Java/Spring

[SpringBoot] Spring Security μ‚¬μš© μ‹œ deprecated

벼리01 2024. 3. 16. 23:52

πŸ“Œν™˜κ²½

IntelliJ Ultimate

Java 17

 

Spring boot 3.2.3

Gradle - Groovy

Dependencies: 

Spring Web

Thymeleaf

Spring Data JPA

lombok

MariaDB 10.11

Spring Dev tool

 

πŸ“Œλ¬Έμ œ

2024λ…„ 3μ›” 16일 κΈ°μ€€ μŠ€ν”„λ§ λΆ€νŠΈ 3.2.3버전 ν”„λ‘œμ νŠΈμ—μ„œ μŠ€ν”„λ§ μ‹œνλ¦¬ν‹°μ˜ 적용 κ³Όμ • 도쀑 μ±…κ³Ό ꡬ글링을 톡해 μ°Έκ³ ν•œ μ½”λ“œκ°€ deprecated λ˜μ—ˆλ‹€λŠ” 였λ₯˜μ™€ ν•¨κ»˜ μž‘μ„±λ˜μ§€ μ•ŠλŠ” λΆˆνŽΈμ„ κ²ͺμ–΄ ν•΄λ‹Ή 글을 μž‘μ„±ν•œλ‹€.

 

6.1λΆ€ν„° deprecated

 

 

πŸ“Œν•΄κ²°

Spring Security 5.2 μ΄ν›„λ‘œ `Configuration` μž‘μ„± μ‹œ λ©”μ„œλ“œ 체이닝 λŒ€μ‹  λžŒλ‹€μ‹μ„ ν—ˆμš©ν•˜κ³  μžˆλ‹€.

Spring Security 6.0 버전 μ΄ν›„λ‘œλŠ” κΈ°μ‘΄μ˜ `WebSecurityConfigurerAdapter`λ₯Ό μƒμ†ν•˜λŠ” 방법 λŒ€μ‹  κ°œλ°œμžκ°€ 직접 `@Bean`을 λ“±λ‘ν•˜μ—¬ μ‚¬μš©ν•˜λ„λ‘ λ³€κ²½λ˜μ—ˆλ‹€. 

 

spring docsμ—μ„œλŠ” λ‹€μŒκ³Ό 같이 μ„€λͺ…ν•˜κ³  μžˆλ‹€.

 

  • 이전 λ°©μ‹μ—μ„œλŠ” λ°˜ν™˜ μœ ν˜•μ΄ 무엇인지 μ•Œμ§€ λͺ»ν•œ 채 μ–΄λ–€ 객체가 κ΅¬μ„±λ˜κ³  μžˆλŠ”μ§€ λͺ…ν™•ν•˜μ§€ μ•Šμ•˜μŠ΅λ‹ˆλ‹€. μ€‘첩이 κΉŠμ–΄μ§ˆμˆ˜λ‘ ν˜Όλž€μŠ€λŸ¬μ›Œμ‘ŒμŠ΅λ‹ˆλ‹€. μˆ™λ ¨λœ μ‚¬μš©μžλΌλ„ μžμ‹ μ˜ ꡬ성이 μ‹€μ œλ‘œλŠ” λ‹€λ₯Έ μž‘μ—…μ„ μˆ˜ν–‰ν•˜κ³  μžˆμœΌλ©΄μ„œλ„ ν•˜λ‚˜μ˜ μž‘μ—…μ„ μˆ˜ν–‰ν•˜κ³  μžˆλ‹€κ³  μ˜€ν•΄ν•  수 μžˆμŠ΅λ‹ˆλ‹€.
  • λ§Žμ€ μ½”λ“œ λ² μ΄μŠ€κ°€ 두 μŠ€νƒ€μΌ μ‚¬μ΄μ—μ„œ μ „ν™˜λ˜μ–΄ ꡬ성을 μ΄ν•΄ν•˜κΈ° μ–΄λ ΅κ²Œ λ§Œλ“€κ³  μ’…μ’… 잘λͺ»λœ κ΅¬μ„±μœΌλ‘œ μ΄μ–΄μ‘ŒμŠ΅λ‹ˆλ‹€.

λ©”μ„œλ“œ 체이닝 λŒ€μ‹  λžŒλ‹€μ‹μ„ ν™œμš©ν•˜λ©΄ κ΄„ν˜Έ 내에 ν•΄λ‹Ή 섀정을 μž‘μ„±ν•¨μœΌλ‘œμ¨ μ–΄λ–€ 섀정을 κ΅¬μ„±ν•˜κ³  μžˆλŠ”μ§€ λͺ…ν™•ν•˜κ²Œ νŒŒμ•…ν•  수 μžˆλ‹€.

 

 

// before

@Configuration
@EnableWebSecurity
public class SecurityConfig {

    @Bean
    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
        http
            .authorizeHttpRequests()
                .requestMatchers("/blog/**").permitAll()
                .anyRequest().authenticated()
                .and()
            .formLogin()
                .loginPage("/login")
                .permitAll()
                .and()
            .rememberMe();

        return http.build();
    }
}

 

 

기쑴의 λ©”μ„œλ“œ 체이닝 방식

 

 

//	after

@Configuration
@EnableWebSecurity
public class SecurityConfig {

    @Bean
    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
        http
            .authorizeHttpRequests(authorize -> authorize
                .requestMatchers("/blog/**").permitAll()
                .anyRequest().authenticated()
            )
            .formLogin(formLogin -> formLogin
                .loginPage("/login")
                .permitAll()
            )
            .rememberMe(Customizer.withDefaults());

        return http.build();
    }
}

 

 

λ³€κ²½ ν›„ λžŒλ‹€μ‹μ„ μ΄μš©ν•œ 방식

 

 

 

 

μ•„λž˜λŠ” κΈ°μ‘΄ λ©”μ„œλ“œ 체이닝을 λžŒλ‹€μ‹μœΌλ‘œ λ³€κ²½ν•˜μ—¬ μž‘μ„±ν•œ μ˜ˆμ‹œλ‹€.

