Server/Spring Boots

Spring Security + CustomAuthenticationFilter 만들기

몽실KUN 2021. 5. 27. 18:03

참조자료

https://derekpark.tistory.com/101

 

spring security custom filter 인증 구현

http request 에서 custom filter 를 적용하여 특정 header 에 토큰을 담고 해당 토큰이 유효하면 인증된 요청이 되게끔 구현하고 싶었다. 스프링 사이트에서 표시된 이미지다. 솔직히 스프링에 대해서 제

derekpark.tistory.com

https://imbf.github.io/spring/2020/06/29/Spring-Security-with-JWT.html

 

Spring Security + JWT를 통해 프로젝트에 인증 구현하기

Spring Security와 JWT를 활용해서 프로젝트에 인증을 어떻게 구현했는지에 대해서 포스팅 하려고 한다.

imbf.github.io

https://stackoverflow.com/questions/38341114/spring-security-cookie-jwt-authentication

 

Spring Security Cookie + JWT authentication

I must say I am very confused about the entire model and I need help gluing all the floating pieces together. I am not doing Spring REST, just plain WebMVC controllers. My mission: I want a form ...

stackoverflow.com

https://stackoverflow.com/questions/34233856/spring-security-authenticationmanager-must-be-specified-for-custom-filter

 

Spring Security authenticationmanager must be specified - for custom filter

I’m trying to create a custom username password authentication filter since I need to validate passwords from two different sources. I’m using Spring Boot 1.2.1 and Java configuration. The error ...

stackoverflow.com


 독립된 A사이트에서 로그인을 하면 쿠키를 굽는다. 이 때 별도의 B사이트에서 A사이트의 쿠키 정보를 가지고 인증을 처리하는 작업을 좀 더 스마트하게 하고 싶었다.

 

스프링 시큐리티의 인증 아키텍처. 시간 날 때 한 번 찬찬히 파보며 공부해야겠다.

 

CookieAuthFilter

쿠키에서 특정 값이 있는 경우, 이를 처리하는 필터이다

@Component
public class CookieAuthFilter extends GenericFilterBean     
{
	@Autowired
	AtomSessionComponent sessionComponent;
    
	@Override
	public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
			throws IOException, ServletException 
	{
		boolean result = sessionComponent.validateAtomSession((HttpServletRequest) request);
		if(!result)
		{
			chain.doFilter(request, response);
			return;
		}
		CookieAuthenticationToken cookie = null;
		Map<String, Object> map = null;
		try 
		{
			map = sessionComponent.getUserInfoFromCookie((HttpServletRequest) request);
		} 
		catch 
		(InvalidKeyException | NumberFormatException | NoSuchAlgorithmException | NoSuchPaddingException
		| InvalidAlgorithmParameterException | UnsupportedEncodingException | IllegalBlockSizeException
		| BadPaddingException e) 
		{
			chain.doFilter(request, response);
			return;
		}
		cookie = new CookieAuthenticationToken(map, true);
		SecurityContextHolder.getContext().setAuthentication(cookie);
		chain.doFilter(request, response);
	}
}

 

CookieAuthenticationToken

 

public class CookieAuthenticationToken extends AbstractAuthenticationToken 
{
	private Object credentials;
	private static final long serialVersionUID = -5333188013042870764L;
	
	public CookieAuthenticationToken()
	{
		super(null);
	}
	public CookieAuthenticationToken(Map<String, Object> map, boolean isAuthenticated)
	{
		super( new ArrayList<GrantedAuthority>());	
		CookieUserDetails userDetails = new CookieUserDetails();
		userDetails.setUsername(String.valueOf(map.get("user_id")));
		setDetails(userDetails);
		this.credentials = null;
		setAuthenticated(isAuthenticated);
	}
	
	public CookieAuthenticationToken(Collection<? extends GrantedAuthority> authorities) 
	{
		super(authorities);
	}

	@Override
	public Object getCredentials() 
	{
		return credentials;
	}

	@Override
	public Object getPrincipal() 
	{
		return ((CookieUserDetails)getDetails()).getUsername();
	}
}

 

WebSecurityConfig

@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter
{
	@Autowired
	AESComponent aesComponent;

	@Autowired
	AtomSessionComponent atomComponent;
	
	@Autowired
	CookieAuthFilter cookieAuthFilter;
	
	@Override
	protected void configure(HttpSecurity http) throws Exception
	{
		 http.csrf().disable()
	        .authorizeRequests()
	        	.antMatchers("/", "/login", "/register").permitAll()
	        .anyRequest().authenticated() .and()
	        .formLogin()
	        	.loginPage("/login") .permitAll().and().logout() .permitAll()
	        .and()
	        	.addFilterBefore(cookieAuthFilter, BasicAuthenticationFilter .class);
	}

	@Bean
    @Override
    public AuthenticationManager authenticationManagerBean() throws Exception 
    {
        return super.authenticationManagerBean();
    }	
}

WebSecurityConfig