사내강의 2013 spring_security_최종

1,127 views
950 views

Published on

Published in: Technology, News & Politics
0 Comments
6 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,127
On SlideShare
0
From Embeds
0
Number of Embeds
85
Actions
Shares
0
Downloads
29
Comments
0
Likes
6
Embeds 0
No embeds

No notes for slide

사내강의 2013 spring_security_최종

  1. 1. 오픈강의Spring Security 3류지만 ryu.jiman@gmail.com
  2. 2. References• Spring Security Reference Guidehttp://static.springsource.org/spring-security/site/docs/3.0.x/reference/springsecurity.html• Spring Security API Javadochttp://static.springsource.org/spring-security/site/docs/3.0.x/apidocs/index.html• Spring Security Samplesspring-security-samples-contacts.warspring-security-samples-tutorial.war• Reference 번역 – SpringSprout Wikihttp://wiki.springsprout.org/display/springsecurity/Home
  3. 3. # HTTP 보안 적용하기1. WEB-INF/web.xml 수정2. applicationContext-security.xml 작성3. /login/login.jsp 작성1. /main/main.jsp 작성
  4. 4. # 동시에 1명만 접속 (로그인에러)“로그인된 사용자 ID에 대한 동시 로그인 차단”1.applicationContext-security.xml 수정
  5. 5. Servlet/JSPFilterChainProxyDelegatingFilterProxyRequestWEB.xml
  6. 6. SecurityContextPersistenceFilterLogoutFilterUsernamePasswordAuthenticationFilterBasicAuthenticationFilterRequestCacheAwareFilterSecurityContextHolderAwareRequestFilterAnonymousAuthenticationFilterSessionManagementFilterExceptionTranslationFilterFilterSecurityInterceptorAffirmativeBasedAccessDecisionManagerSecurityContextImplSecurityContextSecurityContextRepositoryUsernamePasswordAuthenticationTokenAuthenticationAuthenticationManagerAuthenticationProviderInMemoryDaoImplUserDetailsServiceDaoAuthenticationProviderGrantedAuthorityImplUserUserDetailsGrantedAuthority스프링 시큐리티 아키텍처SPRING_SECURITY_CONTEXTConcurrentSessionFilterHttpSessionSecurityContextRepositoryProviderManagerHibernate/j_spring_security_checkLogin.jsp
  7. 7. <http pattern="/resources/**" security="none"/><http pattern="/login.jsp" security="none"/><http pattern="/logout.jsp" security="none"/><http auto-config="true" use-expressions="true"><intercept-url pattern="/resource/**" access="permitAll"/><intercept-url pattern="/jsp/common/error/deny.jsp" access="permitAll"/><intercept-url pattern=”/system/**" access="hasRole(ROLE_ADMIN)"/><intercept-url pattern="/fromt/**" access="hasRole(ROLE_USER)"/><form-login login-page="/index.jsp"default-target-url="/rest/jsp/index.do"always-use-default-target="true"authentication-failure-url="/index.jsp?result=true"login-processing-url="/j_spring_security_check"/><logout logout-url="/j_spring_security_logout"logout-success-url="/index.jsp"invalidate-session="true"/><access-denied-handler error-page=”/common/error/deny.do"/><session-management><concurrency-control max-sessions="3"/></session-management></http>
  8. 8. @Service("userDetailsService")public class UserDetailsServiceImpl implements UserDetailsService {@Autowiredprivate UserRepository repository;@Overridepublic User loadUserByUsername(String username)throws UsernameNotFoundException {try {return repository.select(new User(username));} catch (Exception ex) {throw new UsernameNotFoundException("사용자를 찾을 수 없습니다.", ex);}}<authentication-manager alias="authenticationManager"><authentication-provider user-service-ref="userDetailsService"><password-encoder hash="plaintext"/></authentication-provider></authentication-manager>
  9. 9. @Overridepublic User select(User object) {return (User) sessionFactory.getCurrentSession().get(User.class,object.getUsername());}Hibernate:selectuser0_.USERNAME as USERNAME8_0_,user0_.AUTHORITY as AUTHORITY8_0_,user0_.NAME as NAME8_0_,user0_.PASSWORD as PASSWORD8_0_,fromUSER user0_whereuser0_.USERNAME=?
  10. 10. @Entity@Table(name = "USER")public class User implements Serializable, UserDetails, GrantedAuthority{/*** 사용자 아이디.*/@Id@Column(name = "USERNAME", length = 50)private String username;/*** 사용자 비밀번호.*/@Column(name = "PASSWORD", nullable = false, length = 50)private String password;@Overridepublic Collection<? extends GrantedAuthority> getAuthorities() {ArrayList auths = new ArrayList();auths.add(new SecurityRole(this.getAuthority()));return auths;}
  11. 11. public User(String username) {this.username = username;}public void setUsername(String username) {this.username = username;}public String getUsername() {return username;}public String getPassword() {return password;}public void setPassword(String password) {this.password = password;}
  12. 12. 전자정부 사용모듈 및 버전spring-security-core-2.0.4.jarorg.springframework.security.*spring-security-core-3.1.0.RELEASE.jarorg.springframework.security.core.*spring-security-web-3.1.0.RELEASE.jarorg.springframework.security.web.authentication.UsernamePasswordAuthenticationFilterpublic static final String SPRING_SECURITY_FORM_USERNAME_KEY = "j_username";public static final String SPRING_SECURITY_FORM_PASSWORD_KEY = "j_password";public UsernamePasswordAuthenticationFilter() {super("/j_spring_security_check");}org.springframework.security.userdetails.jdbc.JdbcDaoImplprivate String authoritiesByUsernameQuery;private String usersByUsernameQuery;framefit.common.sec.userdetails.jdbc.UserDetailsManagerprivate String mapClass;private RoleHierarchy roleHierarchy = null;<b:bean id="jdbcUserService"class="framefit.common.sec.userdetails.jdbc.UserDetailsManager" ><b:property name="usersByUsernameQuery" value="SELECTUSER_ID,USER_NM,PASSWORD,1 ENABLED,DEPT_IDFROM TN_USERSWHERE USER_ID = ? "/><b:property name="authoritiesByUsernameQuery" value="SELECT A.SCRTY_DTRMN_TRGET_ID USER_ID, A.AUTHOR_CODE AUTHORITYFROM TN_EMPLYRSCRTYESTBS A, TN_USERS BWHERE A.SCRTY_DTRMN_TRGET_ID = B.USER_ID AND B.USER_ID = ? "/><b:property name="roleHierarchy" ref="roleHierarchy"/><b:property name="dataSource" ref="egov.dataSource"/><b:property name="mapClass" value="framefit.common.sec.common.EgovSessionMapping"/></b:bean>
  13. 13. Servlet ContainerWebUserSecurity InterceptorSpring ContainerFilter ChainFilter 1 Filter 3 Filter 4 Filter 5Filter 2Filter X Servlet
  14. 14. AuthenticationManagerProviderManagerCAS Authentication ProviderDAOAuthentication ProviderJAASAuthentication ProviderX.509Authentication ProviderLDAPAuthentication Provider

×