½ºÇÁ¸µ ÆûÀ» ÀÌ¿ëÇÑ ½ÃÅ¥¸®Æ¼ ·Î±×ÀÎÀÌ ¾Æ´Ñ °Á¦·Î ½ÃÅ¥¸®Æ¼ ÄÁÅؽºÆ®¸¦ ¼³Á¤ÇØÁ༠·Î±×ÀÎÀ»
ÁøÇàÇÏ·Á°í Çϴµ¥¿ä.
±¸±Û¸µ Çغ¸¸é ¾Æ·¡¿Í °°Àº ÇüÅ·Π±¸¼ºÇÏ¸é ·Î±×ÀÎÀÌ µÈ´Ù°í ÇÕ´Ï´Ù.
@Resource(name="userDetailsService")
protected UserDetailsService userDetailsService;
@RequestMapping(value="login", method=RequestMethod.POST)
public String login(HttpServletRequest request) throws Exception{
UserDetails ckUserDetails = userDetailsService.loadUserByUsername("USER_ID");
Authentication authentication = new UsernamePasswordAuthenticationToken(ckUserDetails, "USER_PASSWORD", ckUserDetails.getAuthorities());
SecurityContext securityContext = SecurityContextHolder.getContext();
securityContext.setAuthentication(authentication);
HttpSession session = request.getSession(true);
session.setAttribute("SPRING_SECURITY_CONTEXT", securityContext);
return "redirect:/login/success";
}
±×·¡¼ À§¿Í°°ÀÌ ±¸¼ºÇؼ ÁøÇàÀ» ÇÏ¿´´Âµ¥ ·Î±×ÀÎÀÌ ¹Ý¸¸ µË´Ï´Ù.
¹«½¼¸»À̳ĸé,
ÀÏ´Ü API ·Î À§ ·Î±×ÀÎ ÇÁ·Î¼¼½º¸¦ Å¿î ÈÄ ÆäÀÌÁö¸¦ »õ·Î ¶ç¿öº¸¸é ·Î±×ÀÎÀÌ ¾ÈµÇ¾îÀÖ½À´Ï´Ù.
¿Ö ¾ÈµÇ´Â°ÅÁö °è¼Ó Çìµù ÇÏ´Ù°¡ ¾îµð¼ ÇÊÅÍÂÊÀ» »ìÆ캸¶ó°í Çؼ
ÇÊÅÍ¿¡ µð¹ö±ë Çϳª Çϳª Àâ¾Æ°¡¸ç µé¾î¿À´Â°Å È®ÀÎÇÏ´Ï±î ·Î±×ÀÎÀÌ µË´Ï´Ù.
(¼Ò½º ¼öÁ¤ÇÑ°Å ¾øÀ½)
Á¤¸®Çϸé, óÀ½ API ¿äû ½Ã HttpSessionSecurityContextRepository.class ¾È¿¡¼
private boolean contextChanged(SecurityContext context) {
return context != this.contextBeforeExecution || context.getAuthentication() != this.authBeforeExecution;
}
ÀÌ ¸Þ¼Òµå¿¡ µð¹ö±ëÀ» Àâ°í conext °¡ Á¦´ë·Î ±¸¼ºµÇ´ÂÁö È®ÀÎÇÕ´Ï´Ù.
ÀÌ ºÎºÐ Á¤»óÀûÀ¸·Î »ý¼ºµÊÀ» È®ÀÎÇÕ´Ï´Ù.
ÀÌÈÄ ÆäÀÌÁö¸¦ »õ·Î ¿äûÇÏ¸é ¾Õ¼ »ý¼ºÇÑ context °¡ Á¦´ë·Î µé¾îÀÖÀ½ÀÌ È®ÀÎµÇ¸ç ·Î±×ÀÎÀÌ µÈ »óÅ·ΠÆäÀÌÁö°¡ È£Ã⠵˴ϴÙ.
ÀÚ ±×·³ ÀÌÁ¦ µð¹ö±ëÀ» Ç®¾îº¾´Ï´Ù.
´Ù½Ã API È£Ãâ ÈÄ ÆäÀÌÁö ¿äûÇÏ¸é ·Î±×ÀÎÀÌ ¾ÈµÇ¾îÀÖ½À´Ï´Ù.
À§¿¡ µð¹ö±ëÀ» Àâ°í ÆäÀÌÁö¸¦ ´Ù½Ã È£ÃâÇغ¸¸é context °¡ »ý¼ºµÇ¾îÀÖÁö ¾Ê½À´Ï´Ù.
µð¹ö±ëÀ» ÇÏ°í ¾ÈÇÏ°í Â÷ÀÌÀε¥ µµ´ëü ¾îµð¸¦ ¾î¶»°Ô º¸¾Æ¾ß ÇÒÁö °¨ÀÌ ¿ÀÁú¾Ê½À´Ï´Ù.
Á¶¾ð ºÎŹµå¸³´Ï´Ù ¤Ì_¤Ì
Áú¹® | 2306¸íÀÌ Àоú¾î¿ä. 18.225.57.49