[Java] 스프링(Spring) 보안(Security)
지난 시간에 스프링의
JDBC와 트랜잭션에 대해 학습했는데요
이번 학습 주제는 스프링(Spring)의
보안(Security)으로 로그인 프로그램을
제작하면서 알아보겠습니다
먼저 pom.xml에 보안 관련
dependency를 추가해줍니다
1. pom.xml
다음으로 보안 관련
설정(Config) 파일을 추가합니다
File → New → Other를 선택하면
아래의 창이 뜨고
Spring Bean Configuration File을 선택하고
프로젝트의 appServlet에
security-context로 지정하여 추가합니다
2. security-context.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
<security:http auto-config="true">
<security:form-login login-page="/loginForm.html"
<security:intercept-url pattern="/login.html*" access="ROLE_USER"/>
<security:intercept-url pattern="/welcome.html*" access="ROLE_ADMIN"/>
<security:user name="user" password="123" authorities="ROLE_USER"/>
<security:user name="admin" password="123" authorities="ROLE_ADMIN,ROLE_USER"/>
다음으로 web.xml 파일을
아래와 같이 설정합니다
3. web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee https://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
<!-- The definition of the Root Spring Container shared by all Servlets and Filters -->
<!-- Creates the Spring Container shared by all Servlets and Filters -->
<!-- Processes application requests -->
아래의 코드는 In-Memory 인증을 통한
로그인 페이지를 구현한 것입니다
그렇게 어려운 내용은 없어서
설명은 생략하도록 하겠습니다
4. HomeController.java
package com.example.demo;
import java.text.DateFormat;
import java.util.Date;
import java.util.Locale;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
* Handles requests for the application home page.
public class HomeController {
private static final Logger logger = LoggerFactory.getLogger(HomeController.class);
* Simply selects the home view to render by returning its name.
@RequestMapping(value = "/index.html", method = RequestMethod.GET)
public String home(Locale locale, Model model) {
logger.info("Welcome home! The client locale is {}.", locale);
Date date = new Date();
DateFormat dateFormat = DateFormat.getDateTimeInstance(DateFormat.LONG, DateFormat.LONG, locale);
String formattedDate = dateFormat.format(date);
model.addAttribute("serverTime", formattedDate );
return "home";
public String login(Locale locale, Model model) {
return "security/login";
public String welcome(Locale locale, Model model) {
return "security/welcome";
public String loginForm(Locale locale, Model model) {
return "security/loginForm";
5. index.jsp
<%@ page contentType="text/html;charset=utf-8" %>
<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
<%@ page session="false" %>
Hello world!
<P>Username is ${username}</P>
<a href="<c:url value="j_spring_security_logout" />" target="_self">Logout</a>
6. login.jsp
<%@ page language="java" contentType="text/html; charset=UTF-8"
<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
<%@ taglib uri="http://www.springframework.org/security/tags" prefix="s" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Insert title here</title>
<%-- <c:if test="${not empty pageContext.request.userPrincipal }">
<p> is Log-In</p>
<c:if test="${empty pageContext.request.userPrincipal }">
<p> is Log-Out</p>
</c:if> --%>
<s:authorize ifAnyGranted="ROLE_USER">
<p> is Log-In</p>
<s:authorize ifNotGranted="ROLE_USER">
<p> is Log-Out</p>
<%-- USER ID : ${pageContext.request.userPrincipal.name}<br/> --%>
USER ID : <s:authentication property="name"/><br/>
<a href="${pageContext.request.contextPath}/j_spring_security_logout">Log Out</a> <br />
7. loginForm.jsp
<%@ page language="java" contentType="text/html; charset=UTF-8"
<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Insert title here</title>
<c:url value="j_spring_security_check" var="loginUrl"/>
<form action="${loginUrl}" method="post">
<c:if test="${param.ng != null}">
LogIn NG! <br />
message : <c:out value="${SPRING_SECURITY_LAST_EXCEPTION.message}" />
ID : <input type="text" name="j_username"> <br />
PW : <input type="text" name="j_password"> <br />
<input type="submit" value="LOGIN"> <br />
8. welcome.jsp
<%@ page language="java" contentType="text/html; charset=UTF-8"
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Insert title here</title>
이것으로 이번 학습을 마치겠습니다
그럼 이만-_-