html์—๋Š” ์•„๋ž˜์˜ ์ฝ”๋“œ๋ฅผ ์ถ”๊ฐ€ํ•  ์ˆ˜ ์žˆ๋‹ค.

<span style="margin:0; padding: 15px;">
    <span sec:authentication="authorities" style="color: #ff6d6d"></span>
    <span sec:authentication="name"></span>
</span>

ํ˜„์žฌ ์ ‘์†๋œ ๊ถŒํ•œ๊ณผ ์‚ฌ์šฉ์ž ์ด๋ฆ„(=userid)์„ ํ™”๋ฉด์— ๋„์›Œ์ค€๋‹ค.

ADMIN์€ USER์˜ ๊ถŒํ•œ๋„ ๊ฐ€์ง€๊ณ  ์žˆ๊ธฐ ๋•Œ๋ฌธ์— userํŽ˜์ด์ง€์— ์ ‘๊ทผํ•  ์ˆ˜ ์žˆ๋‹ค.

 

 

๋กœ๊ทธ์•„์›ƒ์„ ํ•˜๋Š” ๊ฒฝ์šฐ์—๋Š” ๋”ฐ๋กœ view๋ฅผ ์ž‘์„ฑํ•˜์ง€ ์•Š๊ณ  Controller๋งŒ ์ž‘์„ฑํ•ด์ค€๋‹ค.

@GetMapping("/logout")
public String logoutPage(HttpServletRequest request, HttpServletResponse response) {
    new SecurityContextLogoutHandler().logout(request, response, SecurityContextHolder.getContext().getAuthentication());
    return "redirect:/login";
}

SecurityContextLogoutHandler์—์„œ logout()๋ฅผ ์‚ฌ์šฉํ•˜์—ฌ ๋กœ๊ทธ์•„์›ƒ์„ ์ฒ˜๋ฆฌํ•ด์ค€ ๋’ค, ๋‹ค์‹œ /login์œผ๋กœ redirectํ•œ๋‹ค.

 


 

11. ์‹คํ–‰ ๊ฒฐ๊ณผ ํ™•์ธํ•˜๊ธฐ

 

build.gradle, application.yml์„ค์ • ๋ฐ view์˜ ์ „์ฒด ์ฝ”๋“œ, ๋””๋ ‰ํ† ๋ฆฌ ๊ตฌ์กฐ ๋“ฑ์€ github์—์„œ ์ž์„ธํžˆ ํ™•์ธํ•  ์ˆ˜ ์žˆ๋‹ค.

๋‚ด์šฉ์ด ๋„ˆ๋ฌด ๊ธธ์–ด์ ธ์„œ ๋กœ์ง๊ณผ ๋ทฐ๋ฅผ ๋ถ„๋ฆฌํ•˜๊ธด ํ–ˆ์ง€๋งŒ... ๋‚ด๋ถ€ ๊ตฌ์กฐ๊ฐ€ ๋„ˆ๋ฌด๋‚˜๋„ ๋ณต์žกํ•œ ์‹œํ๋ฆฌํ‹ฐ....โ˜น๏ธ

๋Œ“๊ธ€