Sidebar

Recent changes

Menu

Trace: Scala Git Angular Spring Security Clojure Polymorphism 문법 Kotlin
Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision		Previous revision
back-end:spring:security [2021/04/26 13:31] – created ledyxback-end:spring:security [2021/04/29 16:23] (current) – [WebSecurityConfigurerAdapter] configure() 설명 추가 ledyx
Line 1: Line 1:
 = Spring Security = = Spring Security =
  
-[[https://docs.spring.io/spring-security/site/docs/current/reference/html5/#servlet-applications|Spring Security - Servlet Applications]]+SpringBoot 기준으로 서술
  
 {{tag>Java Spring}} {{tag>Java Spring}}
  
-== 기본 개념 ==+== Overview == 
 + 
 +  * Authentication : 인증. “유효한 사용자인가?” 
 +  * Authorization : 허가(권한 부여). 유효한 사용자가 이 작업을 할 수 있는가? 
 + 
 +=== Documents === 
 + 
 +  * [[https://spring.io/guides/topicals/spring-security-architecture|Spring Security Architecture]] 
 +  * [[https://springbootdev.com/2017/08/23/spring-security-authentication-architecture|Spring Security : Authentication Architecture]] 
 +  * [[https://docs.spring.io/spring-security/site/docs/current/reference/html5/#servlet-applications|[Docs] Spring Security - Servlet Applications]] 
 +  * [[https://github.com/spring-projects/spring-security/tree/5.4.6/samples/boot|Samples]] 
 + 
 +== Authentication == 
 + 
 +[[https://docs.spring.io/spring-security/site/docs/current/reference/html5/#servlet-authentication|Docs]] 
 + 
 +{{:back-end:spring:spring-security-architecture.png}} 
 + 
 +  * 모두 Interface 
 + 
 +<flow> 
 +classDiagram 
 +    class AuthenticationManager { 
 +        authenticate(Authentication authentication) Authentication 
 +    } 
 +     
 +    class AuthenticationProvider { 
 +        authenticate(Authentication authentication) Authentication 
 +        supports(Class~?~ authentication) boolean 
 +    } 
 +     
 +    class UserDetailsService { 
 +        loadUserByUsername(String username) UserDetails 
 +    } 
 +     
 +    class UserDetails { 
 +        getAuthorities() Collection~? extends GrantedAuthority~ 
 +        getPassword() String 
 +        isAccountNonExpired() boolean 
 +        isAccountNonLocked() boolean 
 +        isCredentialsNonExpired() boolean 
 +        isEnabled() boolean 
 +    } 
 +     
 +    AuthenticationManager --> AuthenticationProvider : authRequest 
 +    AuthenticationProvider <..> UserDetailsService : 서비스 주입 후 authenticate()에서 사용자 정보를 꺼내어 사용 
 +    UserDetailsService -- UserDetails 
 +</flow> 
 + 
 +=== AuthenticationManager === 
 + 
 +  * [[https://docs.spring.io/spring-security/site/docs/current/api/org/springframework/security/authentication/AuthenticationManager.html|AuthenctaionManager]] 
 +    * 기본 구현체 : [[https://docs.spring.io/spring-security/site/docs/current/api/org/springframework/security/authentication/ProviderManager.html|ProviderManager]] 
 +    * [[https://docs.spring.io/spring-security/site/docs/current/api/org/springframework/security/config/annotation/authentication/builders/AuthenticationManagerBuilder.html|AuthenticationManagerBuilder]] : [[https://docs.spring.io/spring-security/site/docs/current/api/org/springframework/security/config/annotation/web/configuration/WebSecurityConfigurerAdapter.html|WebSecurityConfigurerAdapter 의 configure(AuthenticationManagerBuilder auth)]] Method로 "auth" 인자를 사용할 수 있는데, 이 인자의 "userDetailsService(T userDetailsService)"로 "UserDetailsService" 주입이 가능함. 
 + 
 +{{:back-end:spring:authenticationmanager.png|}} 
 + 
 +=== AuthenticationProvider  === 
 + 
