SpringBootã§SpringSecurityを使ã£ã¦ç‹¬è‡ªèªè¨¼ã§ãƒã‚°ã‚¤ãƒ³æ©Ÿèƒ½ã‚’実装ã—ã¦ã¿ã¾ã—ãŸã€‚
ドã‚ュメントをå‚考ã«ã‚„ã£ã¦ã¿ãŸã‘ã©ã€è©³ã—ã書ã„ã¦ãªãã¦ç†è§£ã«è‹¦ã—ã¿çµæ§‹ãƒãƒžã‚Šã¾ã—ãŸã€‚
最終的ã«SpringSecurityã®ã‚½ãƒ¼ã‚¹ã‚’見るã“ã¨ã§èªè¨¼ã‚ªãƒ–ジェクトã®ä»•çµ„ã¿ã‚’ç†è§£ã—ã¾ã—ãŸã€‚
概è¦
SpringSecurityã§DBを使用ã—ã¦èªè¨¼ã™ã‚‹å ´åˆã€SpringSecurity付属ã®ãƒ†ãƒ¼ãƒ–ル定義を行ã†å¿…è¦ãŒã‚ã‚Šã¾ã™ã€‚
今回ã¯ã€ç‹¬è‡ªãƒ†ãƒ¼ãƒ–ルを使ã£ãŸèªè¨¼ã‚’è¡Œã„ã€ãƒãƒ¼ãƒ«ã¯ä½¿ç”¨ã—ã¾ã›ã‚“。
SpringSecurityã®è¨å®š
SecurityConfigクラスを作æˆã—ã€ã‚¢ã‚¯ã‚»ã‚¹åˆ¶é™ã€ãƒã‚°ã‚¤ãƒ³å‡¦ç†ã€ãƒã‚°ã‚¢ã‚¦ãƒˆå‡¦ç†ç‰ã‚’定義ã—ã¾ã™ã€‚
èªè¨¼ãƒã‚§ãƒƒã‚¯å‡¦ç†ã‚¯ãƒ©ã‚¹
AuthenticationProviderインターフェースを継承ã—ã¦ç‹¬è‡ªã‚¯ãƒ©ã‚¹ã‚’作æˆã—ã¾ã™ã€‚
ã“ã®ã‚¯ãƒ©ã‚¹ã§ç‹¬è‡ªãƒ†ãƒ¼ãƒ–ルをå‚ç…§ã—ã¦èªè¨¼ãƒã‚§ãƒƒã‚¯å‡¦ç†ã‚’定義ã—ã¾ã™ã€‚
èªè¨¼ã‚ªãƒ–ジェクト作æˆã‚µãƒ¼ãƒ“スクラス
UserDetailsServiceインターフェースを継承ã—独自クラスを作æˆã—ã¾ã™ã€‚
ã“ã®ã‚¯ãƒ©ã‚¹ã§èªè¨¼å¾Œã«ã‚·ã‚¹ãƒ†ãƒ 内ã§ä½¿ç”¨ã™ã‚‹èªè¨¼ã‚ªãƒ–ジェクトを生æˆã—ã¾ã™ã€‚
èªè¨¼ã‚ªãƒ–ジェクトクラス
Userクラスを継承ã—ãŸã‚¯ãƒ©ã‚¹ã‚’作æˆã—ã€usernameã€passwordフィールドを定義ã—ã¾ã™ã€‚
usernameã€passwordフィールドを定義ã™ã‚‹ã“ã¨ã§ã€ã‚·ã‚¹ãƒ†ãƒ 内ã§èªè¨¼ã‚ªãƒ–ジェクトをオブジェクトã§æŒã¤ã“ã¨ãŒã§ãã€ä»–ã«å¿…è¦ãªæƒ…å ±ã‚’æŒãŸã›ã‚‹ã“ã¨ãŒã§ãるよã†ã«ãªã‚Šã¾ã™ã€‚
環境
| Eclipse | 4.3 |
|---|---|
| Java | 1.7 |
| SpringBoot | 1.2.4 |
| SpringSecurity | 3.2.7 |
| Thymeleaf | 2.1.4 |
| Doma | 1.0.38 |
| Gradle | 2.3.10 |
構æˆ
build.gradle
buildscript {
ext {
springBootVersion = '1.2.4.RELEASE'
}
repositories {
mavenCentral()
}
dependencies {
classpath("org.springframework.boot:spring-boot-gradle-plugin:${springBootVersion}")
classpath("io.spring.gradle:dependency-management-plugin:0.5.1.RELEASE")
}
}
apply plugin: 'java'
apply plugin: 'eclipse-wtp'
apply plugin: 'idea'
apply plugin: 'spring-boot'
apply plugin: 'io.spring.dependency-management'
apply plugin: 'war'
war {
baseName = 'demo'
version = '1.0'
}
sourceCompatibility = 1.7
targetCompatibility = 1.7
// for Doma
// Javaクラスã¨SQLファイルã®å‡ºåŠ›å…ˆãƒ‡ã‚£ãƒ¬ã‚¯ãƒˆãƒªã‚’åŒã˜ã«ã™ã‚‹
processResources.destinationDir = compileJava.destinationDir
// コンパイルよりå‰ã«SQLファイルを出力先ディレクトリã«ã‚³ãƒ”ーã™ã‚‹ãŸã‚ã«ä¾å˜é–¢ä¿‚を逆転ã™ã‚‹
compileJava.dependsOn processResources
repositories {
maven {url 'http://maven.seasar.org/maven2'}
mavenCentral()
}
configurations {
providedRuntime
}
dependencies {
compile("org.springframework.boot:spring-boot-starter-aop")
// SpringSecurityã®ä¾å˜
compile("org.springframework.boot:spring-boot-starter-security")
compile("org.springframework.boot:spring-boot-starter-thymeleaf")
compile("org.springframework.boot:spring-boot-starter-web")
compile("org.springframework.boot:spring-boot-starter-jdbc")
// htmlã§Thymeleaf用ã®SpringSecurityタグ使ã†ãŸã‚ã®ã‚‚ã®
compile("org.thymeleaf.extras:thymeleaf-extras-springsecurity3")
compile("org.hibernate:hibernate-validator")
compile("org.seasar.doma:doma:1.38.0")
