1. Spring Security Custom Filter

Spring Security 에 Custom Filter를 추가할 수 있다.

1.1 GenericFilterBean

기본 로그인 세팅 후 클래스를 생성하여 GenericFilterBean을 상속 받은 뒤 security-context.xml에 설정해주면 된다.

public class CustomFilter extends GenericFilterBean {

	@Override
	public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
			throws IOException, ServletException {
		// TODO Auto-generated method stub

		chain.doFilter(request, response);
		
	}

}

 

1.2 security-context.xml

security-context.xml에 생성한 filter를 추가해 주면 된다.

	<security:http auto-config='true' use-expressions="true">
		<security:csrf disabled="true" />
		<security:intercept-url  />
		<security:form-login />
		<security:logout  />

		<security:custom-filter before="FORM_LOGIN_FILTER" ref="customFilter" />
	</security:http>

	<bean id="customFilter"
		class="com.test.app.filter.CustomFilter" />

 

before 대신 after, position을 사용할 수 있다. ref 에는 생성한 filter 클래스를 입력한다.

(현재 예제 : FORM_LOGIN_FILTER - 로그인 폼 인증 처리)

before - FORM_LOGIN_FILTER 인증 전에 생성한 filter 호출

after - FORM_LOGIN_FILTER 인증 후에 생성한 filter 호출

position - FORM_LOGIN_FILTER 대체를 생성한 filter로 대체 함.

position을 사용할 경우 security auto-config를 사용하지 않으므로 auto-config를 false로 해야 한다.

(auto-config : Automatically registers a login form, BASIC authentication, anonymous authentication, logout services, remember-me and servlet-api-integration. If set to "true", all of these capabilities are added (although you can still customize the configuration of each by providing the respective element). If unspecified, defaults to "false".)

 

2. Standard Filter Aliases and Ordering

FORM_LOGIN_FILTER 대신에 사용할 수 있는 항목들은 아래와 같다.

CHANNEL_FILTER ChannelProcessingFilter http/intercept-url@requires-channel
SECURITY_CONTEXT_FILTER SecurityContextPersistenceFilter http
CONCURRENT_SESSION_FILTER ConcurrentSessionFilter session-management/concurrency-control
LOGOUT_FILTER LogoutFilter http/logout
X509_FILTER X509AuthenticationFilter http/x509
PRE_AUTH_FILTER AstractPreAuthenticatedProcessingFilter Subclasses N/A
CAS_FILTER CasAuthenticationFilter N/A
FORM_LOGIN_FILTER UsernamePasswordAuthenticationFilter http/form-login
BASIC_AUTH_FILTER BasicAuthenticationFilter http/http-basic
SERVLET_API_SUPPORT_FILTER SecurityContextHolderAwareRequestFilter http/@servlet-api-provision
JAAS_API_SUPPORT_FILTER JaasApiIntegrationFilter http/@jaas-api-provision
REMEMBER_ME_FILTER RememberMeAuthenticationFilter http/remember-me
ANONYMOUS_FILTER AnonymousAuthenticationFilter http/anonymous
SESSION_MANAGEMENT_FILTER SessionManagementFilter session-management
EXCEPTION_TRANSLATION_FILTER ExceptionTranslationFilter http
FILTER_SECURITY_INTERCEPTOR FilterSecurityInterceptor http
SWITCH_USER_FILTER SwitchUserFilter N/A

 

참고 :

www.baeldung.com/spring-security-custom-filter

docs.spring.io/spring-security/site/docs/3.1.x/reference/springsecurity-single.html#ns-custom-filters

'Develop > Spring' 카테고리의 다른 글

Spring Tomcat JNDI 설정  (0) 2020.11.17
Spring Security Custom Filter  (0) 2020.11.09
Spring security 로그인(DB에 있는 아이디 조회)  (0) 2019.11.02
Spring Mybatis + MariaDB(HikariCP) 설정  (0) 2019.10.24
Spring 3 에서 4로 migration  (0) 2019.10.22

+ Recent posts