 +  * [[https://docs.spring.io/spring-security/site/docs/current/api/org/springframework/security/authentication/AuthenticationProvider.html|AuthenticationProvider]] 
 + 
 +{{:back-end:spring:authenticationprovider.png|}} 
 + 
 +=== UserDetailsService  === 
 + 
 +"[[https://docs.spring.io/spring-security/site/docs/current/api/org/springframework/security/core/userdetails/UserDetailsService.html#loadUserByUsername-java.lang.String-|UserDetailsService에는 UserDetails loadUserByUsername(String username)]]"만 있는데, 여기서 [[https://docs.spring.io/spring-security/site/docs/current/api/org/springframework/security/core/userdetails/UserDetails.html|UserDetails]]는 이름, 비밀번호, 인증/인가등의 기본적인 사용자 정보를 담는 Class. 
 + 
 +{{:back-end:spring:userdetailsservice.png|}} 
 + 
 +또 다른 사용자 정보를 담는 Bean을 만들기보다 이를 상속해서 사용하는게 일을 덜 할 수 있으리라 판단된다. 
 + 
 +마음에 드는 구현체가 없다면 이 Interface를 상속받아서 재정의. 
 + 
 +자식 Interface인 [[https://docs.spring.io/spring-security/site/docs/current/api/org/springframework/security/provisioning/UserDetailsManager.html|UserDetailsManager]]는 비밀번호 변경, 사용자 생성/삭제/갱신, 사용자 존재 여부등의 기능이 추가로 있음. 
 + 
 + 
 +---- 
 + 
 + 
 +=== WebSecurityConfigurerAdapter === 
 + 
 +전역적인(globally) authentication이 필요할 때 사용. 
 + 
 +[[https://docs.spring.io/spring-security/site/docs/current/api/org/springframework/security/config/annotation/web/configuration/WebSecurityConfigurerAdapter.html|WebSecurityConfigurerAdapter]]를 상속해서 사용한다. 여기서 주의깊게 봐야 하는 Method는 "configure"인데, 3의 종류를 가진다. 
 + 
 +  * **protected void configure(AuthenticationManagerBuilder auth)** 
 +    * Used by the default implementation of authenticationManager() to attempt to obtain an AuthenticationManager. 
 +  * **protected void configure(HttpSecurity http)** 
 +    * Override this method to configure the HttpSecurity. 
 +  * **void configure(WebSecurity web)** 
 +    * Override this method to configure WebSecurity. 
 + 
 +{{:back-end:spring:websecurityconfigurer.png}} 
 + 
 +  * WebSecurityConfigurerAdapter, AbstractConfiguredSecurityBuilder, AbstractSecurityBuilder : abstract class 
 +  * WebSecurity : final class 
 + 
 +<flow> 
 +classDiagram 
 +  class SecurityConfigurer~O, B extends SecurityBuilder<O>~ { 
 +    init(B builder) 
 +    configure(B builder) 
 +  } 
 +   
 +  class WebSecurityConfigurer~T extends SecurityBuilder<Filter>~ 
 +   
 +  class SecurityBuilder~O~ { 
 +    build() O 
 +  } 
 +   
 +  class AbstractSecurityBuilder~O~ 
 +   
 +  class AbstractConfiguredSecurityBuilder~O, B extends SecurityBuilder<O>~ 
 +   
 +  class WebSecurity 
 +   
 +  SecurityConfigurer <|-- WebSecurityConfigurer : <Filter,  T extends SecurityBuilder<Filter>> 
 +  WebSecurityConfigurer  <|-- WebSecurityConfigurerAdapter : <WebSecurity> 
 +   
 +  SecurityBuilder <|-- AbstractSecurityBuilder 
 +  AbstractSecurityBuilder <|-- AbstractConfiguredSecurityBuilder 
 +  AbstractConfiguredSecurityBuilder <|-- WebSecurity : <Filter, WebSecurity> 
 +   
 +  Aware <|-- ApplicationContextAware 
 +  SecurityBuilder <|-- WebSecurity : <Filter> 
 +  ApplicationContextAware <|-- WebSecurity 
 +</flow> 
 + 
 + 
 +== Authorization == 
 + 
 +[[https://docs.spring.io/spring-security/site/docs/current/reference/html5/#servlet-authorization|Docs]] 
 + 
 + 
 +== Protection Against Exploits == 
 + 
 +[[https://docs.spring.io/spring-security/site/docs/current/reference/html5/#servlet-exploits|Docs]]
  
-  * Authentication : 인증. "__유효__한 사용자인가?" 
-  * Authorization : 허가(권한 부여). 유효한 사용자가 이 작업을 __할 수 있는가__? 
back-end/spring/security.1619440300.txt.gz · Last modified: 2021/04/26 13:31 by ledyx