# [Security] JWT ๊ตฌํ˜„ (2) - Security ์„ค์ •, ๋ฐ์ดํ„ฐ ์‚ฝ์ž…
Study Repository

[Security] JWT ๊ตฌํ˜„ (2) - Security ์„ค์ •, ๋ฐ์ดํ„ฐ ์‚ฝ์ž…

by rlaehddnd0422

Security ์„ค์ •

@Configuration 
@EnableWebSecurity  // 1
public class SecurityConfig {

	// 2
    @Bean
    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
        http
                .authorizeRequests() // 3
                .antMatchers("/api/hello").permitAll() // 4
                .antMatchers("/api/authenticate").permitAll() // 5
                .antMatchers("/api/signup").permitAll() // 6
                .anyRequest().authenticated(); // 7
        
        return http.build();
    }
}
  1.  SecurityConfig ํด๋ž˜์Šค๋ฅผ @Configuration์œผ๋กœ ์„ค์ •ํŒŒ์ผ๋กœ ๋“ฑ๋กํ•˜๊ณ , @EnableWebSecurity์œผ๋กœ ๊ธฐ๋ณธ์ ์ธ ๋ณด์•ˆ ๊ตฌ์„ฑ์„ ํ™œ์„ฑํ™” ํ•ด์ค๋‹ˆ๋‹ค.
  2. Security์—์„œ ์‚ฌ์šฉํ•˜๋Š” ํ•„ํ„ฐ๋ฅผ customizingํ•˜๊ธฐ ์œ„ํ•ด ๋นˆ์œผ๋กœ ๋“ฑ๋กํ•ฉ๋‹ˆ๋‹ค.
  3. ์•„๋ž˜ ์ฒด์ธ์œผ๋กœ ์—ฐ๊ฒฐ๋œ ๋ฉ”์†Œ๋“œ์— ํ•œํ•ด  ์ ‘๊ทผ ๊ถŒํ•œ์„ ์„ค์ •ํ•ฉ๋‹ˆ๋‹ค.
  4. "/api/hello"๋Š” ์ ‘๊ทผ ๊ถŒํ•œ ์„ค์ • X
  5. "/api/authenticate"๋Š” ์ ‘๊ทผ ๊ถŒํ•œ ์„ค์ • X
  6. "/api/signup"์€ ์ ‘๊ทผ ๊ถŒํ•œ ์„ค์ • X
  7. ๊ทธ ์™ธ์˜ ์š”์ฒญ์— ํ•œํ•ด์„œ๋Š” Authentication ์ธ์ฆ ํ•„์š” 

/api/hello์™€, ๋กœ๊ทธ์ธ ํŽ˜์ด์ง€, ํšŒ์›๊ฐ€์ž… ํŽ˜์ด์ง€์— ํ•œํ•ด ์ธ์ฆ์—†์ด ์ ‘๊ทผ ๊ฐ€๋Šฅํ•˜๋„๋ก, ๊ทธ ์™ธ์˜ API์— ๋Œ€ํ•ด์„œ๋Š” ์ธ์ฆ์„ ํ•ด์•ผ๋งŒ ์ ‘๊ทผํ•  ์ˆ˜ ์žˆ๊ฒŒ ์„ค์ •ํ•ด ์ฃผ์—ˆ์Šต๋‹ˆ๋‹ค.

Entity ์ƒ์„ฑ

Member.class

@Entity
@Getter
@Setter
@Builder
@AllArgsConstructor
@NoArgsConstructor
public class Member {

    @Id
    @Column(name = "member_id")
    @GeneratedValue(strategy = GenerationType.IDENTITY)
    private Long id;

    private String username;

    private String password;

    private String nickname;

    private boolean activated;

    @ManyToMany
    @JoinTable(
            name = "member_authority",
            joinColumns = {@JoinColumn(name = "member_id", referencedColumnName = "member_id")},
            inverseJoinColumns = {@JoinColumn(name = "authority_name", referencedColumnName = "authority_name")})
    private Set<Authority> authorities;
}

 

Authority.class

@Entity
@Table(name = "authority")
@Getter
@Setter
@Builder
@AllArgsConstructor
@NoArgsConstructor
public class Authority {

    @Id
    @Column(name = "authority_name", length = 50)
    private String authorityName;
}
  • Member (*) โžก๏ธ Authority (*) : ๋‹ค๋Œ€๋‹ค ๊ด€๊ณ„ ๋งคํ•‘ by JoinTable

 

DataSource / JPA ์„ค์ •

DataSource ์„ค์ •

applciation.yml์— DataSource๋ฅผ ์ง€์ •ํ•ด์ค์‹œ๋‹ค.

