Skip to content

README.md

Latest commit

Β 

History

History
54 lines (42 loc) Β· 3.8 KB

README.md

File metadata and controls

54 lines (42 loc) Β· 3.8 KB

κ°œμš”

μŠ€ν”„λ§ μ‹œνλ¦¬ν‹°(Spring Security)λŠ” μ„œλΈ”λ¦Ώ μŠ€νŽ™μ˜ 필터링(Filtering) κΈ°μˆ μ„ μ΄μš©ν•˜κ³  μžˆμŠ΅λ‹ˆλ‹€. κ·Έλž˜μ„œ ν•„ν„°μ˜ κ°œλ…μ„ μ•Œ ν•„μš”κ°€ μžˆμŠ΅λ‹ˆλ‹€. μ„œλΈ”λ¦Ώ 4μ—μ„œλŠ” 필터에 λŒ€ν•΄ λ‹€μŒκ³Ό 같이 μ„€λͺ…ν•©λ‹ˆλ‹€.

A filter is a reusable piece of code that can transform the content of HTTP requests, responses, and header information. Filters do not generally create a response or respond to a request as servlets do, rather they modify or adapt the requests for a resource, and modify or adapt responses from a resource.

μ„œλΈ”λ¦Ώ μŠ€νŽ™μ€ μ›Ή κΈ°μˆ μ„ μ •ν•˜λŠ” κ²ƒμ΄λ―€λ‘œ ν•„ν„° μ—­μ‹œ HTTP μš”μ²­κ³Ό 응닡을 μ²˜λ¦¬ν•˜λŠ” κΈ°λŠ₯을 μˆ˜ν–‰ν•©λ‹ˆλ‹€. λ‹€λ§Œ μœ„μ˜ μ„€λͺ…에 μžˆλ“―μ΄ μ„œλΈ”λ¦Ώμ΄ 응닡 자체λ₯Ό μƒˆλ‘œ μƒμ„±ν•˜λŠ” 것이라면 ν•„ν„°λŠ” κ·Έλ ‡κ²Œ μƒμ„±λœ 응닡을 λ³€ν™˜ν•˜λŠ” 역할을 ν•©λ‹ˆλ‹€. λ“€μ–΄μ˜€λŠ” μš”μ²­μ— λŒ€ν•΄μ„œλ„ κ·Έ μš”μ²­μ΄ μ»¨νŠΈλ‘€λŸ¬μ— λ„λ‹¬ν•˜κΈ° 전에 κ°œμž…ν•˜μ—¬ μ–΄λ–€ κΈ°λŠ₯을 μˆ˜ν–‰ν•  수 μžˆμŠ΅λ‹ˆλ‹€.

참고둜 μ‚¬μš©μž μš”μ²­μ— λŒ€ν•΄ "μΈλ°”μš΄λ“œ(inbound)", "λ‹€μš΄μŠ€νŠΈλ¦Ό(downstream)"μ΄λΌλŠ” ν‘œν˜„μ„ μ‚¬μš©ν•˜κ³  λ°˜λŒ€λ‘œ μ„œλ²„μ—μ„œ λ¦¬ν„΄λ˜λŠ” 응닡에 λŒ€ν•΄ "μ•„μ›ƒλ°”μš΄λ“œ(outbound)", "μ—…μŠ€νŠΈλ¦Ό(upstream)"μ΄λΌλŠ” μš©μ–΄λ₯Ό μ‚¬μš©ν•©λ‹ˆλ‹€.

