๋ฐ˜์‘ํ˜•
About Me

์•ˆ๋…•ํ•˜์„ธ์š”, cool & softํ•œ ๋ฐฑ์—”๋“œ ๊ฐœ๋ฐœ์ž๊ฐ€ ๋˜๊ณ ์‹ถ์€ ํ† ๋‹ˆ์ž…๋‹ˆ๋‹ค.

Notice
Recent Posts
Recent Comments
ยซ   2025/12   ยป
์ผ ์›” ํ™” ์ˆ˜ ๋ชฉ ๊ธˆ ํ† 
1 2 3 4 5 6
7 8 9 10 11 12 13
14 15 16 17 18 19 20
21 22 23 24 25 26 27
28 29 30 31
Tags more
Archives
Today
Total
๊ด€๋ฆฌ ๋ฉ”๋‰ด

Code Art Online

[Spring Security] docs : Architecture (1) - Filter ๋ณธ๋ฌธ

Spring Boot

[Spring Security] docs : Architecture (1) - Filter

kiritoni 2024. 8. 29. 17:47
๋ฐ˜์‘ํ˜•

๐Ÿ”ป Spring Security docs  ๊ฒŒ์‹œ๊ธ€ ๋ชฉ์ฐจ  

๋”๋ณด๊ธฐ

1. [Spring Security] docs : Getting Started

 

[Spring Security] docs : Getting Started

Spring Security๋Š” ์ธ์ฆ, ๊ถŒํ•œ๋ถ€์—ฌ ๋ฐ ์ผ๋ฐ˜์ ์ธ ๊ณต๊ฒฉ์— ๋Œ€ํ•œ ๋ณดํ˜ธ๋ฅผ ์ œ๊ณตํ•˜๋Š” ํ”„๋ ˆ์ž„์›Œํฌ์ด๋‹ค. ๊ฐœ๋ฐœ์ž๊ฐ€ ๋ณด์•ˆ ์„ค์ •์— ์ถ”๊ฐ€์ ์œผ๋กœ ์‹ ๊ฒฝ์“ฐ์ง€ ์•Š๋”๋ผ๋„ ์•ˆ์ „ํ•œ ์• ํ”Œ๋ฆฌ์ผ€์ด์…˜์„ ๋น ๋ฅด๊ฒŒ ๊ตฌ์ถ•ํ•  ์ˆ˜ ์žˆ๋„

kiritoni.tistory.com

 

 

2. [Spring Security] docs : Architecture (1) - Filter

 

[Spring Security] docs : Architecture (1) - Filter

Spring Security docs Hello Spring Security :: Spring SecurityRunning Spring Boot Application $ ./mvnw spring-boot:run ... INFO 23689 --- [ restartedMain] .s.s.UserDetailsServiceAutoConfiguration : Using generated security password: 8e557245-73e2-4286-969a

kiritoni.tistory.com

 

 

 

๐ŸŒฑ Spring Security docs ๋ฐ”๋กœ๊ฐ€๊ธฐ

 

Architecture :: Spring Security

The Security Filters are inserted into the FilterChainProxy with the SecurityFilterChain API. Those filters can be used for a number of different purposes, like authentication, authorization, exploit protection, and more. The filters are executed in a spec

docs.spring.io

 

 

 

 

Spring Security์˜ Servlet ์ง€์›์€ Servlet Filters์— ๊ธฐ๋ฐ˜์„ ๋‘๊ณ  ์žˆ๋‹ค. 

๋”ฐ๋ผ์„œ ์ผ๋ฐ˜์ ์ธ ํ•„ํ„ฐ์˜ ์—ญํ• ์„ ๋จผ์ € ์‚ดํŽด๋ณด์•„์•ผ ํ•œ๋‹ค. 

 

๋‹จ์ผ HTTP ์š”์ฒญ์— ๋Œ€ํ•œ ํ•ธ๋“ค๋Ÿฌ ๊ณ„์ธต

 

ํด๋ผ์ด์–ธํŠธ๊ฐ€ ์• ํ”Œ๋ฆฌ์ผ€์ด์…˜์— HTTP ์š”์ฒญ์„ ๋ณด๋‚ด๋ฉด, ์›น ์ปจํ…Œ์ด๋„ˆ๋Š” ์š”์ฒญ URI ๊ฒฝ๋กœ๋ฅผ ๊ธฐ๋ฐ˜์œผ๋กœ ์ฒ˜๋ฆฌํ•  FilterChain์„ ๋งŒ๋“ ๋‹ค. 

