๐Ÿ’ Spring/Spring Security

๐Ÿ’ Spring/Spring Security

4. JWT๋ฅผ ์ดํ•ดํ•˜๊ธฐ ์ „ RSA์— ๋Œ€ํ•ด์„œ

์ด ํฌ์ŠคํŠธ๋Š” ๋ฐ์–ด ํ”„๋กœ๊ทธ๋ž˜๋ฐ๋‹˜์˜ ์œ ํŠœ๋ธŒ ๊ฐ•์˜๋ฅผ ๋“ฃ๊ณ  ๋‚˜์„œ ์ •๋ฆฌํ•œ ๊ธ€์ž…๋‹ˆ๋‹ค. 2021.10.26 - [๐Ÿ’ Spring/Spring Security] - 3. JWT๋ฅผ ์ดํ•ดํ•˜๊ธฐ ์ „ CIA ๋Œ€ํ•ด ์ดํ•ดํ•˜๊ธฐ 3. JWT๋ฅผ ์ดํ•ดํ•˜๊ธฐ ์ „ CIA ๋Œ€ํ•ด ์ดํ•ดํ•˜๊ธฐ ์ด ํฌ์ŠคํŠธ๋Š” ๋ฐ์–ด ํ”„๋กœ๊ทธ๋ž˜๋ฐ๋‹˜์˜ ์œ ํŠœ๋ธŒ ๊ฐ•์˜๋ฅผ ๋“ฃ๊ณ  ๋‚˜์„œ ์ •๋ฆฌํ•œ ๊ธ€์ž…๋‹ˆ๋‹ค. CIA CIA(Confidentiality Integrity Availability) Confidentiality(๊ธฐ๋ฐ€์„ฑ) ๊ฐœ์ธ์ •๋ณด, ๋ฏผ๊ฐํ•œ ์ •๋ณด ๋“ฑ์„ ์ธ๊ฐ€๋œ ์‚ฌ์šฉ์ž์—๊ฒŒ๋งŒ ํ—ˆ๊ฐ€.. iseunghan.tistory.com ์ €๋ฒˆ ์‹œ๊ฐ„์— ๋‘ ๊ฐ€์ง€ ๋ฌธ์ œ๊ฐ€ ์žˆ์—ˆ์Šต๋‹ˆ๋‹ค. ์—ด์‡  ์ „๋‹ฌ ๋ฌธ์ œ ๋ˆ„๊ฐ€ ๋ณด๋ƒˆ๋Š”์ง€? ์— ๋Œ€ํ•œ ๋ฌธ์ œ, ์ธ์ฆ๋ฌธ์ œ๋ฅผ ์–ด๋–ป๊ฒŒ ํ•  ๊ฒƒ์ธ๊ฐ€ RSA(์•”ํ˜ธํ™”) Public Key : ๊ณต๊ฐœ ํ‚ค ์ž์‹ ..

