rest login & ajax login

https://zzangjava.tistory.com/m/1077


- session control
https://www.baeldung.com/spring-security-session



- REST login (authenticationManager 이용, controller에서 직접 처리)

https://cusonar.tistory.com/17


- spring security6 환경에서 controller의 메서드에서 AuthenticationManager의 authenticate 메서드 직접 호출시
아래와 같이 AuthenticationManager 객체를 생성해 줘야 함

public class SecurityConfiguration{
    @Bean(BeanIds.AUTHENTICATION_MANAGER)
    AuthenticationManager authenticationManager(LoginAuthenticationProvider loginProvider) {
        // ProviderManager에 커스텀 provider만 등록
        return new ProviderManager(loginProvider);
    }
}


public class FormLoginDisableController extends AbstractFormLoginDisabled {

    private final SecurityContextRepository securityContextRepository = new HttpSessionSecurityContextRepository();

    @GuestAccessible
    @PostMapping(value = "/login/authenticate")
    public Authentication loginAuthenticate(HttpServletRequest request, HttpServletResponse response, HttpSession session) {
        try {
            String username = request.getParameter(SecurityUser.USERNAME_PARAMETER);
            String password = request.getParameter(SecurityUser.USERNAME_PARAMETER);

            // 1. 인증 처리
            Authentication authentication = loginAuthenticate(username, password);

            // 2. SecurityContext 생성 및 authentication 저장
            SecurityContext context = SecurityContextHolder.createEmptyContext();
            context.setAuthentication(authentication);

            // 3. 현재 쓰레드에도 SecurityContext 적용
            SecurityContextHolder.setContext(context);

            // 4. SecurityContextRepository 를 통해 세션에 저장
            securityContextRepository.saveContext(context, request, response);

            log.debug("authentication {}", authentication);

            return authentication;
        } catch (Exception e) {
            log.error("", e);

            return null;
        }
    }
}

- REST login (custom Filter 이용)
https://johnmarc.tistory.com/74

1. Spring Security 6 / Boot 3.x에서는 SecurityContextPersistenceFilter → SecurityContextHolderFilter로 바뀌었고, 자동 세션 저장이 안 됨
2. 커스텀 로그인 필터에서 **SecurityContextHolder.setAuthentication() + SecurityContextRepository.saveContext()**를 호출해야 Authentication이 세션에 저장되어 다음 요청에서도 유지
3. 기존 SessionAuthenticationStrategy와 커스텀 SessionRegistry도 그대로 활용 가능

//        custom filter는 SecurityContextHolderFilter 보다 후순위여아만 한다.
//        SecurityContextHolderFilter 뒤에 등록해야, SecurityContext가 정상적으로 세션에 저장됨


- AJAX login
https://jungeunlee95.github.io/java/2019/07/18/8-Spring-Security-ajax-%EB%A1%9C%EA%B7%B8%EC%9D%B8%ED%9B%84-json%EC%9D%91%EB%8B%B5%EB%B0%9B%EA%B8%B0/

https://programmer93.tistory.com/m/42


https://www.baeldung.com/spring-security-two-login-pages

Two Login Pages with Spring Security | Baeldung

- csrf ajax 전송
https://hyunsangwon93.tistory.com/m/28

Spring Boot CSRF AJAX 전송 방법