티스토리 뷰
> Protecting Application Assets with Spring Security - Part One - Out-of-the-Box Features
> application 실행 로그를 보면 아래와 같이 default security password가 보임
2016-06-07 11:35:07.422 INFO 9508 --- [ost-startStop-1] b.a.s.AuthenticationManagerConfiguration :
Using default security password: 7ea7a48e-db3a-4ace-b58c-8f7821b7c589
2016-06-07 11:35:07.495 INFO 9508 --- [ost-startStop-1] o.s.s.web.DefaultSecurityFilterChain : Creating filter chain: OrRequestMatcher [requestMatchers=[Ant [pattern='/css/**'], Ant [pattern='/js/**'], Ant [pattern='/images/**'], Ant [pattern='/**/favicon.ico'], Ant [pattern='/error']]], []
> 기존 api endpoints를 호출하면 아래와 같이 401 에러 발생함.
{
"timestamp": 1465266997749,
"status": 401,
"error": "Unauthorized",
"message": "Full authentication is required to access this resource",
"path": "/api/greetings"
}
> 아래와 같이 basic auth에 위 로그의 패스워드를 설정하고 호출
* Header 정보
> Out-of-the-Box Spring Boot and Spring Security Features
- Static Paths like /css, /js, and /images are public
- All other paths secured by Basic Auth
- Security events published through Spring's ApplicationEventPublisher
- Cross-Site Request Forgery(CSRF) proection enabled
- Cross-Site Scripting(XSS) protection enabled
- HTTP Strict Transport Security(HSTS) protection enabled
> Additional Features for Actuator
- Actuator endpoints secured with Basic Auth
- Security events converted to AuditEvents and published via the AuditService
- The default, in-memory User is granted th ADMIN role to access Autuator endpoints
> Spring Security 설정
* 보다 상세한 properties 는 아래 spring reference guide 문서에서 참조
http://docs.spring.io/spring-boot/docs/current/reference/htmlsingle/#common-application-properties
- Total
- Today
- Yesterday