๐Ÿ’ Spring/Spring Security

3. JWT๋ฅผ ์ดํ•ดํ•˜๊ธฐ ์ „ CIA ๋Œ€ํ•ด ์ดํ•ดํ•˜๊ธฐ

์ด ํฌ์ŠคํŠธ๋Š” ๋ฐ์–ด ํ”„๋กœ๊ทธ๋ž˜๋ฐ๋‹˜์˜ ์œ ํŠœ๋ธŒ ๊ฐ•์˜๋ฅผ ๋“ฃ๊ณ  ๋‚˜์„œ ์ •๋ฆฌํ•œ ๊ธ€์ž…๋‹ˆ๋‹ค. CIA CIA(Confidentiality Integrity Availability) Confidentiality(๊ธฐ๋ฐ€์„ฑ) ๊ฐœ์ธ์ •๋ณด, ๋ฏผ๊ฐํ•œ ์ •๋ณด ๋“ฑ์„ ์ธ๊ฐ€๋œ ์‚ฌ์šฉ์ž์—๊ฒŒ๋งŒ ํ—ˆ๊ฐ€ Integrity(๋ฌด๊ฒฐ์„ฑ) ๋‚ด์šฉ์˜ ๋ณ€๊ฒฝ์ด๋‚˜, ํ›ผ์†์—†์ด ์ •ํ™•ํ•˜๊ฒŒ ๋ณด์กด Availability(๊ฐ€์šฉ์„ฑ) ํ•ญ์ƒ ์ •์ƒ์ ์œผ๋กœ ์‹ ๋ขฐ์„ฑ ์žˆ๋Š” ์„œ๋น„์Šค๋ฅผ ํ•  ์ˆ˜ ์žˆ๋Š” ์ƒํƒœ ์˜ˆ๋ฅผ ๋“ค์–ด, A๋‚˜๋ผ, B๋‚˜๋ผ, C๋‚˜๋ผ๊ฐ€ ์žˆ๋‹ค๊ณ  ๊ฐ€์ •ํ•ด๋ด…์‹œ๋‹ค. A๋‚˜๋ผ๊ฐ€ B๋‚˜๋ผ์—๊ฒŒ ๋ฌธ์„œ๋ฅผ ์ „๋‹ฌํ•˜๋Š”๋ฐ, ์ค‘๊ฐ„์—์„œ C๋‚˜๋ผ๊ฐ€ ๊ทธ ๋ฌธ์„œ๋ฅผ ํƒˆ์ทจํ–ˆ์Šต๋‹ˆ๋‹ค. -> ๊ธฐ๋ฐ€์„ฑ์ด ๊นจ์ง A๋‚˜๋ผ๊ฐ€ B๋‚˜๋ผ์—๊ฒŒ ๋ฌธ์„œ๋ฅผ ์ „๋‹ฌํ•˜๋Š”๋ฐ, ์ด๋ฒˆ์—๋Š” C๋‚˜๋ผ๊ฐ€ ์œ„์กฐ๋œ ๋ฌธ์„œ๋ฅผ ์ „๋‹ฌ์‹œ์ผฐ์Šต๋‹ˆ๋‹ค. -> ๋ฌด๊ฒฐ์„ฑ์ด ๊นจ์ง B๋‚˜๋ผ๋Š” A๋‚˜๋ผ๊ฐ€ ๋ณด๋‚ด์ค€ ๋ฌธ์„œ๋ฅผ ์ž˜..

๐Ÿ’ Spring/Spring Security

2. JWT๋ฅผ ์ดํ•ดํ•˜๊ธฐ ์ „ TCP์— ๋Œ€ํ•ด์„œ

์ด ํฌ์ŠคํŠธ๋Š” ๋ฐ์–ด ํ”„๋กœ๊ทธ๋ž˜๋ฐ๋‹˜์˜ ์œ ํŠœ๋ธŒ ๊ฐ•์˜๋ฅผ ๋“ฃ๊ณ  ๋‚˜์„œ ์ •๋ฆฌํ•œ ๊ธ€์ž…๋‹ˆ๋‹ค. OSI 7 ๊ณ„์ธต๊ณผ TCP์— ๋Œ€ํ•ด์„œ ๊ฐ„๋žตํ•˜๊ฒŒ ์ดํ•ดํ•ด๋ณด๋Š” ์‹œ๊ฐ„์„ ๊ฐ€์ ธ๋ณด๊ฒ ์Šต๋‹ˆ๋‹ค. OSI 7 ๊ณ„์ธต ํ†ต์‹ ์—๋Š” OSI 7 ๊ณ„์ธต์ด ์žˆ์Šต๋‹ˆ๋‹ค. ์˜ˆ๋ฅผ ๋“ค์–ด, ๋‚ด๊ฐ€ ์–ด๋–ค ๊ฒŒ์ž„์—์„œ A ์Šคํ‚ฌ์„ ์“ด๋‹ค๊ณ  ํ–ˆ์„ ๋•Œ, ํ•ด๋‹น ๊ฒŒ์ž„ํšŒ์‚ฌ ์„œ๋ฒ„๊นŒ์ง€์˜ ์ „์†ก์„ ์˜ˆ๋กœ ๋“ค์–ด๋ณด๊ฒ ์Šต๋‹ˆ๋‹ค. Application: ํ•ด๋‹น ๊ฒŒ์ž„ ํ”„๋กœ๊ทธ๋žจ์„ ์˜๋ฏธํ•ฉ๋‹ˆ๋‹ค. Presentation: ๋‚ด๊ฐ€ A ์Šคํ‚ฌ์„ ์“ด๋‹ค๋Š” ๋‚ด์šฉ์„ ์•”ํ˜ธํ™”ํ•ด์„œ ๋ณด๋ƒ…๋‹ˆ๋‹ค. (๋˜๋Š”, ์‚ฌ์ง„ ๊ฐ™์€ ๊ฒƒ๋“ค์„ ๋ณด๋‚ผ ๋•Œ ์••์ถ•์„ ํ•ด์„œ ๋ณด๋‚ด๊ธฐ๋„ ํ•ฉ๋‹ˆ๋‹ค.) Session: ์ธ์ฆ ์ฒดํฌ (๋‚ด๊ฐ€ ๋ณด๋‚ผ ์ˆ˜ ์žˆ๋Š”์ง€์— ๋Œ€ํ•œ ์ฒดํฌ : ์ƒ๋Œ€๋ฐฉ ์ปดํ“จํ„ฐ๊ฐ€ ์ผœ์ ธ์žˆ๋Š”์ง€, ๋‚ด๊ฐ€ ์ƒ๋Œ€๋ฐฉ ์ปดํ“จํ„ฐ์— ์ ‘๊ทผ์„ ํ•  ์ˆ˜ ์žˆ๋Š”์ง€ ๋“ฑ) Transport: TCP/UDP ํ†ต์‹  ์—ฌ๋ถ€ ๊ฒฐ..

