ajax 로그인

This commit is contained in:
현성필
2025-01-21 13:20:27 +09:00
parent 679f9e2242
commit fab924d136
3 changed files with 121 additions and 9 deletions
@@ -25,15 +25,18 @@ public class PortalConfigSecurity {
private final PortalAuthenticationFailureHandler authenticationFailureHandler;
private final PortalAuthenticationSuccessHandler authenticationSuccessHandler;
private final AjaxAuthenticationSuccessHandler ajaxAuthenticationSuccessHandler;
private final AjaxAuthenticationFailureHandler ajaxAuthenticationFailureHandler;
private final PortalAuthenticationManager portalAuthenticationManager;
private final CsrfExclusionService csrfExclusionService;
public PortalConfigSecurity(PortalAuthenticationFailureHandler authenticationFailureHandler, PortalAuthenticationSuccessHandler authenticationSuccessHandler, PortalAuthenticationManager portalAuthenticationManager,
CsrfExclusionService csrfExclusionService) {
public PortalConfigSecurity(PortalAuthenticationFailureHandler authenticationFailureHandler, PortalAuthenticationSuccessHandler authenticationSuccessHandler, AjaxAuthenticationSuccessHandler ajaxAuthenticationSuccessHandler,
AjaxAuthenticationFailureHandler ajaxAuthenticationFailureHandler, PortalAuthenticationManager portalAuthenticationManager, CsrfExclusionService csrfExclusionService) {
this.authenticationFailureHandler = authenticationFailureHandler;
this.authenticationSuccessHandler = authenticationSuccessHandler;
this.ajaxAuthenticationSuccessHandler = ajaxAuthenticationSuccessHandler;
this.ajaxAuthenticationFailureHandler = ajaxAuthenticationFailureHandler;
this.portalAuthenticationManager = portalAuthenticationManager;
this.csrfExclusionService = csrfExclusionService;
}
@@ -79,16 +82,29 @@ public class PortalConfigSecurity {
.usernameParameter("id")
.passwordParameter("password")
.loginProcessingUrl("/actionLogin.do")
.failureHandler(authenticationFailureHandler)
.successHandler(authenticationSuccessHandler))
.failureHandler((request, response, exception) -> {
if ("XMLHttpRequest".equals(request.getHeader("X-Requested-With"))) {
ajaxAuthenticationFailureHandler.onAuthenticationFailure(request, response, exception);
} else {
authenticationFailureHandler.onAuthenticationFailure(request, response, exception);
}
})
.successHandler((request, response, authentication) -> {
if ("XMLHttpRequest".equals(request.getHeader("X-Requested-With"))) {
ajaxAuthenticationSuccessHandler.onAuthenticationSuccess(request, response, authentication);
} else {
authenticationSuccessHandler.onAuthenticationSuccess(request, response, authentication);
}
}))
.logout(logout -> logout
.logoutRequestMatcher(new AntPathRequestMatcher("/actionLogout.do", "GET"))
.logoutSuccessUrl("/"))
.csrf(csrf -> csrf
.csrfTokenRepository(csrfTokenRepository(csrfExclusionService))
.ignoringRequestMatchers(request -> csrfExclusionService.shouldExclude(request.getServletPath()))
.ignoringAntMatchers("/h2-console/**")
).headers(headers -> headers.frameOptions().sameOrigin())
.csrfTokenRepository(csrfTokenRepository(csrfExclusionService))
.ignoringRequestMatchers(request -> csrfExclusionService.shouldExclude(request.getServletPath()))
.ignoringAntMatchers("/h2-console/**")
)
.headers(headers -> headers.frameOptions().sameOrigin())
.sessionManagement(session -> session
.sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
.sessionFixation()