server:
  port: 8080
  servlet:
    context-path: /
    encoding:
      charset: UTF-8
      enabled: true
      force: true

spring:
  datasource:
    driver-class-name: org.h2.Driver
    url: jdbc:h2:tcp://localhost/~/jwtserver
    username: sa
    password:

  jpa:
    database-platform: org.hibernate.dialect.H2Dialect
    hibernate:
#      hbm2ddl-auto: create #create update none
      ddl-auto: create-drop
    properties:
      hibernate:
        show_sql: true

application.properties

 

JPA ์„ค์ • 

insert into member (username, password, nickname, activated) values ('admin', '$2a$08$lDnHPz7eUkSi6ao14Twuau08mzhWrL4kyZGGU5xfiGALO/Vxd5DOi', 'admin', 1);
insert into member (username, password, nickname, activated) values ('user', '$2a$08$UkVvwpULis18S19S5pZFn.YHPZt3oaqHZnDwqbCW9pft6uFtkXKDC', 'user', 1);

insert into authority (authority_name) values ('ROLE_USER');
insert into authority (authority_name) values ('ROLE_ADMIN');

insert into member_authority (member_id, authority_name) values (1, 'ROLE_USER');
insert into member_authority (member_id, authority_name) values (1, 'ROLE_ADMIN');
insert into member_authority (member_id, authority_name) values (2, 'ROLE_USER');
  • ํ˜„์žฌ ์„ค์ •์ด ddl-auto: create-drop ์œผ๋กœ ๋˜์–ด์žˆ์œผ๋ฏ€๋กœ ์• ํ”Œ๋ฆฌ์ผ€์ด์…˜์„ ์‹คํ–‰ํ•  ๋•Œ๋งˆ๋‹ค ๋ฐ์ดํ„ฐ๋ฅผ ๋ชจ๋‘ ์ง€์šฐ๊ฒŒ ๋˜๋Š”๋ฐ, ํŽธ์˜๋ฅผ ์œ„ํ•ด ๋ฐ์ดํ„ฐ๋ฅผ ์ƒ์„ฑํ•ด๋‘๊ณ  ์‹คํ–‰๋  ๋•Œ๋งˆ๋‹ค ์ถ”๊ฐ€ํ•  ์ˆ˜ ์žˆ๋„๋ก ํ•˜๊ฒ ์Šต๋‹ˆ๋‹ค.

 

์„œ๋ฒ„ ์‹คํ–‰ ํ›„ ๋ฐ์ดํ„ฐ๋ฒ ์ด์Šค ํ™•์ธ 

h2 ์ฝ˜์†”์—์„œ ํ™•์ธ

ํ…Œ์ด๋ธ”์ด ์ž˜ ์ƒ์„ฑ๋˜์—ˆ๊ณ  ๋ฐ์ดํ„ฐ๋„ ์ž˜ ์‚ฝ์ž…๋œ ๊ฒƒ์„ ํ™•์ธํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค.

 

์ด์ œ ์ดˆ๊ธฐ ์„ค์ •์ด ๋ชจ๋‘ ๋๋‚ฌ์Šต๋‹ˆ๋‹ค. ๋‹ค์Œ ํฌ์ŠคํŒ…์—์„œ๋Š” ๋ณธ๊ฒฉ์ ์œผ๋กœ JWT๋ฅผ ๋„์ž…ํ•ด๋ณด๋„๋ก ํ•˜๊ฒ ์Šต๋‹ˆ๋‹ค

<์ฐธ๊ณ ์ž๋ฃŒ>

 

[๋ฌด๋ฃŒ] Spring Boot JWT Tutorial - ์ธํ”„๋Ÿฐ | ๊ฐ•์˜

Spring Boot, Spring Security, JWT๋ฅผ ์ด์šฉํ•œ ํŠœํ† ๋ฆฌ์–ผ์„ ํ†ตํ•ด ์ธ์ฆ๊ณผ ์ธ๊ฐ€์— ๋Œ€ํ•œ ๊ธฐ์ดˆ ์ง€์‹์„ ์‰ฝ๊ณ  ๋น ๋ฅด๊ฒŒ ํ•™์Šตํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค., - ๊ฐ•์˜ ์†Œ๊ฐœ | ์ธํ”„๋Ÿฐ

www.inflearn.com

 

๋ธ”๋กœ๊ทธ์˜ ์ •๋ณด

Study Repository

rlaehddnd0422

ํ™œ๋™ํ•˜๊ธฐ