๐Ÿ’ Spring/Spring Security

1. JWT๋ฅผ ์ดํ•ดํ•˜๊ธฐ ์ „์— Session์ด๋ž€ ๋ฌด์—‡์ธ๊ฐ€

์ด ํฌ์ŠคํŠธ๋Š” ๋ฐ์–ด ํ”„๋กœ๊ทธ๋ž˜๋ฐ๋‹˜์˜ ์œ ํŠœ๋ธŒ ๊ฐ•์˜๋ฅผ ๋“ฃ๊ณ  ๋‚˜์„œ ์ •๋ฆฌํ•œ ๊ธ€์ž…๋‹ˆ๋‹ค. ํด๋ผ์ด์–ธํŠธ๊ฐ€ ์„œ๋ฒ„์— ์ตœ์ดˆ ์ ‘๊ทผํ•œ ๊ฒฝ์šฐ ์š”์ฒญ ํ—ค๋”์— ์„ธ์…˜ ID๋ฅผ ๋“ค๊ณ  ์ ‘๊ทผํ•œ ๊ฒฝ์šฐ ๊ทธ๋Ÿผ ์ด ์„ธ์…˜๋งŒ ์žˆ์œผ๋ฉด ๊ณ„์† ์ ‘๊ทผ์ด ๊ฐ€๋Šฅํ•œ๊ฐ€? ์•„๋‹ˆ๋‹ค. ์„ธ์…˜์ด ๋‚ ๋ผ๊ฐ€๋Š” ์‹œ์ ์ด ์žˆ๋‹ค. 1. ์„œ๋ฒ„์—์„œ ๊ฐ•์ œ๋กœ Session์„ ๋‚ ๋ฆฐ๋‹ค. 2. ์‚ฌ์šฉ์ž๊ฐ€ ๋ธŒ๋ผ์šฐ์ €๋ฅผ ์ข…๋ฃŒํ•  ๋•Œ 3. Session ๋งŒ๋ฃŒ ์‹œ๊ฐ„์ด ๋์„ ๋•Œ (๋ณดํ†ต 30๋ถ„์œผ๋กœ ๋‘”๋‹ค) ์„ธ์…˜ ๋กœ๊ทธ์ธ ์š”์ฒญ / ์ธ์ฆ ๋กœ์ง ์ฒ˜์Œ ๋กœ๊ทธ์ธ ์š”์ฒญ์„ ํ•ฉ๋‹ˆ๋‹ค. ์‚ฌ์šฉ์ž ID, PW๋ฅผ ํ™•์ธํ•˜์—ฌ ์‚ฌ์šฉ์ž๊ฐ€ ๋งž๋Š”์ง€ ํ™•์ธํ•ฉ๋‹ˆ๋‹ค. ์„ธ์…˜ID๋ฅผ ์ƒ์„ฑํ•ฉ๋‹ˆ๋‹ค. ์‚ฌ์šฉ์ž์—๊ฒŒ ์‘๋‹ต ํ—ค๋”์— ์„ธ์…˜ID๋ฅผ ๋‹ด์•„์„œ ์‘๋‹ตํ•ฉ๋‹ˆ๋‹ค. ์„ธ์…˜ID๋ฅผ ์›น ๋ธŒ๋ผ์šฐ์ €์— ์ €์žฅํ•ฉ๋‹ˆ๋‹ค. ์ด์ œ ์„ธ์…˜ID๋ฅผ ํ—ค๋”์— ๋‹ด์•„์„œ ์š”์ฒญ์„ ํ•ฉ๋‹ˆ๋‹ค. ์„œ๋ฒ„์—์„œ๋Š” ์„ธ์…˜ID๊ฐ€ ์žˆ์œผ๋‹ˆ, ์„ธ์…˜ ์ €์žฅ์†Œ..

