Spring5 Security 기초 템플릿 - Session

이 글은 Spring5 에 Spring-Security 에 대한 기초 템플릿이다. Session 유지를 위해서 Redis 를 필요로 한다. 또, ElasticSearch 의 RestHighLevelClient 로 ElasticSearch를 연결 한다. 데이터베이스는 JNDI 설정으로 연결 된다.

다음과 같은 내용을 담았다.

JDK 11
Tomcat 서버 9 를 이용.
spring-session.xml 을 작성해 Redis 를 세션으로 사용하도록 했다.
JNDI 를 이용해 MySQL 에 연결된다.

Redis 설정한 이유는 Spring Security 에 인증을 InMemory 를 요구 한다. 이는 다음과 같은 설정 때문이다.

	<authentication-manager>
		<authentication-provider>
			<user-service>
			
			<!-- This is required a InMemory DB. So I setup Redis and config to a spring-session.xml for connecting the redis 
			if you set spring-session.xml, you should config also web.xml for springSessionRepositoryFilter
			-->
    		<user name="jimi" password="{bcrypt}$2a$10$ddEWZUl8aU0GdZPPpy7wbu82dvEw/pBpbRvDQRqA41y6mK1CoH00m"
            authorities="ROLE_USER, ROLE_ADMIN" />
		    <user name="bob" password="{bcrypt}$2a$10$/elFpMBnAYYig6KRR5bvOOYeZr1ie1hSogJryg9qDlhza4oCw1Qka"
		            authorities="ROLE_USER" />
		    <!-- Password is prefixed with {noop} to indicate to DelegatingPasswordEncoder that
    		NoOpPasswordEncoder should be used. This is not safe for production, but makes reading
    		in samples easier. Normally passwords should be hashed using BCrypt -->
    		<!-- <user name="jimi" password="{noop}jimispassword" authorities="ROLE_USER, ROLE_ADMIN" /> -->
			<!-- <user name="bob" password="{noop}bobspassword" authorities="ROLE_USER" /> -->
			</user-service>
		</authentication-provider>
	</authentication-manager>

<authentication-manager>

<authentication-provider>

<user-service>

<!-- This is required a InMemory DB. So I setup Redis and config to a spring-session.xml for connecting the redis

if you set spring-session.xml, you should config also web.xml for springSessionRepositoryFilter

-->

<user name="jimi" password="{bcrypt}$2a$10$ddEWZUl8aU0GdZPPpy7wbu82dvEw/pBpbRvDQRqA41y6mK1CoH00m"

authorities="ROLE_USER, ROLE_ADMIN" />

<user name="bob" password="{bcrypt}$2a$10$/elFpMBnAYYig6KRR5bvOOYeZr1ie1hSogJryg9qDlhza4oCw1Qka"

authorities="ROLE_USER" />

<!-- Password is prefixed with {noop} to indicate to DelegatingPasswordEncoder that

NoOpPasswordEncoder should be used. This is not safe for production, but makes reading

in samples easier. Normally passwords should be hashed using BCrypt -->

</user-service>

</authentication-provider>

</authentication-manager>

인증을 위한 패스워드가 {bcrypt} 로 되어 있다. 이 설정은 InMemory 세션을 요구한다. 이를 위해서 spring-session.xml 을 작성해 web.xml 에서 다음과 같이 인식을 시켜 준다.

	<context-param>
		<param-name>contextConfigLocation</param-name>
		<param-value>
			classpath:spring/root-context.xml
			classpath:spring/spring-security.xml
			classpath:spring/spring-session.xml
		</param-value>
	</context-param>

	<!-- Spring Session. This setting is related to spring-session.xml -->
	<filter>
		<filter-name>springSessionRepositoryFilter</filter-name>
		<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
	</filter>
	<filter-mapping>
		<filter-name>springSessionRepositoryFilter</filter-name>
		<url-pattern>/*</url-pattern>
		<dispatcher>REQUEST</dispatcher>
		<dispatcher>ERROR</dispatcher>
	</filter-mapping>

<context-param>

<param-name>contextConfigLocation</param-name>

<param-value>

classpath:spring/root-context.xml

classpath:spring/spring-security.xml

classpath:spring/spring-session.xml

</param-value>

</context-param>

<filter-name>springSessionRepositoryFilter</filter-name>

<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>

</filter>

<filter-mapping>

<filter-name>springSessionRepositoryFilter</filter-name>

<url-pattern>/*</url-pattern>

<dispatcher>REQUEST</dispatcher>

<dispatcher>ERROR</dispatcher>

</filter-mapping>

BasicSpring5SecurityThemplateRedisSession 다운로드

Voyager of Linux

Spring5 Security 기초 템플릿 – Session

답글 남기기 응답 취소