FilterChain์€ ์—ฌ๋Ÿฌ๊ฐœ์˜ Filter ์ธ์Šคํ„ด์Šค์™€ ํ•˜๋‚˜์˜ Servlet์œผ๋กœ ๊ตฌ์„ฑ๋˜์–ด์žˆ์œผ๋ฉฐ, HttpServletRequest๊ฐ€ ๊ฐ ํ•„ํ„ฐ๋ฅผ ๊ฑฐ์ณ ์ตœ์ข…์ ์œผ๋กœ servlet์œผ๋กœ ์ „๋‹ฌ๋œ๋‹ค. 

 

๐Ÿ“Œ ์š”์•ฝ. ver

์ปจํ…Œ์ด๋„ˆ๋Š”
1. FilterChain์„ ์ƒ์„ฑํ•˜๊ณ ,
2. ํ•ด๋‹น ์ฒด์ธ์ด URI ๊ฒฝ๋กœ์— ๋”ฐ๋ผ ์ ์ ˆํ•œ Filter์™€ Servlet ์‚ฌ์šฉํ•ด ์š”์ฒญ์„ ์ฒ˜๋ฆฌ

 

 

Spring MVC ์• ํ”Œ๋ฆฌ์ผ€์ด์…˜์—์„œ Servlet์€ DispatcherServlet์˜ ์ธ์Šคํ„ด์Šค์ด๋‹ค. 

DispatcherServlet์€ Spring MVC์˜ ํ•ต์‹ฌ์ธ๋ฐ, ๋ชจ๋“  HTTP ์š”์ฒญ์„ ์ฒ˜๋ฆฌํ•˜๋Š” '์ค‘์•™ ์ง„์ž…์ '์—ญํ• ์„ ํ•œ๋‹ค. 

ํ•œ ๋ฒˆ์— ํ•˜๋‚˜์˜ Servlet์ด ํŠน์ • HttpServletRequest์™€ HttpServletResponse๋ฅผ ์ฒ˜๋ฆฌํ•  ์ˆ˜ ์žˆ์ง€๋งŒ, ์—ฌ๋Ÿฌ๊ฐœ์˜ Filter๋Š” ์š”์ฒญ ์ฒ˜๋ฆฌ ๊ณผ์ •์—์„œ ๋‹ค์–‘ํ•œ ์ž‘์—…์„ ์ˆ˜ํ–‰ํ•  ์ˆ˜ ์žˆ๋‹ค. 

 

