CustomFilter
2024. 1. 2. 14:48ㆍSpring Boot
기본적인 필터외에도 다양한 custom filter를 만들거나
기존 필터를 상속받아 기능을 추기 할 수 있다
기존의 필터를 상속받아 수정 한 뒤 SecurityFilterChain에 적용하는 방식
@Configuration
@EnableWebSecurity
@RequiredArgsConstructor
public class SecurityConfig {
@Autowired
private CorsConfig corsConfig;
private final jwtProvider tokenProvider;
@Bean
SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http.apply(new jwtDsl());
return http.build();
}
@Bean
PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
public class jwtDsl extends AbstractHttpConfigurer<jwtDsl, HttpSecurity> {
@Override
public void configure(HttpSecurity http) throws Exception {
AuthenticationManager authenticationManager = http.getSharedObject(AuthenticationManager.class);
http
.addFilter(new jwtAuthorizationFilter(authenticationManager, tokenProvider));
}
}
import java.io.IOException;
import org.springframework.boot.autoconfigure.security.oauth2.resource.OAuth2ResourceServerProperties.Jwt;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
import com.example.demo.jwt.jwtProvider;
import com.example.demo.user.user_repository;
import jakarta.servlet.FilterChain;
import jakarta.servlet.ServletException;
import jakarta.servlet.http.Cookie;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import lombok.RequiredArgsConstructor;
public class jwtAuthorizationFilter extends BasicAuthenticationFilter{
private jwtProvider jwtProvider;
public jwtAuthorizationFilter(AuthenticationManager authenticationManager, jwtProvider jwtProvider) {
super(authenticationManager);
this.jwtProvider = jwtProvider;
}
@Override
protected void doFilterInternal(HttpServletRequest req, HttpServletResponse res, FilterChain chain) throws IOException, ServletException {
System.out.println("인증 필요 요청 됨");
req.setAttribute("name", null);
Cookie[] cookies = req.getCookies();
String token = null;
for(Cookie cookie: cookies) {
if(cookie.getName().equals("jwt"))
token = cookie.getValue();
}
System.out.printf("authorization jwt: %s\n",token);
if(token == null || jwtProvider.validateToken(token)) {
chain.doFilter(req, res);
return;
}
req.setAttribute("name", jwtProvider.getAccount(token));
chain.doFilter(req, res);
}
}
아예 새로운 필터를 따로 등록 하는 방식
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
@Configuration
public class FilterConfig {
@Bean
public FilterRegistrationBean<myfilter1> filter1() {
FilterRegistrationBean<myfilter1> bean = new FilterRegistrationBean<>(new myfilter1());
bean.addUrlPatterns("/*");
bean.setOrder(0);
return bean;
}
}
import java.io.IOException;
import jakarta.servlet.Filter;
import jakarta.servlet.FilterChain;
import jakarta.servlet.ServletException;
import jakarta.servlet.ServletRequest;
import jakarta.servlet.ServletResponse;
public class myfilter1 implements Filter {
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
System.out.println("my Filter1");
chain.doFilter(request, response);
}
}'Spring Boot' 카테고리의 다른 글
| MySQL (0) | 2024.01.12 |
|---|---|
| Json Web Token (2) | 2024.01.02 |
| SecurityFilterChain (0) | 2024.01.02 |
| MongoDB (0) | 2023.12.28 |
| CSRF Token (0) | 2023.12.28 |