compile("org.projectlombok:lombok:1.16.4")
compile files("C:/app/lib/jdbc/ojdbc7.jar")
providedRuntime("org.springframework.boot:spring-boot-starter-tomcat")
}
eclipse {
classpath {
containers.remove('org.eclipse.jdt.launching.JRE_CONTAINER')
containers 'org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/JavaSE-1.7'
}
}
task wrapper(type: Wrapper) {
gradleVersion = '2.3'
}
demo/SecurityConfig.java
package demo; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Configuration; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity; import org.springframework.security.web.util.matcher.AntPathRequestMatcher; import demo.impl.AuthenticationProviderImpl; import demo.impl.UserDetailsServiceImpl; @Configuration @EnableWebMvcSecurity public class SecurityConfig extends WebSecurityConfigurerAdapter { @Autowired private UserDetailsServiceImpl userDetailsService; @Autowired private AuthenticationProviderImpl authenticationProvider; @Override protected void configure(HttpSecurity http) throws Exception { http .headers() .xssProtection() .frameOptions() .contentTypeOptions() .cacheControl() .and() .authorizeRequests() // èªè¨¼å¯¾è±¡å¤–ã®ãƒ‘スをè¨å®šã™ã‚‹ .antMatchers("/", "/login", "/registration/**", "/css/**", "/js/**", "/img/**") // 上記パスã¸ã®ã‚¢ã‚¯ã‚»ã‚¹ã‚’許å¯ã™ã‚‹ .permitAll() // ãã®ä»–ã®ãƒªã‚¯ã‚¨ã‚¹ãƒˆã¯èªè¨¼ãŒå¿…è¦ .anyRequest().authenticated() .and() .formLogin() // ãƒã‚°ã‚¤ãƒ³ãƒ•ã‚©ãƒ¼ãƒ ã®ãƒ‘ス .loginPage("/") // ãƒã‚°ã‚¤ãƒ³å‡¦ç†ã®ãƒ‘ス .loginProcessingUrl("/login") // ãƒã‚°ã‚¤ãƒ³æˆåŠŸæ™‚ã®é·ç§»å…ˆ .defaultSuccessUrl("/menu") // ãƒã‚°ã‚¤ãƒ³å¤±æ•—時ã®é·ç§»å…ˆ .failureUrl("/login-error") // ãƒã‚°ã‚¤ãƒ³ãƒ•ã‚©ãƒ¼ãƒ ã§ä½¿ç”¨ã™ã‚‹ãƒ¦ãƒ¼ã‚¶ãƒ¼åã®input name .usernameParameter("empNo") // ãƒã‚°ã‚¤ãƒ³ãƒ•ã‚©ãƒ¼ãƒ ã§ä½¿ç”¨ã™ã‚‹ãƒ‘スワードã®input name .passwordParameter("password") .permitAll() .and() .rememberMe() .tokenValiditySeconds(86400) // 1ヶ月(秒) .and() .logout() // ãƒã‚°ã‚¢ã‚¦ãƒˆãŒãƒ‘ス(GET)ã®å ´åˆè¨å®šã™ã‚‹ï¼ˆCSRF対応) .logoutRequestMatcher(new AntPathRequestMatcher("/logout")) // ãƒã‚°ã‚¢ã‚¦ãƒˆãŒPOSTã®å ´åˆè¨å®šã™ã‚‹ //.logoutUrl("/logout") // ãƒã‚°ã‚¢ã‚¦ãƒˆå¾Œã®é·ç§»å…ˆ .logoutSuccessUrl("/") // ã‚»ãƒƒã‚·ãƒ§ãƒ³ã‚’ç ´æ£„ã™ã‚‹ .invalidateHttpSession(true) // ãƒã‚°ã‚¢ã‚¦ãƒˆæ™‚ã«å‰Šé™¤ã™ã‚‹ã‚¯ãƒƒã‚ーå .deleteCookies("JSESSIONID", "remember-me") .permitAll(); } @Autowired public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception { // 独自èªè¨¼ã‚¯ãƒ©ã‚¹ã‚’è¨å®šã™ã‚‹ auth .authenticationProvider(authenticationProvider) .userDetailsService(userDetailsService); } }
demo/dto/LoginUser.java
