Spring Security Filter

자바/Spring

Spring Security Filter

끄적끄적 2023. 9. 17. 20:31

기존 FilterChain 내에서 앞뒤로 원하는 Filter를 붙일 수 있다.

public class RequestValidationFilter implements Filter {

    @Override
    public void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain) throws IOException,
        ServletException {
        var httpRequest = (HttpServletRequest) request;
        var httpResponse = (HttpServletResponse) response;
        String requestId = httpRequest.getHeader("Request-Id");
        // if (requestId == null || requestId.isBlank()) {
        //     httpResponse.setStatus(HttpServletResponse.SC_BAD_REQUEST);
        //     return;
        // }

        filterChain.doFilter(request, response);
    }
}

뒤에 붙일 필터를 정의한다.

public class AuthenticationLoggingFilter implements Filter {

    private final Logger logger =
            Logger.getLogger(AuthenticationLoggingFilter.class.getName());

    @Override
    public void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain) throws IOException,
        ServletException {
        var httpRequest = (HttpServletRequest) request;
        String requestId = httpRequest.getHeader("Request-Id");
        logger.info("Successfully authenticated request with id " +  requestId);
        filterChain.doFilter(request, response);
    }
}

아래와 같이 BasicAuthenticationFilter 앞 뒤로 원하는 필터 주입할 수 있다.

@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {

    return http
        .csrf(AbstractHttpConfigurer::disable)
        .addFilterBefore(new RequestValidationFilter(), BasicAuthenticationFilter.class)
        .addFilterAfter(new AuthenticationLoggingFilter(), BasicAuthenticationFilter.class)

아래는 Header에 키를 체크하는 필터의 예시

@Component
public class StaticKeyAuthenticationFilter implements Filter {

    @Value("${authorization.key}")
    private String authorizationKey;

    @Override
    public void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain) throws IOException, ServletException {
        var httpRequest = (HttpServletRequest) request;
        var httpResponse = (HttpServletResponse) response;

        String authentication = httpRequest.getHeader("Authorization");

        if (authorizationKey.equals(authentication)) {
            filterChain.doFilter(request, response);
        } else {
            httpResponse.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
        }
    }
}

현재글Spring Security Filter

https://github.com/seaking7 https://www.linkedin.com/in/%ED%83%9C%EA%B2%BD-%EA%B9%80-70693411b/

MySQL, 리눅스, 스프링노트, 위젯, UVA, 왜 일하는가, 자바 코딩의 기술, 자바코딩의기술, topcoder, 광고설정, Gmail, codejam, Google, SRM, Spring, Redis, 임백준, 클린코드, 애드클릭스, 구글,

Today :
Yesterday :

일	월	화	수	목	금	토
			1	2	3	4
5	6	7	8	9	10	11
12	13	14	15	16	17	18
19	20	21	22	23	24	25
26	27	28	29	30	31

You Lead!!

Spring Security Filter

'자바/Spring'의 다른글

티스토리툴바

Spring Security Filter

'자바/Spring'의 다른글

관련글

티스토리툴바