블로그 이미지
Max.

calendar

        1 2 3
4 5 6 7 8 9 10
11 12 13 14 15 16 17
18 19 20 21 22 23 24
25 26 27 28 29 30  

Notice

'security'에 해당되는 글 1

  1. 2009.11.18 Spring Secutiry3.0 확장 예시
2009.11.18 15:46 개발관련

본 예시는, Spring Security 의 기본 User 정보를 확장하여, 도메인 특성에 맞는 정보를 포함시키는 예시이다. 최근 3.0버전에 맞췄으며, 특정 템플릿 만드는 도중에 주요 내용만 기록한다.

0. 환경
Window Vista + JDK1.6 + Tomcat6.0 + Spring3.0 RC1 + Spring Roo1.0 RC4 + Spring Security3.0 M2

1. applicationContext-security.xml 설정

<http auto-config="true" use-expressions="true">
     <form-login login-processing-url="/static/j_spring_security_check" login-page="/login" authentication-failure-url="/login?login_error=t"/>
        <logout logout-url="/static/j_spring_security_logout"/>
        <intercept-url pattern="/admin/**" access="hasRole('ROLE_ADMIN')"/>
        <intercept-url pattern="/project/**"  access="isAuthenticated()" />
        <intercept-url pattern="/member/**"  access="isAuthenticated()" />
       
        <intercept-url pattern="/resources/**" access="permitAll" />
        <intercept-url pattern="/static/**" access="permitAll" />
        <intercept-url pattern="/scripts/**"  access="permitAll" />
        <intercept-url pattern="/styles/**"  access="permitAll" />
        <intercept-url pattern="/images/**"  access="permitAll" />
        <intercept-url pattern="/remote/**"  access="permitAll" />
               
        <intercept-url pattern="/**" access="permitAll" />
    </http>
 <authentication-manager>
   <authentication-provider user-service-ref="webUserDetailsService">
     <password-encoder hash="plaintext"/>
   </authentication-provider>
 </authentication-manager>
 <beans:bean id="webUserDetailsService" class="net.max.core.security.service.WebUserDetailsService"/>

2. UserDetailsService 확장

public class WebUserDetailsService implements UserDetailsService {
 
 @Override
 public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException, DataAccessException {
  boolean enabled = true;
  boolean accountNonExpired = true;
  boolean credentialsNonExpired = true;
  boolean accountNonLocked = true;
  List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();
  AccountAuth accountAuth = null;
  WebUser webUser = null;
  
  try{
   accountAuth = (AccountAuth) AccountAuth.findAccountAuthsByLoginIdEquals(username).getSingleResult();
   authorities.add(new GrantedAuthorityImpl("ROLE_"+accountAuth.getAuthName()));
   
   Account account = (Account) Account.findAccountsByLoginIdEquals(username).getSingleResult();
   webUser = new WebUser(
     account.getStaffName(),
     account.getStaffClass(),
     account.getTeamId(),
     account.getEmail(),
     account.getPhone(),
     account.getMobile(),
     account.getPhoto(),
     account.getSignature(),
     account.getRoll(),
     account.getLoginId(),
     account.getLoginPw(),
     enabled,
     accountNonExpired,
     credentialsNonExpired,
     accountNonLocked,
     authorities    
     );
  }catch (Exception e) {
   throw new UsernameNotFoundException("Account user Not Founded");
  }
  
  if(webUser == null){
   throw new UsernameNotFoundException("Account user Not Founded");
  }  
  return webUser;
 }
}

3. UserDetails의 구현체인 User 클래스 확장

public class WebUser extends User {
 ...
 
 public WebUser(
   String staffName,
   String staffClass,
   Long teamId,
   String email,
   String phone,
   String mobile,
   String photo,
   String signature,
   String roll,
   String username, String password, boolean enabled,
   boolean accountNonExpired, boolean credentialsNonExpired,
   boolean accountNonLocked, List<GrantedAuthority> authorities
  ) {
  super(username, password, enabled, accountNonExpired, credentialsNonExpired, accountNonLocked, authorities);
  this.staffName = staffName;
  this.staffClass = staffClass;
  this.teamId = teamId;
  this.email = email;
  this.phone = phone;
  this.mobile = mobile;
  this.photo = photo;
  this.signature = signature;
  this.roll = roll;  
  this.loginId = username;
  this.loginPw = password;
  }
...
}



4. Web  Controller에서 사용시 예시

    @RequestMapping(value = "/project/doc/{projectId}/{docType}/{docId}/form", method = RequestMethod.GET)   
    public String createForm(@PathVariable("projectId") Long projectId, @PathVariable("docType") String docType, @PathVariable("docId") Long docId, ModelMap modelMap) {
...
     WebUser webUser = getWebUser();
...   
     doc.setAccountDepartment(webUser.getRoll());
     doc.setAccountName(webUser.getStaffName());
     doc.setAccountClassType(webUser.getStaffClass());
     modelMap.addAttribute("doc", doc);    
     return "project/doc/create";       
    } 
 
  private WebUser getWebUser(){
     return (WebUser)SecurityContextHolder.getContext().getAuthentication().getPrincipal();
    } 

기본적인 확장 예시이다. 이상 끝.

저작자 표시
신고

'개발관련' 카테고리의 다른 글

Spring Batch 2.1.0 예시  (0) 2009.11.18
Spring Quartz 예시(고전방식)  (0) 2009.11.18
Spring Secutiry3.0 확장 예시  (0) 2009.11.18
lock in  (0) 2009.11.13
JIRA 관련 링크 모음  (4) 2009.11.11
Spring Roo 1.0.0.RC3 Released  (0) 2009.11.11
posted by Max.
prev 1 next

티스토리 툴바