package demo.dto import java.util.ArrayList; import lombok.Data; import lombok.EqualsAndHashCode; import lombok.ToString; import demo.entity.Emp; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.userdetails.User; @Data @EqualsAndHashCode(callSuper = true) @ToString(callSuper = true) public class LoginUser extends User { private static final long serialVersionUID = 1L; // è¿½åŠ ã™ã‚‹ï¼ˆãƒ†ãƒ¼ãƒ–ルã§ãƒ¦ãƒ¼ã‚¶ãƒ¼ã®ã‚ーã¨ãªã‚‹å€¤ã‚’è¨å®šã™ã‚‹ï¼‰ public String username; // è¿½åŠ ã™ã‚‹ public String password; // 独自ã§å¿…è¦ãªé …ç›® public String empNm; public LoginUser(Emp emp) { super(emp.empNo, emp.password, true, true, true, true, new ArrayList<GrantedAuthority>()); username = emp.empNo; password = emp.password; empNm = emp.empNm; } }
demo/impl/AuthenticationProviderImpl.java
package demo.impl; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException; import org.springframework.security.authentication.AuthenticationProvider; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.core.Authentication; import org.springframework.security.core.AuthenticationException; import org.springframework.stereotype.Component; import demo.dao.EmpDao; import demo.entity.Emp; @Component public class AuthenticationProviderImpl implements AuthenticationProvider { private static final Logger log = LoggerFactory.getLogger(AuthenticationProviderImpl.class); @Autowired private EmpDao empDao; @Override public Authentication authenticate(Authentication auth) throws AuthenticationException { String id = auth.getName(); String password = auth.getCredentials().toString(); if ("".equals(id) || "".equals(password) { // 例外ã¯SpringSecurityã«ã‚ã£ãŸã‚‚ã®ã‚’é©å½“ã«ä½¿ç”¨ throw new AuthenticationCredentialsNotFoundException("ãƒã‚°ã‚¤ãƒ³æƒ…å ±ã«ä¸å‚™ãŒã‚ã‚Šã¾ã™ã€‚"); } Emp emp = empDao.authEmp(id, password); if (emp == null) { // 例外ã¯SpringSecurityã«ã‚ã£ãŸã‚‚ã®ã‚’é©å½“ã«ä½¿ç”¨ throw new AuthenticationCredentialsNotFoundException("ãƒã‚°ã‚¤ãƒ³æƒ…å ±ãŒå˜åœ¨ã—ã¾ã›ã‚“。"); } return new UsernamePasswordAuthenticationToken(new LoginUser(emp), password, auth.getAuthorities()); } @Override public boolean supports(Class<?> token) { return UsernamePasswordAuthenticationToken.class.isAssignableFrom(token); } }
demo/impl/UserDetailsServiceImpl.java
package demo.impl; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.core.userdetails.UsernameNotFoundException; import org.springframework.stereotype.Component; import demo.dao.EmpDao; import demo.dto.LoginUser; import demo.entity.Emp; @Component public class UserDetailsServiceImpl implements UserDetailsService { @Autowired private EmpDao empDao; @Override public UserDetails loadUserByUsername(String empNo) throws UsernameNotFoundException { Emp emp = empDao.findByNo(empNo); if (emp == null) { throw new UsernameNotFoundException("ユーザーãŒè¦‹ã¤ã‹ã‚Šã¾ã›ã‚“ã§ã—ãŸã€‚"); } return new LoginUser(emp); } }
demo/web/LoginController.java
