我不知道为什么我收到这个错误.. 我已经上传了尽可能多的资源。 如果我需要提供更多来源,请告诉我。
我是 Spring Security 的新手。需要很多帮助。谢谢。
pom.xml
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>5.1.5.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>5.1.5.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-taglibs</artifactId>
<version>5.1.5.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-acl</artifactId>
<version>5.1.5.RELEASE</version>
</dependency>
web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee https://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
<!-- The definition of the Root Spring Container shared by all Servlets and Filters -->
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/spring/root-context.xml
/WEB-INF/spring/security-context.xml
</param-value>
</context-param>
<!-- Creates the Spring Container shared by all Servlets and Filters -->
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<!-- 한글설정 -->
<filter>
<filter-name>encodingFilter</filter-name>
<filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
<init-param>
<param-name>encoding</param-name>
<param-value>UTF-8</param-value>
</init-param>
<init-param>
<param-name>forceEncoding</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>encodingFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- 한글설정 END -->
<!-- Spring Security Filter -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- Processes application requests -->
<servlet>
<servlet-name>appServlet</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/spring/appServlet/servlet-context.xml
/WEB-INF/spring/appServlet/context-common.xml
</param-value>
</init-param>
<init-param>
<param-name>throwExceptionIfNoHandlerFound</param-name>
<param-value>true</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>appServlet</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
</web-app>
security-context.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans
xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-4.2.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-4.2.xsd">
<http pattern="/resources/**" security="none" />
<http use-expressions="true">
<intercept-url pattern="/member/signup" access="permitAll" />
<intercept-url pattern="/member/login" access="permitAll" />
<intercept-url pattern="/board/list" access="permitAll" />
<intercept-url pattern="/board/get" access="hasRole('ROLE_USER')" />
<intercept-url pattern="/board/register" access="hasRole('ROLE_USER')" />
<intercept-url pattern="/board/modify" access="hasRole('ROLE_USER')" />
<form-login
login-page="/member/login"
login-processing-url="/auth"
default-target-url="/board/list"
username-parameter="member_id"
password-parameter="member_password"
always-use-default-target="true"
authentication-success-handler-ref="memberLoginSuccessHandler"
authentication-failure-handler-ref="memberLoginFailureHandler" />
<logout invalidate-session="true" logout-url="/member/logout" logout-success-url="/board/list"/>
<csrf disabled="true"/>
</http>
<beans:bean id="memberLoginSuccessHandler" class="com.smbaek.handler.MemberLoginSuccessHandler"/>
<beans:bean id="memberLoginFailureHandler" class="com.smbaek.handler.MemberLoginFailureHandler"/>
<beans:bean id="loginService" class="com.smbaek.service.LoginService"/>
<authentication-manager>
<authentication-provider user-service-ref="loginService" />
</authentication-manager>
</beans:beans>
login.jsp
<section id="main" class="wrapper">
<div class="inner">
<header class="major">
<h1>로그인</h1>
</header>
<p style="text-align:center;">
<!-- <a id="loginToSignUp" onclick="location.href='signup.jsp'">Sign Up</a> -->
<a id="loginToSignUp" href="/member/signup">Sign Up</a>
</p>
<!-- <input type="button" id="loginToSignUp" onclick="location.href='signup.jsp'" style="width:300px; display:block; margin:0 auto;" value="Sign Up?"><br> -->
<form name="loginForm" action="/auth" method="post">
<p style="text-align:center;">
ID :
<input type="text" id="member_id" name="member_id" style="display:block; margin:0 auto; width:500px">
PW :
<input type="password" id="member_password" name="member_password" style="display:block; margin:0 auto; width:500px">
</p>
<!-- 나중에 로그인 버튼을 통해 login_ok 페이지로 가도록 -->
<input type="button" id="login" onclick="idIdentify()" style="width:150px; display:block; margin:0 auto;" value="Login">
<input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}">
</form>
</div>
</section>
MemberLoginSuccessHandler.java
package com.smbaek.handler;
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
public class MemberLoginSuccessHandler implements AuthenticationSuccessHandler{
@Override
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
Authentication authentication) throws IOException, ServletException {
}
}
MemberLoginFailureHandler
package com.smbaek.handler;
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
public class MemberLoginFailureHandler implements AuthenticationFailureHandler{
@Override
public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, AuthenticationException exception) throws IOException, ServletException {
String view = "/member/login";
request.setAttribute("reason", exception.getMessage());
request.getRequestDispatcher(view).forward(request, response);
}
}
LoginService.java
package com.smbaek.service;
import java.util.ArrayList;
import java.util.Collection;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Service;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;
import com.smbaek.mapper.MemberMapper;
import lombok.Setter;
import lombok.extern.log4j.Log4j;
@Log4j
@Service("loginService")
public class LoginService implements UserDetailsService{
@Setter(onMethod_ = @Autowired)
private MemberMapper mapper;
@Override
public UserDetails loadUserByUsername(String member_id) throws UsernameNotFoundException {
UserDetails user = null; //사용자의 정보를 담는 인터페이스
log.info("loadUserByUsername >>>>>>>>>>>>>>>>>>>");
log.info("member_id : " + member_id);
Collection<SimpleGrantedAuthority> roles = new ArrayList<SimpleGrantedAuthority>();
roles.add(new SimpleGrantedAuthority("ROLE_USER"));
HttpServletRequest request = ((ServletRequestAttributes)RequestContextHolder.getRequestAttributes()).getRequest();
log.info("member_id : " + member_id);
log.info("member_pw : " + request.getParameter("member_pw"));
String password = request.getParameter("member_pw");
String member_pw = mapper.getLoginInfo(member_id);
if(password.equals(member_pw)) {
member_pw = "";
HttpSession session = request.getSession();
session.setAttribute("session_id", member_id);
user = new User(member_id, member_pw, roles);
}
return user;
}
}