DBNT
/
GGWEB
9
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
GGWEB/target/MBCA-1.0.0/WEB-INF/classes/egovframework/spring/context-security.xml

60 lines
2.5 KiB
XML
Raw Blame History

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.2.xsd">
<!-- 중복 로그인 방지 -->
<!-- <bean id="concurrencyFilter" class="org.springframework.security.web.session.ConcurrentSessionFilter">
<constructor-arg ref="sessionRegistry" />
<constructor-arg value="/login.do" />
</bean> -->
<bean id="securityService" class="com.mca.sec.service.SecurityService"></bean>
<bean id="loginSuccessHandler" class="com.mca.sec.LoginSuccessHandler"></bean>
<bean id="bcryptPasswordEncoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder"></bean>
<!-- AuthenticationProvider -->
<security:http auto-config="true" use-expressions="true">
<!-- Filter 제외 URL -->
<security:intercept-url pattern="/css/**" access="permitAll" />
<security:intercept-url pattern="/images/**" access="permitAll" />
<security:intercept-url pattern="/storage/**" access="permitAll" />
<security:intercept-url pattern="/js/**" access="permitAll" />
<!-- 인증 -->
<security:intercept-url pattern="/map/**" access="hasRole('ROLE_USER')" />
<security:intercept-url pattern="/admin/**" access="hasRole('ROLE_ADMIN')" />
<!-- Login 처리 -->
<security:form-login
login-processing-url="/j_spring_security_check"
login-page="/login"
authentication-success-handler-ref="loginSuccessHandler" />
<!-- Logout처리 -->
<security:logout
logout-url="/j_spring_security_logout"
invalidate-session="true"
success-handler-ref="logoutsuccessHandler" />
<!-- 접근 권한 에러 URL -->
<security:access-denied-handler error-page="/error/EgovAccessDenied"/>
</security:http>
<!-- Logout Success Handler -->
<bean id="logoutsuccessHandler" class="com.mca.sec.LogoutSuccessHandler">
<property name="successUrl" value="/login"></property>
</bean>
<!-- bcrypt 사용 고려 -->
<security:authentication-manager>
<security:authentication-provider user-service-ref="securityService">
<!-- <security:password-encoder ref="bcryptPasswordEncoder" /> -->
</security:authentication-provider>
</security:authentication-manager>
</beans>
Reference in New Issue View Git Blame Copy Permalink