앞에서 작업했던 내용을 스프링 EL을 적용하여 변경하세요. security-config_ver4.xml로 SaveAs 하고 작업하세요.
[조건]
1. 로그아웃(/emp/logout.do)
인증한 사용자만 접근할 수 있어야 합니다. - ROLE_ADMIN, ROLE_USER
2. 게시글목록보기 (/board/list.do, /board/ajax_boardlist.do)
인증을 받거나 받지 않거나 모두 볼 수 있도록 설정
- ROLE_ADMIN, ROLE_USER, ROLE_ANONYMOUS
3. /emp/로 시작하는 모든 요청
관리자 권한을 갖고 있는 사용자만 접근할 수 있도록 설정하기 - ROLE_ADMIN
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:mvc="http://www.springframework.org/schema/mvc"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd
http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-4.2.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">
<security:http pattern="/**/*.js" security="none" />
<security:http pattern="/**/*.css" security="none" />
<security:http pattern="/images/**" security="none" />
<security:http auto-config="true" use-expressions="true">
<!-- <security:intercept-url pattern="/images/**" access="ROLE_ANONYMOUS"/> -->
<security:intercept-url pattern="/admin/**" access="hasRole('ROLE_ADMIN')" />
<security:intercept-url pattern="/emp/login" access="permitAll" />
<security:intercept-url pattern="/emp/logout.do" access="hasAnyRole('ROLE_USER','ROLE_ADMIN')" />
<security:intercept-url pattern="/index.do" access="permitAll" />
<security:intercept-url pattern="/**/user/**" access="hasAnyRole('ROLE_USER','ROLE_ADMIN')" />
<security:intercept-url pattern="/board/*" access="permitAll" />
<security:intercept-url pattern="/emp/*" access="hasRole('ROLE_ADMIN')" />
<security:intercept-url pattern="/**" access="hasAnyRole('ROLE_USER','ROLE_ADMIN')" />
<security:form-login username-parameter="id"
password-parameter="pass" login-page="/emp/login" default-target-url="/index.do"
authentication-failure-url="/emp/login.do?fail=true" />
<security:logout delete-cookies="true"
logout-success-url="/emp/login" logout-url="/emp/logout.do"
invalidate-session="true" />
</security:http>
<security:authentication-manager>
<security:authentication-provider user-service-ref="loginService">
</security:authentication-provider>
</security:authentication-manager>
<bean id="loginService" class="ktds.erp.emp.authentication.SecurityLoginService" />
<import resource="spring-config.xml" />
</beans>'보안 > Spring Security' 카테고리의 다른 글
| 실제 DB에서 인증하기 - step02 spring security 내부의 처리흐름 이해하기 (0) | 2019.09.11 |
|---|---|
| 실제 DB에서 인증하기 - step01 테이블수정(simple) (0) | 2019.09.10 |
| [실습] 권한별로 접근 페이지 제어하기 - 일반적 방법 (0) | 2019.09.10 |
| 스프링의 EL표기식으로 권한 변경하기 (0) | 2019.09.10 |
| 로그인적용하기 - 권한확인 (0) | 2019.09.09 |