개요
- Spring Security 에서 제공하는 DSL(Doman Specific Language) 을 적용해 보고자한다.
- 폼인증 기반 필터가 아닌 직접만든 AjaxAuthenticationFilter 를 대상으로 구현해 볼 것이다.
Ajax Custom DSLs 구현
- 스프링 시큐리티에서 제공하는 DSL 로 Config 를 구성하면 필터, 핸들러, 메서드, 속성 등을 한 곳에 정의하여 처리할 수 있는 편리함 제공한다.
- AjaxLoginConfigurer 구현
public final class AjaxLoginConfigurer<H extends HttpSecurityBuilder<H>> extends
AbstractAuthenticationFilterConfigurer<H, AjaxLoginConfigurer<H>, AjaxLoginProcessingFilter> {
private AuthenticationSuccessHandler successHandler;
private AuthenticationFailureHandler failureHandler;
private AuthenticationManager authenticationManager;
public AjaxLoginConfigurer() {
super(new AjaxLoginProcessingFilter(), null);
}
@Override
public void init(H http) throws Exception {
super.init(http);
}
@Override
public void configure(H http) {
if(authenticationManager == null){
authenticationManager = http.getSharedObject(AuthenticationManager.class);
}
getAuthenticationFilter().setAuthenticationManager(authenticationManager);
getAuthenticationFilter().setAuthenticationSuccessHandler(successHandler);
getAuthenticationFilter().setAuthenticationFailureHandler(failureHandler);
SessionAuthenticationStrategy sessionAuthenticationStrategy = http
.getSharedObject(SessionAuthenticationStrategy.class);
if (sessionAuthenticationStrategy != null) {
getAuthenticationFilter().setSessionAuthenticationStrategy(sessionAuthenticationStrategy);
}
RememberMeServices rememberMeServices = http
.getSharedObject(RememberMeServices.class);
if (rememberMeServices != null) {
getAuthenticationFilter().setRememberMeServices(rememberMeServices);
}
http.setSharedObject(AjaxLoginProcessingFilter.class,getAuthenticationFilter());
http.addFilterBefore(getAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class);
}
@Override
public AjaxLoginConfigurer<H> loginPage(String loginPage) {
return super.loginPage(loginPage);
}
public AjaxLoginConfigurer<H> successHandlerAjax(AuthenticationSuccessHandler successHandler) {
this.successHandler = successHandler;
return this;
}
public AjaxLoginConfigurer<H> failureHandlerAjax(AuthenticationFailureHandler authenticationFailureHandler) {
this.failureHandler = authenticationFailureHandler;
return this;
}
public AjaxLoginConfigurer<H> setAuthenticationManager(AuthenticationManager authenticationManager) {
this.authenticationManager = authenticationManager;
return this;
}
@Override
protected RequestMatcher createLoginProcessingUrlMatcher(String loginProcessingUrl) {
return new AntPathRequestMatcher(loginProcessingUrl, "POST");
}
}
- init 메소드에서 초기화를 진행한다.
- configure 에서 필터, 핸들러, 메서드, 속성 등을 한 곳에 정의한다.
SecurityConfig 파일 변경
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.exceptionHandling()
.authenticationEntryPoint(new AjaxLoginUrlAuthenticationEntryPoint()
.and()
.apply(new AjaxLoginConfigurer<>())
.successHandlerAjax(ajaxAuthenticationSuccessHandler)
.failureHandlerAjax(ajaxAuthenticationFailureHandler)
.loginProcessingUrl(/ajaxLogin)
.setAuthenticationManager(ajaxAuthenticationManager())
.readAndWriteMapper(objectMapper);
}
}
- 위와 같이 SecurityConfig 파일에 HttpSecurity 의 apply(C configurer) 메서드 사용해서 AjaxLoginConfigurer 클래스를 등록해 주면 DSL 을 적용시킬 수 있다.
REFERENCES