νμ리ν μ€νλ§ μν리ν°
κ΅¬λΆ | ν€μλ/λ©μλ | μ€λͺ
|
sec:authorize | isAnonymous() | μΈμ¦λμ§ μμ μ¬μ©μ(λΉλ‘κ·ΈμΈ). |
isAuthenticated() | μΈμ¦λ μ¬μ©μ(λ‘κ·ΈμΈ). | |
hasRole('ROLE_X') | νΉμ μν μ κ°μ§ μ¬μ©μ. | |
hasAnyRole('ROLE_X', 'ROLE_Y') | μ¬λ¬ μν μ€ νλλΌλ κ°μ§ μ¬μ©μ. | |
permitAll() | λͺ¨λ μ¬μ©μ νμ©. | |
denyAll() | λͺ¨λ μ¬μ©μ κΈμ§. | |
sec:authentication | name | μΈμ¦λ μ¬μ©μμ μ΄λ¦(μμ΄λ). |
authorities | μΈμ¦λ μ¬μ©μμ κΆν λͺ©λ‘. | |
principal | μΈμ¦λ μ¬μ©μ κ°μ²΄
(UserDetails λλ CustomUser). | |
sec:csrf | ${_csrf.parameterName} | CSRF νλΌλ―Έν° μ΄λ¦. |
${_csrf.token} | CSRF ν ν° κ°. |
μμ μ½λ
1. sec:authorize
html
μ½λ 볡μ¬
<div sec:authorize="isAnonymous()">
<p>λ‘κ·ΈμΈνμ§ μμ μ¬μ©μμκ²λ§ νμλ©λλ€.</p>
</div>
<div sec:authorize="isAuthenticated()">
<p>λ‘κ·ΈμΈν μ¬μ©μμκ²λ§ νμλ©λλ€.</p>
</div>
<div sec:authorize="hasRole('ROLE_ADMIN')">
<p>κ΄λ¦¬μ μ μ© μ½ν
μΈ μ
λλ€.</p>
</div>
<div sec:authorize="hasAnyRole('ROLE_USER', 'ROLE_MANAGER')">
<p>μ¬μ©μ λλ 맀λμ κΆνμ κ°μ§ μ¬μ©μλ§ λ³Ό μ μμ΅λλ€.</p>
</div>
<div sec:authorize="permitAll()">
<p>λͺ¨λ μ¬μ©μμκ² νμλ©λλ€.</p>
</div>
<div sec:authorize="denyAll()">
<p>μ΄ μ½ν
μΈ λ μ΄λ€ μ¬μ©μμκ²λ νμλμ§ μμ΅λλ€.</p>
</div>
HTML
볡μ¬
2. sec:authentication
html
μ½λ 볡μ¬
<p>λ‘κ·ΈμΈν μ¬μ©μ: <span sec:authentication="name"></span></p>
<p>κΆν λͺ©λ‘: <span sec:authentication="authorities"></span></p>
<p>μ¬μ©μ μ΄λ¦: <span sec:authentication="principal.user.name"></span></p>
<p>μ¬μ©μ μ΄λ©μΌ: <span sec:authentication="principal.user.email"></span></p>
HTML
볡μ¬
3. sec:csrf
CSRF ν ν°μ ν¬ν¨ν νΌ
html
μ½λ 볡μ¬
<form th:action="@{/submit}" method="post">
<input type="hidden" th:name="${_csrf.parameterName}" th:value="${_csrf.token}" />
<button type="submit">μ μΆ</button>
</form>
HTML
볡μ¬
4. μ’ ν© μμ
λ‘κ·ΈμΈ μνμ λ°λΌ λ©λ΄λ₯Ό λ€λ₯΄κ² νμ:
html
μ½λ 볡μ¬
<div sec:authorize="isAuthenticated()">
<p>νμν©λλ€, <span sec:authentication="name"></span>!</p>
<a th:href="@{/logout}">λ‘κ·Έμμ</a>
</div>
<div sec:authorize="isAnonymous()">
<a th:href="@{/login}">λ‘κ·ΈμΈ</a>
<a th:href="@{/signup}">νμκ°μ
</a>
</div>
HTML
볡μ¬
κ΄λ¦¬μμ μΌλ° μ¬μ©μμ λ°λΌ λ€λ₯Έ μ½ν
μΈ νμ:
html
μ½λ 볡μ¬
<div sec:authorize="hasRole('ROLE_ADMIN')">
<p>κ΄λ¦¬μ μ μ© νμ΄μ§μ
λλ€.</p>
</div>
<div sec:authorize="hasRole('ROLE_USER')">
<p>μ¬μ©μ μ μ© νμ΄μ§μ
λλ€.</p>
</div>
HTML
볡μ¬
μμ½
β’
sec:authorizeλ μ¬μ©μ μνμ κΆνμ λ°λΌ μ½ν
μΈ λ₯Ό λ λλ§ν©λλ€.
