Spring Security (1) - 기본 설정 (xml)

1. pom.xml 설정 

	<properties>
		<java-version>1.8</java-version>
		<org.springframework-version>4.2.5.RELEASE</org.springframework-version>
		<org.aspectj-version>1.6.10</org.aspectj-version>
		<org.slf4j-version>1.6.6</org.slf4j-version>
	</properties>

 

		<!-- security -->
		<dependency> 
			<groupId>org.springframework.security</groupId> 
			<artifactId>spring-security-web</artifactId> 
			<version>${org.springframework-version}</version> 
		</dependency> 
		<dependency> 
			<groupId>org.springframework.security</groupId> 
			<artifactId>spring-security-config</artifactId> 
			<version>${org.springframework-version}</version> 
		</dependency>
		<dependency> 
			<groupId>org.springframework.security</groupId> 
			<artifactId>spring-security-taglibs</artifactId> 
			<version>${org.springframework-version}</version> 
		</dependency>

2. web.xml 설정

	<context-param>
		<param-name>contextConfigLocation</param-name>
		<param-value>
			/WEB-INF/spring/root-context.xml
			/WEB-INF/spring/appServlet/security-context.xml	
		</param-value>
	</context-param>
    
    <!-- Spring security -->
	<filter>
		<filter-name>springSecurityFilterChain</filter-name>
		<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
	</filter>
	
	<filter-mapping>
		<filter-name>springSecurityFilterChain</filter-name>
		<url-pattern>/*</url-pattern>
	</filter-mapping>
    
    <!-- 이하생략 -->
   

 

 - appServlet 디렉토리 밑에 security-context.xml 파일 생성

 

 

 

 

 

 

 

3. security-context.xml 설정

	<security:http>
		<security:intercept-url pattern="/**" access="hasRole('USER')" />
		<security:form-login />
		<security:logout />
	</security:http>
	
	<!-- provider -->
	<security:authentication-manager>
		<security:authentication-provider>
			<security:user-service>
				<security:user name="user" password="password" authorities="ROLE_USER" />
			</security:user-service>
		</security:authentication-provider>
	</security:authentication-manager>

- hasRole('USER') : hasRole 안에 USER는 ROLE_USER 와 같다. ROLE 생략가능

- 로그인 할 id, password 임의 지정 : id(user), pw(password), authorities(ROLE_USER)

 

설정 후 서버 실행 시

 

로그인 UI가 기본적으로 제공된다.

 

임의로 지정했던 id, password 입력 후 login

 

 

 

 

 

<로그인 성공시 화면>

 

 

 

 

 

 

 

4. home.jsp 소스

<%@ page language="java" contentType="text/html; charset=UTF-8"
    pageEncoding="UTF-8"%>
<%@ taglib prefix="form" uri="http://www.springframework.org/tags/form" %>

<html lang="en">
<head>
	
</head>
<body>
	<h1>HOME!</h1>
	<form:form action="${pageContext.request.contextPath}/logout" method="POST"> 
		<input type="submit" value="로그아웃" /> 
	</form:form>


</body>
</html>