spring security업데이트로 인한 설정관련 문의드립니다.
- 작성자 :
- 양*유
- 작성일 :
- 2018-03-22 18:16:11
- 조회수 :
- 2,558
- 구분 :
- 개발환경
- 진행상태 :
- 완료
Q
전자정부 3.5.1 버전때 적용한 spring security AffirmativeBased관련 문의좀 드립니다.
기존 3.5.1버전에서 사용된 AffirmativeBased>AbstractAccessDecisionManager의 decisionVoters를
설정하던 함수가(setDecisionVoters) 전자정부 3.7.0 버전의 spring security library가 버전업 되면서
없어졌네요.
기존에 아래 wiki를 참고하여 구현했었습니다.
혹시 java파일에서가 아닌 context-security.xml 파일의 설정으로 decisionVoters를 설정할 수 있는 방법이 있을지 답변좀 부탁드립니다.
##################################################################################################
## 참고한 wiki정보
##################################################################################################
https://www.egovframe.go.kr/wiki/doku.php?id=egovframework:rte3:fdl:server_security:authorization
<beans:bean id="accessDecisionManager" class="org.springframework.security.access.vote.AffirmativeBased">
<beans:property name="allowIfAllAbstainDecisions" value="false" />
<beans:property name="decisionVoters">
<beans:list>
<beans:bean class="org.springframework.security.access.vote.RoleVoter">
<beans:property name="rolePrefix" value="ROLE_" />
</beans:bean>
<beans:bean class="org.springframework.security.access.vote.AuthenticatedVoter" />
</beans:list>
</beans:property>
</beans:bean>
##################################################################################################
## 현재 테스트 진행중인 context-security.xml 파일
##################################################################################################
3.7.0에서 setDecisionVoters가 사라져서 "<property name="decisionVoters" 없이 할경우 null point exception처리됨.
<bean id="_accessManager" class="egovframework.custom.sec.CustomAffirmativeBased">
<!-- 3.7.0 변경테스트중 -->
<property name="allowIfAllAbstainDecisions" value="false" />
<constructor-arg>
<list>
<bean class="egovframework.custom.sec.RoleVoter">
<property name="rolePrefix" value="ROLE_" />
</bean>
<bean class="org.springframework.security.access.vote.AuthenticatedVoter" />
</list>
</constructor-arg>
<!-- 3.5.1 기존사용방법 -->
<!-- <property name="decisionVoters"> -->
<!-- <list> -->
<!-- <bean class="egovframework.custom.sec.RoleVoter"> -->
<!-- <property name="rolePrefix" value="ROLE_" /> -->
<!-- </bean> -->
<!-- <bean class="org.springframework.security.access.vote.AuthenticatedVoter" /> -->
<!-- </list> -->
<!-- </property> -->
</bean>
기존 3.5.1버전에서 사용된 AffirmativeBased>AbstractAccessDecisionManager의 decisionVoters를
설정하던 함수가(setDecisionVoters) 전자정부 3.7.0 버전의 spring security library가 버전업 되면서
없어졌네요.
기존에 아래 wiki를 참고하여 구현했었습니다.
혹시 java파일에서가 아닌 context-security.xml 파일의 설정으로 decisionVoters를 설정할 수 있는 방법이 있을지 답변좀 부탁드립니다.
##################################################################################################
## 참고한 wiki정보
##################################################################################################
https://www.egovframe.go.kr/wiki/doku.php?id=egovframework:rte3:fdl:server_security:authorization
<beans:bean id="accessDecisionManager" class="org.springframework.security.access.vote.AffirmativeBased">
<beans:property name="allowIfAllAbstainDecisions" value="false" />
<beans:property name="decisionVoters">
<beans:list>
<beans:bean class="org.springframework.security.access.vote.RoleVoter">
<beans:property name="rolePrefix" value="ROLE_" />
</beans:bean>
<beans:bean class="org.springframework.security.access.vote.AuthenticatedVoter" />
</beans:list>
</beans:property>
</beans:bean>
##################################################################################################
## 현재 테스트 진행중인 context-security.xml 파일
##################################################################################################
3.7.0에서 setDecisionVoters가 사라져서 "<property name="decisionVoters" 없이 할경우 null point exception처리됨.
<bean id="_accessManager" class="egovframework.custom.sec.CustomAffirmativeBased">
<!-- 3.7.0 변경테스트중 -->
<property name="allowIfAllAbstainDecisions" value="false" />
<constructor-arg>
<list>
<bean class="egovframework.custom.sec.RoleVoter">
<property name="rolePrefix" value="ROLE_" />
</bean>
<bean class="org.springframework.security.access.vote.AuthenticatedVoter" />
</list>
</constructor-arg>
<!-- 3.5.1 기존사용방법 -->
<!-- <property name="decisionVoters"> -->
<!-- <list> -->
<!-- <bean class="egovframework.custom.sec.RoleVoter"> -->
<!-- <property name="rolePrefix" value="ROLE_" /> -->
<!-- </bean> -->
<!-- <bean class="org.springframework.security.access.vote.AuthenticatedVoter" /> -->
<!-- </list> -->
<!-- </property> -->
</bean>
A
안녕하세요, 양재유님
표준프레임워크센터입니다.
Spring Security 3.X에서 4.X변경되면서
AffirmativeBased클래스의 설계가 변경되었고
아래의 유형으로 선언방식을 변경하셔야 합니다.
*코드에서의 선언
AffirmativeBased adm = new AffirmativeBased(voters);
*xml에서의 선언
<b:bean class="org.springframework.security.access.vote.UnanimousBased">
<b:constructor-arg ref="voters"/>
</b:bean>
자세한 내용은 아래 spring security migration 가이드를 참고하시면 될듯 합니다.
https://docs.spring.io/spring-security/site/migrate/current/3-to-4/html5/migrate-3-to-4-xml.html
감사합니다.
표준프레임워크센터입니다.
Spring Security 3.X에서 4.X변경되면서
AffirmativeBased클래스의 설계가 변경되었고
아래의 유형으로 선언방식을 변경하셔야 합니다.
*코드에서의 선언
AffirmativeBased adm = new AffirmativeBased(voters);
*xml에서의 선언
<b:bean class="org.springframework.security.access.vote.UnanimousBased">
<b:constructor-arg ref="voters"/>
</b:bean>
자세한 내용은 아래 spring security migration 가이드를 참고하시면 될듯 합니다.
https://docs.spring.io/spring-security/site/migrate/current/3-to-4/html5/migrate-3-to-4-xml.html
감사합니다.