β’
sec:authenticationμ μ¬μ©νμ¬ μΈμ¦λ μ¬μ©μ μ 보λ₯Ό μΆλ ₯ν©λλ€.
β’
sec:csrfλ CSRF 보νΈλ₯Ό μν΄ ν ν°μ ν¬ν¨ν©λλ€.
μμμ½λ
β’
index.html
<!DOCTYPE html>
<html xmlns:th="http://www.thymeleaf.org"
xmlns:sec="http://www.thymeleaf.org/thymeleaf-extras-springsecurity5">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>λ©μΈ νλ©΄</title>
<!-- bootstrap css -->
<link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.1/dist/css/bootstrap.min.css" rel="stylesheet">
</head>
<body>
<!-- ν€λ -->
<header class="d-flex flex-wrap align-items-center justify-content-center justify-content-md-between px-5 py-3 mb-4 border-bottom">
<div class="col-md-3 mb-2 mb-md-0">
<a href="/" class="d-inline-flex link-body-emphasis text-decoration-none">
<!-- λ‘κ³ -->
</a>
</div>
<ul class="nav col-12 col-md-auto mb-2 justify-content-center mb-md-0">
<li><a href="/" class="nav-link px-2 link-secondary">Home</a></li>
<!-- μ¬μ©μ & κ΄λ¦¬μ κΆν -->
<th:block sec:authorize="hasAnyRole('ROLE_USER','ROLE_ADMIN')">
<li><a href="/user" class="nav-link px-2">user</a></li>
</th:block>
<!-- κ΄λ¦¬μ κΆν -->
<th:block sec:authorize="hasRole('ROLE_ADMIN')">
<li><a href="/admin" class="nav-link px-2">admin</a></li>
</th:block>
</ul>
<div class="col-md-3 text-end">
<!-- λΉλ‘κ·ΈμΈ μ -->
<th:block sec:authorize="isAnonymous()">
<a href="/login" class="btn btn-outline-primary me-2">λ‘κ·ΈμΈ</a>
<a href="/join" class="btn btn-primary me-2">νμκ°μ
</a>
</th:block>
<!-- λ‘κ·ΈμΈ μ -->
<th:block sec:authorize="isAuthenticated()">
<form action="/logout" method="post">
<input type="hidden" th:name="${_csrf.parameterName}" th:value="${_csrf.token}" />
<button type="submit" class="btn btn-primary">λ‘κ·Έμμ</button>
</form>
</th:block>
</div>
</header>
<div class="container col-12 col-lg-4">
<div class="px-4 py-5 mt-5 text-center">
<h1 class="display-5 fw-bold text-body-emphasis">λ©μΈ νλ©΄</h1>
</div>
<!-- λΉ λ‘κ·ΈμΈ μ -->
<th:block sec:authorize="isAnonymous()">
<div class="d-grid gap-2">
<a href="/login" class="btn btn-lg btn-primary">λ‘κ·ΈμΈ</a>
<a href="/join" class="btn btn-lg btn-success">νμκ°μ
</a>
</div>
</th:block>
<!-- λ‘κ·ΈμΈ μ -->
<th:block sec:authorize="isAuthenticated()">
<div class="card">
<div class="inner p-4">
<div class="d-flex flex-column align-items-center">
<div class="item my-2">
<h3>
μμ΄λ : <span sec:authentication="name"></span>
</h3>
</div>
<div class="item my-2">
<h3>
κΆν : <span sec:authentication="authorities"></span>
</h3>
</div>
<div class="item my-2 w-100">
<p>
μ¬μ©μ κ°μ²΄ : <span sec:authentication="principal"></span>
</p>
</div>
<!-- β sec:authentication="principal" β‘ CustomUser -->
<!-- π©βπΌ CustomUser μμ Users user κ°μ²΄κ° μλ€ -->
<div class="item my-2">
<h5>
μ΄λ¦ : <span sec:authentication="principal.user.name"></span>
</h5>
</div>
<div class="item my-2">
<h5>
μ΄λ©μΌ : <span sec:authentication="principal.user.email"></span>
</h5>
</div>
<!-- <div class="item my-2">
<img th:src="${user.profile}" alt="νλ‘ν" class="rounded-circle">
</div> -->
<!-- <div class="item my-2">
<h3 th:text="${user.name}"></h3>
</div>
<div class="item my-2">
<h5 th:text="${user.email}"></h5>
</div> -->
<div class="item my-2 w-100">
<span sec:authentication="principal">μΈμ¦λ μ¬μ©μ</span>
</div>
</div>
</div>
</div>
<form action="/logout" method="post">
<!-- CSRF TOKEN -->
<input type="hidden" th:name="${_csrf.parameterName}" th:value="${_csrf.token}">
<div class="d-grid gap-2">
<button type="submit" class="btn btn-lg btn-primary">λ‘κ·Έμμ</button>
</div>
</form>
</th:block>
</div>
<!-- bootstrap js -->
<script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.1/dist/js/bootstrap.bundle.min.js"></script>
</body>
</html>
HTML
볡μ¬