Spring Security 사용법

1. pom.xml 설정

<!-- Spring security -->

<dependency>

<groupId>org.springframework.security</groupId>

<artifactId>spring-security-web</artifactId>

<version>4.2.2.RELEASE</version>

</dependency>

<dependency>

<groupId>org.springframework.security</groupId>

<artifactId>spring-security-config</artifactId>

<version>4.2.1.RELEASE</version>

2. db 설정

name, password, enabled, authority는 스프링이 사용하는 필드임. user_list로 테이블을 생성 

3. security xml 설정

-------------------------------------------------------------------------------------------------------------------------------------------------------

<?xml version="1.0" encoding="UTF-8"?>

<beans:beans xmlns="http://www.springframework.org/schema/security"

    xmlns:beans="http://www.springframework.org/schema/beans"

xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

xsi:schemaLocation="http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd

http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.3.xsd">

      

    <http use-expressions="true">

    

    <intercept-url pattern="/login/" access="permitAll" />

        <intercept-url pattern="/**" access="hasRole('ADMIN')" />

        <form-login login-page="/login/"

                    default-target-url="/main/"

                    authentication-failure-url="/login/?error"

                    username-parameter="id"

                    password-parameter="password" />

        <logout logout-url="/logout/" invalidate-session="true"

                logout-success-url="/login/" />

        <session-management invalid-session-url="/login/">

        <concurrency-control error-if-maximum-exceeded="false" />

        </session-management>

        

    </http>

    

    <authentication-manager>

        <authentication-provider>

        <!--  인메모리 방식

            <user-service>

                <user name="user" password="password" authorities="ROLE_USER" />

            </user-service>

        -->

        <jdbc-user-service data-source-ref="dataSource"

users-by-username-query="SELECT name AS userName,password, enabled 

FROM user_list WHERE name=?"

authorities-by-username-query="SELECT name AS userName, authority 

FROM user_list WHERE name=?" />

        </authentication-provider>

    </authentication-manager>

    

</beans:beans>

-----------------------------------------------------------------------------------------------------------------------------------------------------------------

<form-login login-page="/login/"

                    default-target-url="/main/"

                    authentication-failure-url="/login/?error"

                    username-parameter="id"

                    password-parameter="password" />

        <logout logout-url="/logout/" invalidate-session="true"

                logout-success-url="/login/" />

        <session-management invalid-session-url="/login/">

         <concurrency-control error-if-maximum-exceeded="false" />

        </session-management>

=> 로그인, 로그아웃, 세션타임아웃일때 uri설정부분.

jdbc-user-service data-source-ref는 데이터베이스 설정파일의 id를 설정해줌.

<intercept-url pattern="/**" access="hasRole('ADMIN')" /> 이렇게 설정되어 있다면 authorities-by-username-query에 해당되고,

<intercept-url pattern="/**" access="hasRole('USER')" /> 이렇게 설정되어 있다면 users-by-username-query에 해당한다.