(μ°Έκ³ : μžλ°” μ›Ή 개발 μ›Œν¬λΆ p.719)

 

 @Bean
    public SecurityFilterChain filterChain(HttpSecurity httpSecurity) throws Exception {
        log.info("-----------security configure------------");
//
//          Deprecated
//        httpSecurity.formLogin().loginPage("/member/login");     
//        httpSecurity.csrf().disable();                           
//        httpSecurity.rememberMe()
//                .tokenRepository(persistentTokenRepository())
//                .userDetailsService(userDetailService)
//                .tokenValiditySeconds(60 * 60 * 24 * 30))//  μΏ ν‚€ 유효 μ‹œκ°„ 30일                               
//        httpSecurity.oauth2Login().loginPage("/member/login").successHandler(authenticationSuccessHandler()));


        httpSecurity
                .formLogin(formLogin -> formLogin
                        .loginPage("/member/login"))   //  μ»€μŠ€ν…€ 둜그인 νŽ˜μ΄μ§€
                .csrf(AbstractHttpConfigurer::disable)
                .rememberMe(rememberMe -> rememberMe    //  μžλ™ 둜그인 처리
                        .key("12345678")
                        .tokenRepository(persistentTokenRepository())
                        .userDetailsService(userDetailService)
                        .tokenValiditySeconds(60 * 60 * 24 * 30))//  μΏ ν‚€ 유효 μ‹œκ°„ 30일
                .oauth2Login(oauth2Login -> oauth2Login.loginPage("/member/login").successHandler(authenticationSuccessHandler()));

        return httpSecurity.build();
    }

 

 

 

 

 

πŸ“Œμ°Έκ³ 

 

μžλ°” μ›Ή 개발 μ›Œν¬λΆ - κ΅¬λ©κ°€κ²Œ 코딩단

 

 

Configuration Migrations :: Spring Security

The Lambda DSL is present in Spring Security since version 5.2, and it allows HTTP security to be configured using lambdas. You may have seen this style of configuration in the Spring Security documentation or samples. Let us take a look at how a lambda co

docs.spring.io

 

[μ‹œν–‰μ°©μ˜€] ν—‰! SpringSecurity deprecated 된 것듀이 와케 λ§Žμ•„?

응? Deprecated?? 비상!!!! μš°μ—°νžˆ ν•œ μ±…μ˜ μ‹€μŠ΅μ„ λ”°λΌν•˜λ‹€κ°€ λ¬Έμ œκ°€ λ°œμƒν–ˆλ‹€! μ—¬κΈ°μ—μ„œ 막 μ—¬λŸ¬ λΆ€λΆ„μ—μ„œ 막 deprecated 됬닀고 λ‚œλ¦¬κ°€ λ‚˜λ²„λ Έλ‹€. μ΄λ ‡κ²Œ 말이닀. 이게 무슨 말인지 μ‹Άμ–΄μ„œ μ–΄λ–€ 였λ₯˜

velog.io

 

μ΅œμ‹  Spring Security μ‚¬μš©λ²• - SecurityFilterChain

Spring Security 5.7.0-M2 λΆ€ν„° WebSecurityConfigurerAdapterκ°€ Deprecated λ˜μ—ˆκ³  기쑴에 security μ˜ˆμ™Έ url을 μ„€μ •ν•˜λ˜ antMatchersλŠ” μ•„μ˜ˆ μ‚­μ œλ˜μ—ˆλ‹€. ν•˜μ§€λ§Œ μ•„μ§κΉŒμ§€ μˆ˜λ§Žμ€ λΈ”λ‘œκ·Έλ“€μ€ μ˜ˆμ „ Spring security 버전을 κΈ°

samori.tistory.com

 

'Java > Spring' μΉ΄ν…Œκ³ λ¦¬μ˜ λ‹€λ₯Έ κΈ€

[Spring] λ¦¬λ‹€μ΄λ ‰μ…˜ν•œ νšŸμˆ˜κ°€ λ„ˆλ¬΄ λ§ŽμŠ΅λ‹ˆλ‹€.  (0) 2024.03.24
[Spring] μŠ€ν”„λ§ μ‹œνλ¦¬ν‹°(Spring Security)  (0) 2024.03.21
_(underscore)둜 μ—°κ²°λœ uuid와 원본 파일λͺ… μž˜λΌμ„œ λ³΄κ΄€ν•˜κΈ°  (0) 2024.03.16
[SpringBoot] Swagger UIμ—μ„œ MultipartFile 섀정이 λ˜μ§€ μ•ŠλŠ” 였λ₯˜  (0) 2024.03.15
[SpringBoot/JPA] deleteById에 잘λͺ»λœ 값을 넣어도 였λ₯˜κ°€ λ°œμƒν•˜μ§€ μ•ŠμŒ  (0) 2024.03.14

κ΄€λ ¨κΈ€

ν‹°μŠ€ν† λ¦¬νˆ΄λ°”