๐Ÿ’ Spring/Spring Security

security ๋กœ๊ทธ์ธ ์„ฑ๊ณต ํ›„ *.css , *.image ํŒŒ์ผ๋กœ ์ด๋™ํ•˜๋Š” ๊ฒฝ์šฐ

๋ฌธ์ œ : Security ๋กœ๊ทธ์ธ์— ์„ฑ๊ณต์„ ํ•˜๋ฉด ๋‚ด๊ฐ€ ์„ค์ •ํ•ด๋‘” url๋กœ redirect๊ฐ€ ๋˜์ง€ ์•Š๊ณ  .css ํŒŒ์ผ์ด๋‚˜ imageํŒŒ์ผ๋กœ ์ด๋™ํ•œ๋‹ค. ๋ฌธ์ œ์ : Security config์—์„œ js ๋˜๋Š” css ํด๋”๋ฅผ ํ—ˆ์šฉํ•ด์ฃผ์ง€ ์•Š์•˜๊ธฐ ๋•Œ๋ฌธ์— ๋ฌธ์ œ์˜ ์›๋ž˜ ์ฝ”๋“œ @Override protected void configure(HttpSecurity http) throws Exception { http .authorizeRequests() .anyRequest().authenticated() .and() .formLogin() .loginPage("/login") .permitAll() .defaultSuccessUrl("/") .and() .logout() .logoutSuccessUrl("/") .and() .cs..

๐Ÿ’ Spring/Spring Security

[Spring Security] ์Šคํ”„๋ง ์‹œํ๋ฆฌํ‹ฐ 403 Forbidden ์—๋Ÿฌ

๊ฐœ์š”ํ† ์ดํ”„๋กœ์ ํŠธ๋ฅผ ์ง„ํ–‰ํ•˜๋˜ ๋„์ค‘์— ์Šคํ”„๋ง ์‹œํ๋ฆฌํ‹ฐ๋ฅผ ์„ค์ •ํ•˜๊ณ  ๋‚˜์„œ, ๋กœ๊ทธ์ธ ์ธ์ฆ์„ ๋งˆ์ณค๋Š”๋ฐ๋„ 403 Forbidden ์—๋Ÿฌ๊ฐ€ ๊ณ„์†ํ•ด์„œ ๋ฐœ์ƒํ•˜์˜€์Šต๋‹ˆ๋‹ค. ์—๋Ÿฌ๊ฐ€ ๋ฐœ์ƒํ•˜๋Š” ์‹œ์ ์ด GET ์š”์ฒญ์€ ๋ฌด๋ฆฌ์—†์ด ์ž˜ ๋˜๋Š”๋ฐ, POST ์š”์ฒญ์œผ๋กœ ๋ณด๋‚ด๋ฉด ์ด์ƒํ•˜๊ฒŒ 403 ์—๋Ÿฌ๊ฐ€ ๋‚˜๋Š”๋ฐ ์ด์œ ๋ฅผ ๋ชจ๋ฅด๊ฒ ์Šต๋‹ˆ๋‹ค.SecurityConfig๋ฅผ ์‚ดํŽด๋ณด์ž์•„๋ž˜๋Š” ๊ธฐ์กด ์‹œํ๋ฆฌํ‹ฐ ์„ค์ • ์ฝ”๋“œ์ž…๋‹ˆ๋‹ค.@Overrideprotected void configure(HttpSecurity http) throws Exception { http .authorizeRequests() .antMatchers("/").authenticated() .antMa..

iseunghan
'๐Ÿ’ Spring/Spring Security' ์นดํ…Œ๊ณ ๋ฆฌ์˜ ๊ธ€ ๋ชฉ๋ก (3 Page)
์ƒ๋‹จ์œผ๋กœ

ํ‹ฐ์Šคํ† ๋ฆฌํˆด๋ฐ”