Filter์˜ ์—ญํ• ๊ณผ ๊ธฐ๋Šฅ

  1. Downstream(ํ›„์†) ํ•„ํ„ฐ ์ธ์Šคํ„ด์Šค๋‚˜ ์„œ๋ธ”๋ฆฟ์ด ํ˜ธ์ถœ๋˜์ง€ ์•Š๋„๋ก ๋ฐฉ์ง€
    • ์—ฌ๊ธฐ์„œ ํ›„์†์ด๋ž€, ํ˜„์žฌ ํ•„ํ„ฐ ๋‹ค์Œ์— ์‹คํ–‰๋˜๋Š” ๊ฒƒ(ํ•„ํ„ฐ/์„œ๋ธ”๋ฆฟ)์„ ์˜๋ฏธํ•œ๋‹ค. 
  2. HttpServletRequest ๋˜๋Š” HttpServletResponse ์ˆ˜์ •
    • ex. ์š”์ฒญ์„ ๋กœ๊น…, ์š”์ฒญ ํ—ค๋”๋ฅผ ์ถ”๊ฐ€/์ˆ˜์ •, ์‘๋‹ต์˜ ์ฝ˜ํ…์ธ ๋ฅผ ๋ฒˆ๊ฒฝํ•  ๊ฒฝ์šฐ
  3. FilterChain์„ ํ†ตํ•œ ๊ฐ•๋ ฅํ•œ ๊ธฐ๋Šฅ ์ œ๊ณต
    • FilterChain์€ ํ˜„์žฌ ํ•„ํ„ฐ๊ฐ€ ์š”์ฒญ ์ฒ˜๋ฆฌ๋ฅผ ์™„๋ฃŒํ•œ ํ›„์—, ๋‹ค์Œ ํ•„ํ„ฐ/์„œ๋ธ”๋ฆฟ์œผ๋กœ ์š”์ฒญ์„ ์ „๋‹ฌํ•˜๋Š” ๋ฉ”์ปค๋‹ˆ์ฆ˜์„ ์ œ๊ณตํ•œ๋‹ค. 
    • `chain.doFilter(request, response)`๋ฅผ ํ˜ธ์ถœํ•˜๋ฉด ๋‹ค์Œ ํ•„ํ„ฐ ๋กœ ์š”์ฒญ์ด ์ „๋‹ฌ๋˜๊ฑฐ๋‚˜, ๋ชจ๋“  ํ•„ํ„ฐ๋ฅผ ํ†ต๊ณผํ•œ ๊ฒฝ์šฐ ์„œ๋ธ”๋ฆฟ์œผ๋กœ ์š”์ฒญ์ด ์ „๋‹ฌ๋œ๋‹ค. 
    • `doFilter()` ํ˜ธ์ถœ์ด ์—†์œผ๋ฉด ํ˜„์žฌ ํ•„ํ„ฐ๊ฐ€ ์š”์ฒญ์„ ์ฐจ๋‹จํ•˜๊ฑฐ๋‚˜ ์‘๋‹ต์„ ์ง์ ‘ ์ž‘์„ฑํ•œ๋‹ค. 
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) {
	// do something before the rest of the application
    chain.doFilter(request, response); // invoke the rest of the application
    // do something after the rest of the application
}

 

ํ•„ํ„ฐ๋Š” ํ›„์† ํ•„ํ„ฐ ์ธ์Šคํ„ด์Šค์™€ ์„œ๋ธ”๋ฆฟ์—๋งŒ ์˜ํ–ฅ์„ ๋ฏธ์นœ๋‹ค.

๋”ฐ๋ผ์„œ ๊ฐ ํ•„ํ„ฐ์˜ ์ˆœ์„œ๊ฐ€ ๊ฐ€์žฅ ์ค‘์š”ํ•˜๋‹ค. 

ํ•„ํ„ฐ์˜ ์‹คํ–‰ ์ˆœ์„œ์— ๋”ฐ๋ผ ์• ํ”Œ๋ฆฌ์ผ€์ด์…˜์˜ ๋™์ž‘์ด ๋‹ฌ๋ผ์งˆ ์ˆ˜ ์žˆ๋‹ค. 

 

๊ทธ๋ ‡๋‹ค๋ฉด ์™œ ํ•„ํ„ฐ์˜ ์‹คํ–‰ ์ˆœ์„œ๊ฐ€ ์ค‘์š”ํ• ๊นŒ?

๊ฐ๊ฐ ์˜ˆ์‹œ๋ฅผ ๋“ค์–ด ์ดํ•ดํ•ด๋ณด์ž.

 

ํ•„ํ„ฐ์˜ ์ˆœ์„œ๊ฐ€ ์ค‘์š”ํ•œ ์ด์œ 

 

1. ํ•„ํ„ฐ์˜ ๊ธฐ๋Šฅ์ด ์ˆœ์„œ์— ๋”ฐ๋ผ ๋‹ฌ๋ผ์ง„๋‹ค. 

 

์ฒซ ๋ฒˆ์งธ ๊ฒฝ์šฐ
1. ์ธ์ฆ ํ•„ํ„ฐ
2. ๊ถŒํ•œ ๊ฒ€์‚ฌ ํ•„ํ„ฐ

 

 

์œ„ ๊ฒฝ์šฐ์—๋Š” ์ธ์ฆ์ด ๋งŒ์•ฝ ์‹คํŒจํ•œ๋‹ค๋ฉด, ๊ถŒํ•œ ๊ฒ€์‚ฌ ํ•„ํ„ฐ์— ์š”์ฒญ์ด ๋„๋‹ฌํ•˜์ง€ ์•Š๊ณ  ์‘๋‹ต์ด ์ž‘์„ฑ๋œ๋‹ค. 

