Written by spring-style
on 

spring security 예외처리

spring security 예외처리

728x90

package io.security.basicsecurity; import org.springframework.context.annotation.Configuration; import org.springframework.security.access.AccessDeniedException; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.core.Authentication; import org.springframework.security.core.AuthenticationException; import org.springframework.security.web.AuthenticationEntryPoint; import org.springframework.security.web.access.AccessDeniedHandler; import org.springframework.security.web.authentication.AuthenticationSuccessHandler; import org.springframework.security.web.savedrequest.HttpSessionRequestCache; import org.springframework.security.web.savedrequest.RequestCache; import org.springframework.security.web.savedrequest.SavedRequest; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.io.IOException; @Configuration @EnableWebSecurity public class SecurityConfig extends WebSecurityConfigurerAdapter { @Override protected void configure(AuthenticationManagerBuilder auth) throws Exception { // 메모리 방식 유저 생성 // {noop} = 암호하가 이루어지지 않음 auth.inMemoryAuthentication().withUser("user").password("{noop}1111").roles("USER"); auth.inMemoryAuthentication().withUser("sys").password("{noop}1111").roles("SYS","USER"); auth.inMemoryAuthentication().withUser("admin").password("{noop}1111").roles("ADMIN","SYS","USER"); } @Override protected void configure(HttpSecurity http) throws Exception { // 어떠한 요청에도 인증 받게 http .authorizeRequests() .antMatchers("/login").permitAll() .antMatchers("/user").hasRole("USER") .antMatchers("/admin/pay").hasRole("ADMIN") .antMatchers("/admin/**").access("hasRole('ADMIN') or hasRole('SYS')") .anyRequest().authenticated(); // 인증 방법은 form 로그인 방식으로 http .formLogin() .successHandler(new AuthenticationSuccessHandler() { @Override public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException { // 사용자가 원래 가고자했던 URL (정보) RequestCache requestCache = new HttpSessionRequestCache(); SavedRequest savedRequest = requestCache.getRequest(request, response); String redirectUrl = savedRequest.getRedirectUrl(); response.sendRedirect(redirectUrl); } }); http .exceptionHandling() // 인증에러 .authenticationEntryPoint(new AuthenticationEntryPoint() { @Override public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException) throws IOException, ServletException { // 사용자가만든 컨트롤러로 이동(시큐리티 기본 login 페이지 X) response.sendRedirect("/login"); } }) // 인가에러 .accessDeniedHandler(new AccessDeniedHandler() { @Override public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException accessDeniedException) throws IOException, ServletException { // 사용자가만든 컨트롤러로 이동(시큐리티 기본 login 페이지 X) response.sendRedirect("/denied"); } }); }; }

728x90

from http://arch1tect.tistory.com/227 by ccl(A) rewrite - 2021-12-02 00:27:29