EunJuOh33 · EunJuOh33 · Feb 22, 2021 · Feb 22, 2021 · Feb 22, 2021 · Feb 22, 2021
diff --git a/.settings/org.eclipse.wst.common.component b/.settings/org.eclipse.wst.common.component
@@ -1,29 +1,34 @@
 <?xml version="1.0" encoding="UTF-8"?><project-modules id="moduleCoreId" project-version="1.5.0">
-
+
+
 
 
 
 
     <wb-module deploy-name="controller-1.0.0-BUILD-SNAPSHOT">
-
+
+
 
 
 
 
         <wb-resource deploy-path="/" source-path="/target/m2e-wtp/web-resources"/>
-
+
+
 
 
 
 
         <wb-resource deploy-path="/" source-path="/src/main/webapp" tag="defaultRootSource"/>
-
+
+
 
 
 
 
         <wb-resource deploy-path="/WEB-INF/classes" source-path="/src/main/java"/>
-
+
+
 
 
 
@@ -32,25 +37,29 @@
         <dependent-module archiveName="ojdbc8.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/lib/D:/sqldeveloper-19.2.1.247.2212-x64/sqldeveloper/jdbc/lib/ojdbc8.jar">
             <dependency-type>uses</dependency-type>
         </dependent-module>
-
+
+
 
 
 
 
         <property name="java-output-path" value="target/classes"/>
-
+
+
 
 
 
 
         <property name="context-root" value="controller"/>
-
+
+
 
 
 
 
     </wb-module>
-
+
+
 
 
 

diff --git a/pom.xml b/pom.xml
@@ -49,6 +49,29 @@
 			<version>${org.springframework-version}</version>
 		</dependency>
 
+		<!-- Spring Security 추가 -->
+		<dependency>
+			<groupId>org.springframework.security</groupId>
+			<artifactId>spring-security-web</artifactId>
+			<version>5.0.6.RELEASE</version>
+		</dependency>
+		<dependency>
+			<groupId>org.springframework.security</groupId>
+			<artifactId>spring-security-config</artifactId>
+			<version>5.0.6.RELEASE</version>
+		</dependency>
+		<dependency>
+			<groupId>org.springframework.security</groupId>
+			<artifactId>spring-security-core</artifactId>
+			<version>5.0.6.RELEASE</version>
+		</dependency>
+
+		<dependency>
+			<groupId>org.springframework.security</groupId>
+			<artifactId>spring-security-taglibs</artifactId>
+			<version>5.0.6.RELEASE</version>
+		</dependency>
+
 		<!-- HikariCP추가 -->
 		<dependency>
 			<groupId>com.zaxxer</groupId>

diff --git a/src/main/java/org/zerock/config/SecurityConfig.java b/src/main/java/org/zerock/config/SecurityConfig.java
@@ -0,0 +1,43 @@
+package org.zerock.config;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
+import org.zerock.security.CustomLoginSuccessHandler;
+
+import lombok.extern.log4j.Log4j;
+
+@Configuration
+@EnableWebSecurity
+@Log4j
+public class SecurityConfig extends WebSecurityConfigurerAdapter {
+
+	@Override
+	public void configure(AuthenticationManagerBuilder auth) throws Exception {
+		log.info("configure....................");
+		auth.inMemoryAuthentication().withUser("admin").password("{noop}admin").roles("ADMIN");
+		auth.inMemoryAuthentication().withUser("member").password("{noop}member").roles("MEMBER");
+	}
+
+	@Bean
+	public AuthenticationSuccessHandler loginSuccessHandler() {
+		return new CustomLoginSuccessHandler();
+	}
+
+	@Override
+	public void configure(HttpSecurity http) throws Exception {
+
+		http.authorizeRequests()
+			.antMatchers("/samplesecurity/all").permitAll()
+			.antMatchers("/samplesecurity/admin").access("hasRole('ROLE_ADMIN')")
+			.antMatchers("/samplesecurity/member").access("hasRole('ROLE_MEMBER')");
+
+		http.formLogin().loginPage("/customLogin").loginProcessingUrl("/login").successHandler(loginSuccessHandler());
+
+	}
+
+}
diff --git a/src/main/java/org/zerock/config/SecurityInitializer.java b/src/main/java/org/zerock/config/SecurityInitializer.java
@@ -0,0 +1,7 @@
+package org.zerock.config;
+
+import org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer;
+
+public class SecurityInitializer extends AbstractSecurityWebApplicationInitializer {
+
+}
diff --git a/src/main/java/org/zerock/config/WebConfig.java b/src/main/java/org/zerock/config/WebConfig.java
@@ -12,7 +12,7 @@ public class WebConfig extends AbstractAnnotationConfigDispatcherServletInitiali
 