package demo.web; import javax.validation.Valid; import org.springframework.stereotype.Controller; import org.springframework.ui.Model; import org.springframework.validation.BindingResult; import org.springframework.web.bind.annotation.RequestMapping; import demo.form.LoginForm; @Controller public class LoginController { @RequestMapping(value = "/") public String index(Model model) { model.addAttribute(new LoginForm()); return "login/login"; } /* ãƒã‚°ã‚¤ãƒ³å‡¦ç†ã¯å®Ÿè£…ã—ãªã„。SpringSecurityã®å‡¦ç†ã§è¡Œã‚れる。 @RequestMapping(value = "/login") public String login(@Valid LoginForm form, BindingResult result, Model model) { if (result.hasErrors()) { return "login/login"; } return "redirect:/menu"; } */ // SpringConfigã§è¨å®šã—ãŸãƒã‚°ã‚¤ãƒ³ã§ããªã‹ã£ãŸå ´åˆã®å‡¦ç†ã‚’定義ã™ã‚‹ @RequestMapping(value = "/login-error") public String loginError(Model model) { model.addAttribute("loginError", true); return "login/login"; } }
demo/web/MenuController.java
package demo.web; import org.springframework.security.web.bind.annotation.AuthenticationPrincipal; import org.springframework.stereotype.Controller; import org.springframework.ui.Model; import org.springframework.web.bind.annotation.RequestMapping; import demo.dto.LoginUser; @Controller public class MenuController { @RequestMapping(value = "/menu") public String index(@AuthenticationPrincipal LoginUser loginUser, Model model) { // @AuthenticationPrincipalを使ã†ã¨èªè¨¼ã‚ªãƒ–ジェクトをå‚ç…§ã§ãる。 return "menu/menu"; } }
templates/login.html
<!DOCTYPE html> <html xmlns:th="http://www.thymeleaf.org"> <head> </head> <body> <h1>login</h1> <!-- ãƒã‚°ã‚¤ãƒ³ã§ããªã‹ã£ãŸæ™‚ã®ã‚¨ãƒ©ãƒ¼ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ --> <p th:if="${loginError}">Login Error!!</p> <form th:action="@{/login}" method="post"> <table> <tr> <td>社員番å·</td> <td> <input type="text" name="empNo" /> </td> </tr> <tr> <td>パスワード</td> <td> <input type="password" name="password" /> </td> </tr> </table> <input name="remember-me" type="checkbox" />ãƒã‚°ã‚¤ãƒ³ã—ãŸã¾ã¾ã«ã™ã‚‹ <input type="hidden" th:name="${_csrf.parameterName}" th:value="${_csrf.token}" /> <input type="submit" name="login" value="ãƒã‚°ã‚¤ãƒ³" /> </form> </body> </html>
templates/menu.html
<!DOCTYPE html> <html xmlns:th="http://www.thymeleaf.org"> <head> </head> <body> <h1>menu</h1> <!-- èªè¨¼ã•ã‚Œã¦ã„ã‚‹ã‹ --> <p th:if="${#authorization.expression('isAuthenticated()')}">èªè¨¼æ¸ˆã¿</p> <!-- èªè¨¼ã‚ªãƒ–ジェクトã®å‚ç…§ --> <p th:text="${#authentication.principal.empNm}"></p> </body> </html>
Spring関連本
ã¯ã˜ã‚ã¦ã®Spring Boot―「Spring Frameworkã€ã§ç°¡å˜Javaアプリ開発 (I・O BOOKS)
- 作者: 槇俊明
- 出版社/メーカー: å·¥å¦ç¤¾
- 発売日: 2014/11
- メディア: å˜è¡Œæœ¬
- ã“ã®å•†å“ã‚’å«ã‚€ãƒ–ãƒã‚° (8件) を見る
SpringFramework4プãƒã‚°ãƒ©ãƒŸãƒ³ã‚°å…¥é–€
- 作者: 掌田津耶乃
- 出版社/メーカー: 秀和システãƒ
- 発売日: 2014/07/30
- メディア: å˜è¡Œæœ¬
- ã“ã®å•†å“ã‚’å«ã‚€ãƒ–ãƒã‚° (2件) を見る