Filter, FilterChain

ν•„ν„°μ˜ κ°€μž₯ μ€‘μš”ν•œ νŠΉμ§•μ€ λ‹€μˆ˜μ˜ 필터듀을 μˆœμ„œλŒ€λ‘œ κ±°μΉ˜λŠ” ν•„ν„° "체인"으둜 λ™μž‘μ‹œν‚¬ 수 μžˆλ‹€λŠ” κ²ƒμž…λ‹ˆλ‹€. Filter μΈν„°νŽ˜μ΄μŠ€λŠ” doFilter(ServletRequest request, ServletResponse response, FilterChain chain)λΌλŠ” λ©”μ†Œλ“œλ₯Ό μ‹€ν–‰ν•˜μ—¬ ν•΄λ‹Ή ν•„ν„°μ˜ κΈ°λŠ₯을 μˆ˜ν–‰ν•˜κ³  λ‹€μ‹œ FilterChain μΈν„°νŽ˜μ΄μŠ€μ˜ doFilter(ServletRequest request, ServletResponse response)을 ν˜ΈμΆœν•˜μ—¬ λ‹€μŒ ν•„ν„°μ˜ doFilterλ₯Ό μ‹€ν–‰ν•˜λŠ” μ‹μœΌλ‘œ "chaining" λ˜μ–΄ μžˆμŠ΅λ‹ˆλ‹€.

public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) {
   // do something before the rest of the application
   chain.doFilter(request, response); // invoke the rest of the application
   // do something after the rest of the application
}

μŠ€ν”„λ§ μ‹œνλ¦¬ν‹° 곡식 λ¬Έμ„œμ— μ΄λŸ¬ν•œ ν•„ν„° κΈ°μˆ μ„ μ–΄λ–»κ²Œ μ΄μš©ν•˜κ³  μžˆλŠ”μ§€ 잘 μ„€λͺ…λ˜μ–΄ μžˆμŠ΅λ‹ˆλ‹€. μŠ€ν”„λ§ ν”„λ ˆμž„μ›Œν¬μ˜ DelegatingFilterProxyλΌλŠ” ν•„ν„°λ₯Ό μ‚¬μš©ν•˜μ—¬ μ‹œνλ¦¬ν‹°μ˜ FilterChainProxyλΌλŠ” λΉˆμ—κ²Œ κ·Έ 역할을 μœ„μž„ν•˜κ³  이것은 λ‹€μ‹œ μ‹œνλ¦¬ν‹°κ°€ μ œκ³΅ν•˜λŠ” "Security filter chain"을 κ΅¬λ™ν•˜λ„λ‘ λ˜μ–΄ μžˆμŠ΅λ‹ˆλ‹€. 곡식 λ¬Έμ„œμ˜ 그림을 κ·ΈλŒ€λ‘œ μΈμš©ν•΄λ³΄κ² μŠ΅λ‹ˆλ‹€.

fig01

Security filter chain은 μ—¬λŸ¬ 개의 λ³΄μ•ˆ ν•„ν„°λ“€λ‘œ κ΅¬μ„±λ˜μ–΄ λ‹€μ–‘ν•œ λ³΄μ•ˆ κ΄€λ ¨ κΈ°λŠ₯듀을 κ°œλ°œμžμ—κ²Œ μ œκ³΅ν•©λ‹ˆλ‹€.

Security filter chain: [
  DisableEncodeUrlFilter
  WebAsyncManagerIntegrationFilter
  SecurityContextPersistenceFilter
  HeaderWriterFilter
  CsrfFilter
  LogoutFilter
  UsernamePasswordAuthenticationFilter
  DefaultLoginPageGeneratingFilter
  DefaultLogoutPageGeneratingFilter
  BasicAuthenticationFilter
  RequestCacheAwareFilter
  SecurityContextHolderAwareRequestFilter
  AnonymousAuthenticationFilter
  SessionManagementFilter
  ExceptionTranslationFilter
  FilterSecurityInterceptor
]

곡식 λ¬Έμ„œμ˜ μ„€λͺ…을 μΈμš©ν•©λ‹ˆλ‹€.

The Security Filters are inserted into the FilterChainProxy with the SecurityFilterChain API. Those filters can be used for a number of different purposes, like authentication, authorization, exploit protection, and more.

λ³΄μ•ˆ ν•„ν„°λ“€μ˜ μˆœμ„œλŠ” μ•„λž˜ μ½”λ“œλ₯Ό μ°Έκ³ ν•˜λ©΄ λ˜κ² μŠ΅λ‹ˆλ‹€(μ•Œκ³  μ‹Άλ‹€λ©΄).

FilterOrderRegistration

처음 | λ‹€μŒ