 	@Override
 	protected Class<?>[] getRootConfigClasses() {
-		return new Class[] { RootConfig.class };
+		return new Class[] { RootConfig.class, SecurityConfig.class };
 	}
 
 	@Override

diff --git a/src/main/java/org/zerock/controller/SecurityCommonController.java b/src/main/java/org/zerock/controller/SecurityCommonController.java
@@ -0,0 +1,36 @@
+package org.zerock.controller;
+
+import org.springframework.security.core.Authentication;
+import org.springframework.stereotype.Controller;
+import org.springframework.ui.Model;
+import org.springframework.web.bind.annotation.GetMapping;
+
+import lombok.extern.log4j.Log4j;
+
+@Controller
+@Log4j
+public class SecurityCommonController {
+
+	@GetMapping("/accessError")
+	public void accessDenied(Authentication auth, Model model) {
+		log.info("access Denied : " + auth);
+
+		model.addAttribute("msg", "Access Denied");
+	}
+
+	@GetMapping("/customLogin")
+	public void loginInput(String error, String logout, Model model) {
+
+		log.info("error: " + error);
+		log.info("logout: " + logout);
+
+		if(error != null) {
+			model.addAttribute("error", "Login Error Check Your Account");
+		}
+
+		if(logout != null) {
+			model.addAttribute("logout", "Logout!!");
+		}
+	}
+
+}
diff --git a/src/main/java/org/zerock/controller/SecuritySampleController.java b/src/main/java/org/zerock/controller/SecuritySampleController.java
@@ -0,0 +1,31 @@
+package org.zerock.controller;
+
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+
+import lombok.extern.log4j.Log4j;
+
+@Controller
+@RequestMapping("/samplesecurity/*")
+@Log4j
+public class SecuritySampleController {
+
+/* Spring Security 연습 */
+
+	@GetMapping("/all")
+	public void doAll() {
+		log.info("do all can access everybody");
+	}
+
+	@GetMapping("/member")
+	public void doMember() {
+		log.info("logined member");
+	}
+
+	@GetMapping("/admin")
+	public void doAdmin() {
+		log.info("admin only");
+	}
+
+}
diff --git a/src/main/java/org/zerock/security/CustomLoginSuccessHandler.java b/src/main/java/org/zerock/security/CustomLoginSuccessHandler.java
@@ -0,0 +1,47 @@
+package org.zerock.security;
+
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.springframework.security.core.Authentication;
+import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
+
+import lombok.extern.log4j.Log4j;
+
+@Log4j
+public class CustomLoginSuccessHandler implements AuthenticationSuccessHandler {
+
+	@Override
+	public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication auth) throws IOException, ServletException {
+
+		log.warn("Login Success");
+
+		List<String> roleNames = new ArrayList<>();
+
+		auth.getAuthorities().forEach(authority -> {
+			roleNames.add(authority.getAuthority());
+		});
+
+		log.warn("ROLE NAMES: " + roleNames);
+
+		/* 사용자가 가진 모든 권한을 문자열로 체크 */
+
+		if(roleNames.contains("ROLE_ADMIN")) {	// "ROLE_ADMIN" 권한을 가졌다면 로그인 후 바로 /samplesecurity/admin 페이지로 이동
+			response.sendRedirect("/samplesecurity/admin");
+			return;
+		}
+
+		if(roleNames.contains("ROLE_MEMBER")) {
+			response.sendRedirect("/samplesecurity/member");
+			return;
+		}
+
+		response.sendRedirect("/");
+	}
+
+}
diff --git a/src/main/webapp/WEB-INF/views/accessError.jsp b/src/main/webapp/WEB-INF/views/accessError.jsp
@@ -0,0 +1,22 @@
+<%@ page language="java" contentType="text/html; charset=UTF-8"
+    pageEncoding="UTF-8"%>
+
+<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
+<%@ taglib uri="http://www.springframework.org/security/tags" prefix="sec" %>