 

๋‘ ๋ฒˆ์งธ ๊ฒฝ์šฐ
1. ๊ถŒํ•œ ๊ฒ€์‚ฌ ํ•„ํ„ฐ
2. ์ธ์ฆ ํ•„ํ„ฐ

 

๋ฐ˜๋Œ€๋กœ, ์ธ์ฆ ํ•„ํ„ฐ๊ฐ€ ๋จผ์ € ์‹คํ–‰๋˜์ง€ ์•Š๊ณ  ๊ถŒํ•œ ๊ฒ€์‚ฌ ํ•„ํ„ฐ๊ฐ€ ๋จผ์ € ์‹คํ–‰๋˜๋ฉด,

์ธ์ฆ๋˜์ง€ ์•Š์€ ์‚ฌ์šฉ์ž๊ฐ€ ๋ถˆํ•„์š”ํ•œ ๊ถŒํ•œ ๊ฒ€์‚ฌ๋ฅผ ๋ฐ›์•„ ๋ณด์•ˆ ๋ฌธ์ œ๊ฐ€ ๋ฐœ์ƒํ•  ์ˆ˜ ์žˆ๋‹ค. 

 

2. ์š”์ฒญ ๋ฐ ์‘๋‹ต ์ˆ˜์ •์˜ ์ˆœ์„œ๊ฐ€ ์ค‘์š”ํ•˜๋‹ค. 

 

1. ๋กœ๊น… ํ•„ํ„ฐ ์‹คํ–‰: ์š”์ฒญ ์ •๋ณด๋ฅผ ๋กœ๊ทธ๋กœ ๋‚จ๊ธด๋‹ค.
2. ๋ฐ์ดํ„ฐ ์••์ถ• ํ•„ํ„ฐ ์‹คํ–‰: ์‘๋‹ต ๋ฐ์ดํ„ฐ๋ฅผ ์••์ถ•ํ•œ๋‹ค.  

 

 

์œ„ ์ˆœ์„œ๊ฐ€ ๋ฐ”๋€Œ๋ฉด ๋กœ๊น… ํ•„ํ„ฐ๊ฐ€ ์••์ถ•๋œ ๋ฐ์ดํ„ฐ๋ฅผ ๊ธฐ๋กํ•˜๋ ค๊ณ  ํ•  ๋•Œ ๋ฌธ์ œ๊ฐ€ ๋ฐœ์ƒํ•  ์ˆ˜ ์žˆ๋‹ค. 

 

3. ์š”์ฒญ ์ฐจ๋‹จ ๋ฐ ์˜ˆ์™ธ ์ฒ˜๋ฆฌ

1. CSRF ๋ณดํ˜ธ ํ•„ํ„ฐ: CSRF ๊ณต๊ฒฉ ์ฐจ๋‹จ
2. ์ธ์ฆ ํ•„ํ„ฐ

 

๋งŒ์•ฝ ์œ„์˜ ์ˆœ์„œ๊ฐ€ ๋ฐ”๋€๋‹ค๋ฉด ์ธ์ฆ ํ•„ํ„ฐ๊ฐ€ CSRF ๊ณต๊ฒฉ์œผ๋กœ ์ธํ•ด ๋ถˆํ•„์š”ํ•œ ์ž‘์—…์„ ์ˆ˜ํ–‰ํ•˜๊ฒŒ ๋œ๋‹ค. 

๋ฐ˜์‘ํ˜•

'Spring Boot' ์นดํ…Œ๊ณ ๋ฆฌ์˜ ๋‹ค๋ฅธ ๊ธ€

[Spring Security] docs: Architecture(5) - ExceptionTranslationFilter, RequestCache, logging  (1) 2024.08.30
[Spring Security] docs : Architecture(4) : FilterChain์˜ ์—ญํ• ๊ณผ ์ˆœ์„œ, ์ปค์Šคํ…€ ํ•„ํ„ฐ  (3) 2024.08.30
[Spring Security] docs: Architecture (3) - FilterChainProxy & SecurityFilterChain  (0) 2024.08.30
[Spring Security] docs: Architecture (2) - DelegatingFilterProxy  (4) 2024.08.29
[Spring Security] docs : Getting Started  (0) 2024.08.29
'Spring Boot' Related Articles more