권한 및 로그인 후 부가작업

- 로그인 후 부가작업

https://zgundam.tistory.com/52


- 권한 동적 관리

* spring-boot 3.x

* 람다 방식

    @Bean
    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
        http.csrf(csrf -> csrf.disable())
            .authorizeHttpRequests(auth -> auth
                .anyRequest()
                .access((authentication, context) -> {
                    Authentication authObj = authentication.get();
                    boolean granted = (authObj != null) && accessAuthority.isAccessible(authObj, context.getRequest());

                    return new AuthorizationDecision(granted);
                })
            );

        return http.build();
    }


.authorizeHttpRequests(
    request -> request.anyRequest().access((authentication, context) -> new AuthorizationDecision(
        authentication != null && accessAuthority.isAccessible(authentication.get(), context.getRequest()))));

 

*SpEL 방식

    @Bean
    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
        http.csrf(csrf -> csrf.disable())
            .authorizeHttpRequests(auth -> auth
                .anyRequest()
                .access(new WebExpressionAuthorizationManager(
                    "@accessAuthority.isAccessible(authentication, request)"
                ))
            );

        return http.build();
    }

https://github.com/spring-projects/spring-security/issues/12928

https://docs.spring.io/spring-security/reference/5.8/servlet/authorization/expression-based.html



* spring-boot 2.x

http.csrf().disable()
.authorizeRequests()
.anyRequest()
.access("@accessAuthority.canAccess( authentication, request )")
.and()
....

https://docs.spring.io/spring-security/site/docs/5.1.0.RELEASE/reference/htmlsingle/#el-access-web-beans

https://kim-jong-hyun.tistory.com/m/53

https://m.blog.naver.com/spring1a/221765202937


- 권한을 DB로 관리하기

https://dkyou.tistory.com/33?category=877213

http://yoonbumtae.com/?p=1897

https://zgundam.tistory.com/58


Role은 역할이고 Authority는 권한이지만 사실은 표현의 차이입니다.
Role은 “ADMIN”으로 표현하고 Authority는 “ROLE_ADMIN”으로 표기합니다.

https://devuna.tistory.com/m/59