[SpringBoot/SpringSecurity]

728x90

https://spring.io/guides/gs/securing-web/

Securing a Web Application

this guide is designed to get you productive as quickly as possible and using the latest Spring project releases and techniques as recommended by the Spring team

spring.io

위를 참고

implementation 'org.springframework.boot:spring-boot-starter-security'
implementation 'org.springframework.security:spring-security-test'

https://www.baeldung.com/jpa-many-to-many

Many-To-Many Relationship in JPA | Baeldung

Learn how to model a many-to-many relationship in Java using JPA

www.baeldung.com

sec:authorize="hasRole('ROLE_ADMIN')"

권한이 ROLE_ADMIN인 유저만 보이게했지만

GET방식으로 파라미터를 입력하면 글 삭제가 가능했다

    @Configuration
    @EnableGlobalMethodSecurity(
            prePostEnabled = true,
            securedEnabled = true,
            jsr250Enabled = true)
    public class MethodSecurityConfig
            extends GlobalMethodSecurityConfiguration {
}

baeldung에서 예제를 가져와 MethodSecurityConfig 파일을 다음과 같이 만들고

   @Secured("ROLE_ADMIN")
    @GetMapping("/cenAsiaBoard/Delete{no}")
    public String cenAsiaBoardDelete(@PathVariable int no){
        CenAsiaBoard boardOne = mainBoardService.findCenAsiaOne(no).get();
        System.out.println("삭제 no = "+boardOne.getCenasiaId());
        mainBoardService.cenAsiaRemove(boardOne);
        return "redirect:/cenAsiaGallery";
    }
}

이런식으로 ROLE_ADMIN 권한을 가진 유저만

INSERT, DELETE, UPDATE가 가능하게 했다

저작자표시 비영리 변경금지

'Spring' 카테고리의 다른 글

[SpringBoot/Thymleaf] validation (0)	2022.06.28
[SpringBoot/Thymeleaf] 외부경로로 img 업로드, 불러오기 (0)	2022.06.23
[SpringBoot/IntelliJ] Spring Data JPA 페이징 (0)	2022.04.18
[SpringBoot/IntelliJ] Spring Data JPA 게시판 조회수 업데이트 , java lang IllegalStateException For queries with named parameters you need to use provide names for method parameters Use Param for query method parameters or when on Java 8 use th.. (0)	2022.04.15
[SpringBoot/IntelliJ] Mysql연동 (0)	2022.04.14

[SpringBoot/SpringSecurity]

'Spring' 카테고리의 다른 글

관련글

티스토리툴바