<์ถ์ฒ : Spring.io>
์คํ๋ง ์ํ๋ฆฌํฐ๋ ํํฐ๋ฅผ ์ฌ์ฉํด ์ธ์ฆ๊ณผ ์์ฒญ ๋จ์ ๊ถํ ๋ถ์ฌ๋ฅผ ์ํํ ๋ Client์ธก์ผ๋ก ์์ฒญ์ด ๋ค์ด์๋ฉด Filter๋ฅผ ์ง๋๊ฐ๊ฒ ๋๋ ๋ FilterChainProxy๋ผ๋ ํํฐ์์ ์์ฒญ์ ์ ๋ฌ๋ฐ์ Spring Security Filters๋ฅผ ์ํํ๋ค. ์ด ๋ ์์ฒญ์ ๋ชจ๋ ํํฐ๋ฅผ ํต๊ณผํ๊ณ ๋ํ ์ปจํธ๋กค๋ฌ์ ๋๋ฌํ๊ธฐ ๋๋ฌธ์ ์์ฒญ์ผ๋ก ๋ถํฐ ์์ ํ๊ฒ ์ฒ๋ฆฌํ ์ ์์ผ๋ฉฐ Service์ ๋๋ฌํ๊ธฐ ์ ์ AOP๋ฅผ ํตํด์ ๋ฉ์๋ ๋จ์์ ๊ถํ ๋ถ์ฌ๋ฅผ ์ํํ ์ ์๋ค.
https://docs.spring.io/spring-security/site/docs/3.0.x/reference/security-filter-chain.html
์๋ง์ ํํฐ๋ฅผ ๊ฑฐ์น๊ฒ ๋๋ค ๊ทธ ์ค ๋ช๊ฐ์ง ์ค์ํ? ํํฐ๋ฅผ ์ ์ ํด๋ณด์๋ค.
-
SecurityContextPersistenceFilter
- ์์ฒญ์ด ๋ค์ด์ค๋ฉด SecurityContextRepository์์ SecurityContext๋ฅผ ๋ถ๋ฌ์ SecurityContextHolder์์ SecurityContext๋ฅผ ์ค์ ํ๋ค. ์ด ๋ SecurityContext์ ๋ํ ๋ณ๊ฒฝ์ฌํญ์ HttpSession์ ๋ณต์ฌ์ฌ ์ฌ์ฉํ ์ ์๋ค.
-
UsernamePasswordAuthenticationFilter
- ์ธ์ฆ์ด ์์๋๋ ๊ณณ
-
ExceptionTranslationFilter
- ์คํ๋ง ์ํ๋ฆฌํฐ์ ์์ธ๋ฅผ ํด์ํ๋ ์ฑ ์
-
FilterSecurityInterceptor
- ํ์ฉ๋ ์์ฒญ์ธ์ง ๊ฒฐ์ ํ๋ ์์ ์ AccessDesicionManager์๊ฒ ์ํํ์ฌ ์ ๊ทผ ํ์ฉ์ ํ์ธ
- ํ๊ฐ ๊ฑฐ๋ถ์ ์์ธ๋ฅผ ๋ฐ์์์ผ URI ์ ๊ทผ์ ๋ง๋๋ค
o.s.security.web.FilterChainProxy : /register at position 1 of 11 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
o.s.security.web.FilterChainProxy : /register at position 2 of 11 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
- ์์ฒญ์ด WebAsyncManagerIntegrationFilter์ SecurityContextPersistenceFilter๋ฅผ ํต๊ณผํ๋ค
w.c.HttpSessionSecurityContextRepository : HttpSession returned null object for SPRING_SECURITY_CONTEXT
w.c.HttpSessionSecurityContextRepository : No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@2317acfa. A new one will be created.
- SecurityContext๋ฅผ ๊ตฌ์ฑํด์ผํ๋ ๋ฐ ์กด์ฌ ํ์ง ์๊ธฐ ๋๋ฌธ์ ์์ฑํ๋ค.
o.s.security.web.FilterChainProxy : /register at position 3 of 11 in additional filter chain; firing Filter: 'HeaderWriterFilter'
o.s.security.web.FilterChainProxy : /register at position 4 of 11 in additional filter chain; firing Filter: 'LogoutFilter'
- logout์ ์ฒ๋ฆฌ๋๋ ์์ฒญ์ธ์ง ํ๋จํ๋ค
o.s.security.web.FilterChainProxy : /register at position 5 of 11 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
o.s.security.web.FilterChainProxy : /register at position 6 of 11 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
o.s.security.web.FilterChainProxy : /register at position 7 of 11 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
- ๋ก๊ทธ์ธ ์ฒ๋ฆฌ URL๊ณผ ์ผ์น ํ์ง ์๊ธฐ ๋๋ฌธ์ ๊ทธ๋ฅ ์ง๋์น๋ค
o.s.security.web.FilterChainProxy : /register at position 8 of 11 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
o.s.s.w.a.AnonymousAuthenticationFilter : Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@58ada9f6: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@fffbcba8: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 72AF38EE5C7AE6E7E5FBBC2DF06E80EF; Granted Authorities: ROLE_ANONYMOUS'
- ๋ก๊ทธ์ธ ์ฒ๋ฆฌ ์ฆ, ์ธ์ฆ์ ํ์ง ์์๊ธฐ ๋๋ฌธ์ Anonymous ์ธ์ฆ ํ ๊ทผ์ ์์ฑํด์ ๋๊ธด๋ค
o.s.security.web.FilterChainProxy : /register at position 9 of 11 in additional filter chain; firing Filter: 'SessionManagementFilter'
- ์ธ์ ID๊ฐ ์ ํจํ์ง ํ๋จํ๋ค
o.s.security.web.FilterChainProxy : /register at position 10 of 11 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
- ์ํ๋ฆฌํฐ ์์ธ๊ฐ ๋ฐ์ํ ๊ฒ์ ์ก๋๋ค
o.s.security.web.FilterChainProxy : /register at position 11 of 11 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/register'; against '/register'
o.s.s.w.a.i.FilterSecurityInterceptor : Secure object: FilterInvocation: URL: /register; Attributes: [permitAll]
...
- ์์ฒญ์ ๋ํ ํ๋จ์ด ์ด๋ฃจ์ด์ง๋ค