Spring
[SpringBoot/SpringSecurity]
noddu
2022. 6. 22. 16:36
728x90
반응형
https://spring.io/guides/gs/securing-web/
Securing a Web Application
this guide is designed to get you productive as quickly as possible and using the latest Spring project releases and techniques as recommended by the Spring team
spring.io
위를 참고
implementation 'org.springframework.boot:spring-boot-starter-security'
implementation 'org.springframework.security:spring-security-test'
https://www.baeldung.com/jpa-many-to-many
Many-To-Many Relationship in JPA | Baeldung
Learn how to model a many-to-many relationship in Java using JPA
www.baeldung.com
sec:authorize="hasRole('ROLE_ADMIN')"권한이 ROLE_ADMIN인 유저만 보이게했지만
GET방식으로 파라미터를 입력하면 글 삭제가 가능했다
@Configuration
@EnableGlobalMethodSecurity(
prePostEnabled = true,
securedEnabled = true,
jsr250Enabled = true)
public class MethodSecurityConfig
extends GlobalMethodSecurityConfiguration {
}baeldung에서 예제를 가져와 MethodSecurityConfig 파일을 다음과 같이 만들고
@Secured("ROLE_ADMIN")
@GetMapping("/cenAsiaBoard/Delete{no}")
public String cenAsiaBoardDelete(@PathVariable int no){
CenAsiaBoard boardOne = mainBoardService.findCenAsiaOne(no).get();
System.out.println("삭제 no = "+boardOne.getCenasiaId());
mainBoardService.cenAsiaRemove(boardOne);
return "redirect:/cenAsiaGallery";
}
}이런식으로 ROLE_ADMIN 권한을 가진 유저만
INSERT, DELETE, UPDATE가 가능하게 했다
반응형