rest login & ajax login
https://zzangjava.tistory.com/m/1077
- session control
https://www.baeldung.com/spring-security-session
- rest login (authenticationManager이용, controller에서 처리)
/* form login disable할 때 로그인 처리 컨트롤러 예제 */
@Autowired
private AuthenticationManager authenticationManager;
@PostMapping(value="/login/authenticate")
public Authentication authenticate(HttpServletRequest request, HttpSession session) {
String username = request.getParameter("user_id");
String password = request.getParameter("password");
UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(username, password);
token.setDetails(request);
Authentication authentication = authenticationManager.authenticate(token);
SecurityContextHolder.getContext().setAuthentication(authentication);
session.setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY, SecurityContextHolder.getContext());
return authentication;
}
- rest login (Filter 이용)
https://johnmarc.tistory.com/74
- ajax login
https://jungeunlee95.github.io/java/2019/07/18/8-Spring-Security-ajax-%EB%A1%9C%EA%B7%B8%EC%9D%B8%ED%9B%84-json%EC%9D%91%EB%8B%B5%EB%B0%9B%EA%B8%B0/
https://programmer93.tistory.com/m/42
https://www.baeldung.com/spring-security-two-login-pages
Two Login Pages with Spring Security | Baeldung
A quick and practical guide to configuring Spring Security with two separate login pages.
www.baeldung.com
- csrf ajax 전송
https://hyunsangwon93.tistory.com/m/28
Spring Boot CSRF AJAX 전송 방법
CSRF ? 사이트 간 요청 위조(또는 크로스 사이트 요청 위조, 영어: Cross-site request forgery, CSRF, XSRF)는 웹사이트 취약점 공격의 하나로, 사용자가 자신의 의지와는 무관하게 공격자가 의도한 행��
hyunsangwon93.tistory.com