egovframework csrf 로그인 없이 적용

Web DEV/JAVA

egovframework csrf 로그인 없이 적용

황금니 2023. 10. 11. 09:12

pom.xml 추가

<dependency>
    <groupId>org.egovframe.rte</groupId>
    <artifactId>org.egovframe.rte.fdl.security</artifactId>
    <version>${org.egovframe.rte.version}</version>
    <exclusions>
        <exclusion>
            <artifactId>spring-jdbc</artifactId>
            <groupId>org.springframework</groupId>
        </exclusion>
    </exclusions>
</dependency>

web.xml 추가

<!-- security start -->
<filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

<listener>
    <listener-class>org.springframework.security.web.session.HttpSessionEventPublisher</listener-class>
</listener>
<!-- security end -->

context-security.xml 파일추가

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xmlns:security="http://www.springframework.org/schema/security"
	xmlns:egov-security="http://maven.egovframe.go.kr/schema/egov-security"
	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.0.xsd
        http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd
		http://maven.egovframe.go.kr/schema/egov-security http://maven.egovframe.go.kr/schema/egov-security/egov-security-4.1.0.xsd">

	<security:authentication-manager alias="authenticationManager" /> 

	<security:http pattern="/css/**" security="none"/>
	<security:http pattern="/html/**" security="none"/>
    <security:http pattern="/images/**" security="none"/>
 	<security:http pattern="/js/**" security="none"/>
 	<security:http pattern="/resource/**" security="none"/>
 	
 	<security:http use-expressions="true">	
 		<security:form-login  />
		<security:csrf disabled="false" />
	</security:http>
</beans>

View - JSP 에서 form 태그내에 추가

<form>
 <input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}" />
</form>

최종 <input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}" /> 가 자동으로 변환 되었는지 확인!

저작자표시