728x90
종속성 추가
implementation 'org.springframework.boot:spring-boot-starter-security'Spring Security를 사용하기 위해, 위의 종속성을 추가함과 동시에 아래와 같은 로그인 화면이 뜨는 것을 볼 수 있다.
로그인 화면이 뜨는 이유
package org.springframework.boot.autoconfigure.security.servlet;
시큐리티 종속성 추가 후, 다음 패키지로 이동하면 SpringBootWebSecurityConfiguration라는 하나의 클래스를 확인할 수 있다.
@Configuration(proxyBeanMethods = false)
@ConditionalOnWebApplication(type = Type.SERVLET)
class SpringBootWebSecurityConfiguration {
/**
* The default configuration for web security. It relies on Spring Security's
* content-negotiation strategy to determine what sort of authentication to use. If
* the user specifies their own {@link SecurityFilterChain} bean, this will back-off
* completely and the users should specify all the bits that they want to configure as
* part of the custom security configuration.
*/
@Configuration(proxyBeanMethods = false)
@ConditionalOnDefaultWebSecurity
static class SecurityFilterChainConfiguration {
@Bean
@Order(SecurityProperties.BASIC_AUTH_ORDER)
SecurityFilterChain defaultSecurityFilterChain(HttpSecurity http) throws Exception {
http.authorizeHttpRequests((requests) -> requests.anyRequest().authenticated());
http.formLogin(withDefaults());
http.httpBasic(withDefaults());
return http.build();
}
}
/**
* Adds the {@link EnableWebSecurity @EnableWebSecurity} annotation if Spring Security
* is on the classpath. This will make sure that the annotation is present with
* default security auto-configuration and also if the user adds custom security and
* forgets to add the annotation. If {@link EnableWebSecurity @EnableWebSecurity} has
* already been added or if a bean with name
* {@value BeanIds#SPRING_SECURITY_FILTER_CHAIN} has been configured by the user, this
* will back-off.
*/
@Configuration(proxyBeanMethods = false)
@ConditionalOnMissingBean(name = BeanIds.SPRING_SECURITY_FILTER_CHAIN)
@ConditionalOnClass(EnableWebSecurity.class)
@EnableWebSecurity
static class WebSecurityEnablerConfiguration {
}
}
위의 내용 중 SecurityFilterChainConfiguration 내부 클래스를 확인해 보자.
@Configuration(proxyBeanMethods = false)
@ConditionalOnDefaultWebSecurity
static class SecurityFilterChainConfiguration {
@Bean
@Order(SecurityProperties.BASIC_AUTH_ORDER)
SecurityFilterChain defaultSecurityFilterChain(HttpSecurity http) throws Exception {
http.authorizeHttpRequests((requests) -> requests.anyRequest().authenticated());
http.formLogin(withDefaults());
http.httpBasic(withDefaults());
return http.build();
}
}http.authorizeHttpRequests((requests) -> requests.anyRequest().authenticated());
기본적으로 모든 접속에 대해 authenticated를 요청하고 있으며,
http.formLogin(withDefaults());
기본 로그인 화면을 반환하길 바라고,
http.httpBasic(withDefaults());
HTTP Basic에 대한 인증 방법을 요구한다.
반응형
'Server > Security' 카테고리의 다른 글
| [Spring Security] OncePerRequestFilter, GenericFilterBean에 대하여 (0) | 2024.02.16 |
|---|---|
| [Spring Security] UserDetails Class에 대하여 (0) | 2024.01.23 |
