Spring Security + CustomAuthenticationFilter 만들기

참조자료

https://derekpark.tistory.com/101

spring security custom filter 인증 구현

https://imbf.github.io/spring/2020/06/29/Spring-Security-with-JWT.html

Spring Security + JWT를 통해 프로젝트에 인증 구현하기

https://stackoverflow.com/questions/38341114/spring-security-cookie-jwt-authentication

Spring Security Cookie + JWT authentication

https://stackoverflow.com/questions/34233856/spring-security-authenticationmanager-must-be-specified-for-custom-filter

Spring Security authenticationmanager must be specified - for custom filter

---

 독립된 A사이트에서 로그인을 하면 쿠키를 굽는다. 이 때 별도의 B사이트에서 A사이트의 쿠키 정보를 가지고 인증을 처리하는 작업을 좀 더 스마트하게 하고 싶었다.

 

스프링 시큐리티의 인증 아키텍처. 시간 날 때 한 번 찬찬히 파보며 공부해야겠다.

 

CookieAuthFilter

쿠키에서 특정 값이 있는 경우, 이를 처리하는 필터이다

@Component
public class CookieAuthFilter extends GenericFilterBean     
{
	@Autowired
	AtomSessionComponent sessionComponent;
    
	@Override
	public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
			throws IOException, ServletException 
	{
		boolean result = sessionComponent.validateAtomSession((HttpServletRequest) request);
		if(!result)
		{
			chain.doFilter(request, response);
			return;
		}
		CookieAuthenticationToken cookie = null;
		Map<String, Object> map = null;
		try 
		{
			map = sessionComponent.getUserInfoFromCookie((HttpServletRequest) request);
		} 
		catch 
		(InvalidKeyException | NumberFormatException | NoSuchAlgorithmException | NoSuchPaddingException
		| InvalidAlgorithmParameterException | UnsupportedEncodingException | IllegalBlockSizeException
		| BadPaddingException e) 
		{
			chain.doFilter(request, response);
			return;
		}
		cookie = new CookieAuthenticationToken(map, true);
		SecurityContextHolder.getContext().setAuthentication(cookie);
		chain.doFilter(request, response);
	}
}

 

CookieAuthenticationToken

 

public class CookieAuthenticationToken extends AbstractAuthenticationToken 
{
	private Object credentials;
	private static final long serialVersionUID = -5333188013042870764L;
	
	public CookieAuthenticationToken()
	{
		super(null);
	}
	public CookieAuthenticationToken(Map<String, Object> map, boolean isAuthenticated)
	{
		super( new ArrayList<GrantedAuthority>());	
		CookieUserDetails userDetails = new CookieUserDetails();
		userDetails.setUsername(String.valueOf(map.get("user_id")));
		setDetails(userDetails);
		this.credentials = null;
		setAuthenticated(isAuthenticated);
	}
	
	public CookieAuthenticationToken(Collection<? extends GrantedAuthority> authorities) 
	{
		super(authorities);
	}

	@Override
	public Object getCredentials() 
	{
		return credentials;
	}

	@Override
	public Object getPrincipal() 
	{
		return ((CookieUserDetails)getDetails()).getUsername();
	}
}

 

WebSecurityConfig

@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter
{
	@Autowired
	AESComponent aesComponent;

	@Autowired
	AtomSessionComponent atomComponent;
	
	@Autowired
	CookieAuthFilter cookieAuthFilter;
	
	@Override
	protected void configure(HttpSecurity http) throws Exception
	{
		 http.csrf().disable()
	        .authorizeRequests()
	        	.antMatchers("/", "/login", "/register").permitAll()
	        .anyRequest().authenticated() .and()
	        .formLogin()
	        	.loginPage("/login") .permitAll().and().logout() .permitAll()
	        .and()
	        	.addFilterBefore(cookieAuthFilter, BasicAuthenticationFilter .class);
	}

	@Bean
    @Override
    public AuthenticationManager authenticationManagerBean() throws Exception 
    {
        return super.authenticationManagerBean();
    }	
}

WebSecurityConfig