Sidebar

Recent changes

Menu

Trace: 문법 Regular Expression Git Spring Security
Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
back-end:spring:security [2021/04/26 15:26] – [Authentication] Diagram ledyxback-end:spring:security [2021/04/29 16:23] (current) – [WebSecurityConfigurerAdapter] configure() 설명 추가 ledyx
Line 9: Line 9:
   * Authentication : 인증. “유효한 사용자인가?   * Authentication : 인증. “유효한 사용자인가?
   * Authorization : 허가(권한 부여). 유효한 사용자가 이 작업을 할 수 있는가?   * Authorization : 허가(권한 부여). 유효한 사용자가 이 작업을 할 수 있는가?
- 
-{{https://github.com/spring-guides/top-spring-security-architecture/raw/master/images/authentication.png}} 
- 
  
 === Documents === === Documents ===
  
   * [[https://spring.io/guides/topicals/spring-security-architecture|Spring Security Architecture]]   * [[https://spring.io/guides/topicals/spring-security-architecture|Spring Security Architecture]]
 +  * [[https://springbootdev.com/2017/08/23/spring-security-authentication-architecture|Spring Security : Authentication Architecture]]
   * [[https://docs.spring.io/spring-security/site/docs/current/reference/html5/#servlet-applications|[Docs] Spring Security - Servlet Applications]]   * [[https://docs.spring.io/spring-security/site/docs/current/reference/html5/#servlet-applications|[Docs] Spring Security - Servlet Applications]]
   * [[https://github.com/spring-projects/spring-security/tree/5.4.6/samples/boot|Samples]]   * [[https://github.com/spring-projects/spring-security/tree/5.4.6/samples/boot|Samples]]
- 
- 
- 
- 
  
 == Authentication == == Authentication ==
  
 [[https://docs.spring.io/spring-security/site/docs/current/reference/html5/#servlet-authentication|Docs]] [[https://docs.spring.io/spring-security/site/docs/current/reference/html5/#servlet-authentication|Docs]]
 +
 +{{:back-end:spring:spring-security-architecture.png}}
 +
 +  * 모두 Interface
  
 <flow> <flow>
 classDiagram classDiagram
     class AuthenticationManager {     class AuthenticationManager {
-        Authentication  authenticate(Authentication authentication)+        authenticate(Authentication authentication) Authentication
     }     }
          
