백엔드/Spring Security
spring security 세션
김어찐
2021. 12. 1. 21:58
728x90
package io.security.basicsecurity;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
UserDetailsService userDetailsService;
@Override
protected void configure(HttpSecurity http) throws Exception {
// 어떠한 요청에도 인증 받게
http
.authorizeRequests()
.anyRequest().authenticated();
// 인증 방법은 form 로그인 방식으로
http
.formLogin();
http
.sessionManagement()
.maximumSessions(1)
.maxSessionsPreventsLogin(false);
};
}package io.security.basicsecurity;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
UserDetailsService userDetailsService;
@Override
protected void configure(HttpSecurity http) throws Exception {
// 어떠한 요청에도 인증 받게
http
.authorizeRequests()
.anyRequest().authenticated();
// 인증 방법은 form 로그인 방식으로
http
.formLogin();
http
.sessionManagement()
.sessionFixation().changeSessionId();
};
}JWT 사용시 Stateless 사용
728x90