+<%@ page import="java.util.*" %>
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+<title>Insert title here</title>
+</head>
+<body>
+	<h1>Access Denied Page</h1>
+
+	<h2><c:out value="${SPRING_SECURITY_403_EXCEPTION.getMessage() }" /></h2>
+
+	<h2><c:out value="${msg }" /></h2>
+</body>
+</html>
diff --git a/src/main/webapp/WEB-INF/views/customLogin.jsp b/src/main/webapp/WEB-INF/views/customLogin.jsp
@@ -0,0 +1,35 @@
+<%@ page language="java" contentType="text/html; charset=UTF-8"
+    pageEncoding="UTF-8"%>
+
+<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>    
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+<title>Insert title here</title>
+</head>
+<body>
+
+	<h1>Custom Login Page</h1>
+	<h2><c:out value="${error }" /></h2>
+	<h2><c:out value="${logout }" /></h2>
+
+	<form method='post' action="/login">
+
+	<div>
+		<input type='text' name='username' value='admin'>
+	</div>
+	<div>
+		<input type='password' name='password' value='admin'>	
+	</div>
+	<div>
+		<input type='submit'>
+	</div>
+	<input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}" />
+
+	</form>
+
+</body>
+</html>
diff --git a/src/main/webapp/WEB-INF/views/samplesecurity/admin.jsp b/src/main/webapp/WEB-INF/views/samplesecurity/admin.jsp
@@ -0,0 +1,12 @@
+<%@ page language="java" contentType="text/html; charset=UTF-8"
+    pageEncoding="UTF-8"%>
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+<title>Insert title here</title>
+</head>
+<body>
+	<h1>/sample/admin page</h1>
+</body>
+</html>
diff --git a/src/main/webapp/WEB-INF/views/samplesecurity/all.jsp b/src/main/webapp/WEB-INF/views/samplesecurity/all.jsp
@@ -0,0 +1,13 @@
+<%@ page language="java" contentType="text/html; charset=UTF-8"
+    pageEncoding="UTF-8"%>
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+<title>Insert title here</title>
+</head>
+<body>
+	<h1>/sample/all page</h1>
+</body>
+</html>
diff --git a/src/main/webapp/WEB-INF/views/samplesecurity/member.jsp b/src/main/webapp/WEB-INF/views/samplesecurity/member.jsp
@@ -0,0 +1,13 @@
+<%@ page language="java" contentType="text/html; charset=UTF-8"
+    pageEncoding="UTF-8"%>
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+<title>Insert title here</title>
+</head>
+<body>
+	<h1>/sample/member page</h1>
+</body>
+</html>
diff --git a/target/classes/org/zerock/config/SecurityConfig.class b/target/classes/org/zerock/config/SecurityConfig.class
diff --git a/target/classes/org/zerock/config/SecurityInitializer.class b/target/classes/org/zerock/config/SecurityInitializer.class
diff --git a/target/classes/org/zerock/config/WebConfig.class b/target/classes/org/zerock/config/WebConfig.class
diff --git a/target/classes/org/zerock/controller/SecurityCommonController.class b/target/classes/org/zerock/controller/SecurityCommonController.class
diff --git a/target/classes/org/zerock/controller/SecuritySampleController.class b/target/classes/org/zerock/controller/SecuritySampleController.class
diff --git a/target/classes/org/zerock/security/CustomLoginSuccessHandler.class b/target/classes/org/zerock/security/CustomLoginSuccessHandler.class
diff --git a/target/m2e-wtp/web-resources/META-INF/maven/org.zerock/controller/pom.properties b/target/m2e-wtp/web-resources/META-INF/maven/org.zerock/controller/pom.properties
@@ -1,5 +1,5 @@
 #Generated by Maven Integration for Eclipse
-#Mon Feb 22 12:12:18 KST 2021
+#Mon Mar 01 18:52:13 KST 2021
 m2e.projectLocation=D\:\\workspace\\ex03
 m2e.projectName=ex03
 groupId=org.zerock