Spring Security + CustomAuthenticationFilter 만들기
참조자료
https://derekpark.tistory.com/101
spring security custom filter 인증 구현
http request 에서 custom filter 를 적용하여 특정 header 에 토큰을 담고 해당 토큰이 유효하면 인증된 요청이 되게끔 구현하고 싶었다. 스프링 사이트에서 표시된 이미지다. 솔직히 스프링에 대해서 제
derekpark.tistory.com
https://imbf.github.io/spring/2020/06/29/Spring-Security-with-JWT.html
Spring Security + JWT를 통해 프로젝트에 인증 구현하기
Spring Security와 JWT를 활용해서 프로젝트에 인증을 어떻게 구현했는지에 대해서 포스팅 하려고 한다.
imbf.github.io
https://stackoverflow.com/questions/38341114/spring-security-cookie-jwt-authentication
Spring Security Cookie + JWT authentication
I must say I am very confused about the entire model and I need help gluing all the floating pieces together. I am not doing Spring REST, just plain WebMVC controllers. My mission: I want a form ...
stackoverflow.com
Spring Security authenticationmanager must be specified - for custom filter
I’m trying to create a custom username password authentication filter since I need to validate passwords from two different sources. I’m using Spring Boot 1.2.1 and Java configuration. The error ...
stackoverflow.com
독립된 A사이트에서 로그인을 하면 쿠키를 굽는다. 이 때 별도의 B사이트에서 A사이트의 쿠키 정보를 가지고 인증을 처리하는 작업을 좀 더 스마트하게 하고 싶었다.
스프링 시큐리티의 인증 아키텍처. 시간 날 때 한 번 찬찬히 파보며 공부해야겠다.
CookieAuthFilter
쿠키에서 특정 값이 있는 경우, 이를 처리하는 필터이다
@Component
public class CookieAuthFilter extends GenericFilterBean
{
@Autowired
AtomSessionComponent sessionComponent;
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException
{
boolean result = sessionComponent.validateAtomSession((HttpServletRequest) request);
if(!result)
{
chain.doFilter(request, response);
return;
}
CookieAuthenticationToken cookie = null;
Map<String, Object> map = null;
try
{
map = sessionComponent.getUserInfoFromCookie((HttpServletRequest) request);
}
catch
(InvalidKeyException | NumberFormatException | NoSuchAlgorithmException | NoSuchPaddingException
| InvalidAlgorithmParameterException | UnsupportedEncodingException | IllegalBlockSizeException
| BadPaddingException e)
{
chain.doFilter(request, response);
return;
}
cookie = new CookieAuthenticationToken(map, true);
SecurityContextHolder.getContext().setAuthentication(cookie);
chain.doFilter(request, response);
}
}
CookieAuthenticationToken
public class CookieAuthenticationToken extends AbstractAuthenticationToken
{
private Object credentials;
private static final long serialVersionUID = -5333188013042870764L;
public CookieAuthenticationToken()
{
super(null);
}
public CookieAuthenticationToken(Map<String, Object> map, boolean isAuthenticated)
{
super( new ArrayList<GrantedAuthority>());
CookieUserDetails userDetails = new CookieUserDetails();
userDetails.setUsername(String.valueOf(map.get("user_id")));
setDetails(userDetails);
this.credentials = null;
setAuthenticated(isAuthenticated);
}
public CookieAuthenticationToken(Collection<? extends GrantedAuthority> authorities)
{
super(authorities);
}
@Override
public Object getCredentials()
{
return credentials;
}
@Override
public Object getPrincipal()
{
return ((CookieUserDetails)getDetails()).getUsername();
}
}
WebSecurityConfig
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter
{
@Autowired
AESComponent aesComponent;
@Autowired
AtomSessionComponent atomComponent;
@Autowired
CookieAuthFilter cookieAuthFilter;
@Override
protected void configure(HttpSecurity http) throws Exception
{
http.csrf().disable()
.authorizeRequests()
.antMatchers("/", "/login", "/register").permitAll()
.anyRequest().authenticated() .and()
.formLogin()
.loginPage("/login") .permitAll().and().logout() .permitAll()
.and()
.addFilterBefore(cookieAuthFilter, BasicAuthenticationFilter .class);
}
@Bean
@Override
public AuthenticationManager authenticationManagerBean() throws Exception
{
return super.authenticationManagerBean();
}
}
WebSecurityConfig