     class AuthenticationProvider {     class AuthenticationProvider {
-        Authentication  authenticate(Authentication authentication) +        authenticate(Authentication authentication) Authentication 
-        boolean supports(Class authentication)+        supports(Class~?~ authentication) boolean
     }     }
- +     
-    AuthenticationProvider <|-- ProviderManager+    class UserDetailsService { 
 +        loadUserByUsername(String username) UserDetails 
 +    } 
 +     
 +    class UserDetails { 
 +        getAuthorities() Collection~? extends GrantedAuthority~ 
 +        getPassword() String 
 +        isAccountNonExpired() boolean 
 +        isAccountNonLocked() boolean 
 +        isCredentialsNonExpired() boolean 
 +        isEnabled() boolean 
 +    } 
 +    
     AuthenticationManager --> AuthenticationProvider : authRequest     AuthenticationManager --> AuthenticationProvider : authRequest
-      +    AuthenticationProvider <..> UserDetailsService 서비스 주입 후 authenticate()에서 사용자 정보를 꺼내어 사용 
-    link AuthenticationManager "https://docs.spring.io/spring-security/site/docs/current/api/org/springframework/security/authentication/AuthenticationManager.html" "Docs" +    UserDetailsService -- UserDetails
-    link AuthenticationProvider "https://docs.spring.io/spring-security/site/docs/4.2.20.RELEASE/apidocs/org/springframework/security/authentication/AuthenticationProvider.html" "Docs" +
-    link ProviderManager "https://docs.spring.io/spring-security/site/docs/4.2.20.RELEASE/apidocs/org/springframework/security/authentication/ProviderManager.html"+
 </flow> </flow>
 +
 +=== AuthenticationManager ===
 +
 +  * [[https://docs.spring.io/spring-security/site/docs/current/api/org/springframework/security/authentication/AuthenticationManager.html|AuthenctaionManager]]
 +    * 기본 구현체 : [[https://docs.spring.io/spring-security/site/docs/current/api/org/springframework/security/authentication/ProviderManager.html|ProviderManager]]
 +    * [[https://docs.spring.io/spring-security/site/docs/current/api/org/springframework/security/config/annotation/authentication/builders/AuthenticationManagerBuilder.html|AuthenticationManagerBuilder]] : [[https://docs.spring.io/spring-security/site/docs/current/api/org/springframework/security/config/annotation/web/configuration/WebSecurityConfigurerAdapter.html|WebSecurityConfigurerAdapter 의 configure(AuthenticationManagerBuilder auth)]] Method로 "auth" 인자를 사용할 수 있는데, 이 인자의 "userDetailsService(T userDetailsService)"로 "UserDetailsService" 주입이 가능함.
 +
 +{{:back-end:spring:authenticationmanager.png|}}
 +
 +=== AuthenticationProvider  ===
 +
 +  * [[https://docs.spring.io/spring-security/site/docs/current/api/org/springframework/security/authentication/AuthenticationProvider.html|AuthenticationProvider]]
 +
 +{{:back-end:spring:authenticationprovider.png|}}
 +
 +=== UserDetailsService  ===
 +
 +"[[https://docs.spring.io/spring-security/site/docs/current/api/org/springframework/security/core/userdetails/UserDetailsService.html#loadUserByUsername-java.lang.String-|UserDetailsService에는 UserDetails loadUserByUsername(String username)]]"만 있는데, 여기서 [[https://docs.spring.io/spring-security/site/docs/current/api/org/springframework/security/core/userdetails/UserDetails.html|UserDetails]]는 이름, 비밀번호, 인증/인가등의 기본적인 사용자 정보를 담는 Class.
 +
 +{{:back-end:spring:userdetailsservice.png|}}
 +
 +또 다른 사용자 정보를 담는 Bean을 만들기보다 이를 상속해서 사용하는게 일을 덜 할 수 있으리라 판단된다.
 +
 +마음에 드는 구현체가 없다면 이 Interface를 상속받아서 재정의.
 +
 +자식 Interface인 [[https://docs.spring.io/spring-security/site/docs/current/api/org/springframework/security/provisioning/UserDetailsManager.html|UserDetailsManager]]는 비밀번호 변경, 사용자 생성/삭제/갱신, 사용자 존재 여부등의 기능이 추가로 있음.
 +
 +
 +----
 +
 +
 +=== WebSecurityConfigurerAdapter ===
 +
 +전역적인(globally) authentication이 필요할 때 사용.
 +
 +[[https://docs.spring.io/spring-security/site/docs/current/api/org/springframework/security/config/annotation/web/configuration/WebSecurityConfigurerAdapter.html|WebSecurityConfigurerAdapter]]를 상속해서 사용한다. 여기서 주의깊게 봐야 하는 Method는 "configure"인데, 3개의 종류를 가진다.
 +
 +  * **protected void configure(AuthenticationManagerBuilder auth)**
 +    * Used by the default implementation of authenticationManager() to attempt to obtain an AuthenticationManager.
 +  * **protected void configure(HttpSecurity http)**
 +    * Override this method to configure the HttpSecurity.
 +  * **void configure(WebSecurity web)**
 +    * Override this method to configure WebSecurity.
 +
 +{{:back-end:spring:websecurityconfigurer.png}}
 +
 +  * WebSecurityConfigurerAdapter, AbstractConfiguredSecurityBuilder, AbstractSecurityBuilder : abstract class
 +  * WebSecurity : final class
 +
 +<flow>
 +classDiagram
 +  class SecurityConfigurer~O, B extends SecurityBuilder<O>~ {
 +    init(B builder)
 +    configure(B builder)
 +  }
 +  
 +  class WebSecurityConfigurer~T extends SecurityBuilder<Filter>~
 +  
 +  class SecurityBuilder~O~ {
 +    build() O
 +  }
 +  
 +  class AbstractSecurityBuilder~O~
 +  
 +  class AbstractConfiguredSecurityBuilder~O, B extends SecurityBuilder<O>~
 +  
 +  class WebSecurity
 +  
 +  SecurityConfigurer <|-- WebSecurityConfigurer : <Filter,  T extends SecurityBuilder<Filter>>
 +  WebSecurityConfigurer  <|-- WebSecurityConfigurerAdapter : <WebSecurity>
 +  
 +  SecurityBuilder <|-- AbstractSecurityBuilder
 +  AbstractSecurityBuilder <|-- AbstractConfiguredSecurityBuilder
 +  AbstractConfiguredSecurityBuilder <|-- WebSecurity : <Filter, WebSecurity>
 +  
 +  Aware <|-- ApplicationContextAware
 +  SecurityBuilder <|-- WebSecurity : <Filter>
 +  ApplicationContextAware <|-- WebSecurity
 +</flow>
 +
 +
 == Authorization == == Authorization ==
  
back-end/spring/security.1619447171.txt.gz · Last modified: 2021/04/26 15:26 by ledyx