springSecurityLoginProcess

  1. ๋กœ๊ทธ์ธ ํ”„๋กœ์„ธ์Šค

  2. @FunctionalInterface์ธ OAuth2UserService ์˜ loaduser ๋ฉ”์†Œ๋“œ๋ฅผ CustomOAuth2UserService ์—์„œ ๊ตฌํ˜„ํ•˜๋ฉด OAuth2LoginAuthenticationProvider ์—์„œ ์ด loaduser๋ฅผ ํ˜ธ์ถœํ•œ๋‹ค. ์•„๋ž˜๋Š” OAuth2LoginAuthenticationProvider ์˜ authenticate ๋ฉ”์†Œ๋“œ์˜ ๋กœ์ง ์ค‘ ์ผ๋ถ€์ด๋‹ค.

public Authentication authenticate(Authentication authentication) throws AuthenticationException {

OAuth2User oauth2User = this.userService.loadUser(new OAuth2UserRequest(loginAuthenticationToken.getClientRegistration(), accessToken, additionalParameters));

return authenticationResult;

}
b.  loadUser์—์„œ ๋ฆฌํ„ดํ•˜๋Š” OAuth2User๋Š” principal์ด ๋  ๊ฒƒ์ด๊ธฐ์— ์ค‘์š”ํ•˜๋‹ค. principal์„ ํ˜„์žฌ ์œ ์ € ํ…Œ์ด๋ธ”์— ๋งž๊ฒŒ ๊ตฌํ˜„ํ•˜๊ณ  ์‹ถ๋‹ค๋ฉด OAuth2User ์ธํ„ฐํŽ˜์ด์Šค๋งŒ ์ƒ์†ํ•ด์„œ ํ˜„์žฌ ํ…Œ์ด๋ธ”์— ๋งž๊ฒŒ ๊ตฌํ˜„ํ•˜๋ฉด ๋œ๋‹ค.

c.  `OAuth2LoginAuthenticationProvider` ์˜ authenticate ๋ฉ”์†Œ๋“œ๋Š” `ProviderManager`์˜ authenticate๋ฉ”์†Œ๋“œ์—์„œ ํ˜ธ์ถœํ•œ๋‹ค. 

d.  `ProviderManager`์˜ authenticate ๋ฉ”์†Œ๋“œ๋Š” `OAuth2LoginAuthenticationFilter` ์—์„œ ํ˜ธ์ถœํ•œ๋‹ค.

```xml
public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException {
	OAuth2LoginAuthenticationToken authenticationResult = (OAuth2LoginAuthenticationToken)this.getAuthenticationManager().authenticate(authenticationRequest);
}
```

๋ฆฌํ„ด๋œ  `Authentication` ๊ฐ์ฒด๋ฅผ `OAuth2LoginAuthenticationToken` ๋กœ ๋‹ค์šด์บ์ŠคํŒ…ํ•œ๋‹ค.

e.  ์œ„์—์„œ`OAuth2LoginAuthenticationFilter` ์˜ `attemptAuthentication` ๋ฉ”์†Œ๋“œ์—์„œ `AuthenticationManager`๋ฅผ ๊ฐ€์ ธ์™€์„œ `authenticate`๋ฉ”์†Œ๋“œ๋ฅผ ํ˜ธ์ถœํ–ˆ๋‹ค. ์ด `attemptAuthentication` ๋Š” `AbstractAuthenticationProcessingFilter` ์˜ `doFilter` ๋ฉ”์†Œ๋“œ์—์„œ ํ˜ธ์ถœํ•œ๋‹ค.

```xml
private void doFilter(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException {

  Authentication authenticationResult = this.attemptAuthentication(request, response);

}
```

f. ์ด `AbstractAuthenticationProcessingFilter` ๋Š” `FilterChainProxy` ์—์„œ ํ˜ธ์ถœ๋œ๋‹ค.

g. ๊ทธ ๋‹ค์Œ์— `FilterChainProxy` ๋Š” ๋‹ค์Œ ํ•„ํ„ฐ์ธ `OAuth2AuthorizationRequestRedirectFilter`๋ฅผ ํ˜ธ์ถœํ•œ๋‹ค.

h. ๊ทธ ๋‹ค์Œ์€ `OncePerRequestFilter` ์ด๋‹ค.

j.  ์ด์ œ ๋ณ„์˜๋ณ„ ํ•„ํ„ฐ๋ฅผ ๋‹ค ๊ฑฐ์นœ๋‹ค.

  • delegatingfilterproxy์—์„œ filterchainproxy๋ฅผ ํ˜ธ์ถœํ•˜๊ณ , filterchainproxy๋Š” 20๊ฐœ ์•ˆํŒŽ์˜ ํ•„ํ„ฐ๋ฅผ ์ƒ์„ฑ์ž ํŒŒ๋ผ๋ฏธํ„ฐ๋กœ ๋ฐ›๊ณ  VirtualFilterChain ์„ ์ƒ์„ฑํ•ด์„œ nextFilter.doFilter(request, response, VirtualFilterChain); ์ฒ˜๋Ÿผ VirtualFilterChain ์ž์ฒด๋ฅผ ํŒŒ๋ผ๋ฏธํ„ฐ๋กœ ๋„˜๊ฒจ์„œ ๋‹ค์Œ์— ์–ด๋–ค ํ•„ํ„ฐ๋ฅผ ํ˜ธ์ถœํ•ด์•ผ ํ•˜๋Š”์ง€ 20๊ฐœ ์•ˆํŒŽ์˜ ํ•„ํ„ฐ๊ฐ€ ์•Œ์•„์„œ ๋‹ค์Œ ํ•„ํ„ฐ๋ฅผ ํ˜ธ์ถœํ•˜๊ฒŒ ํ•œ๋‹ค. ์—ฌ๊ธฐ์—์„œ nextFilter ๋Š” filterchainproxy ๊ฐ€ ๊ฐ€์ง„ 20๊ฐœ ์•ˆํŒŽ์˜ ์ˆœ์„œ๋ฅผ ๊ฐ€์ง„ ํ•„ํ„ฐ๊ฐ€ ๋œ๋‹ค. ์˜ˆ๋ฅผ ๋“ค์–ด, AbstractAuthenticationProcessingFilter ์˜ ํ•„ํ„ฐ ๋™์ž‘์ด ๋๋‚˜๋ฉด ์ „๋‹ฌ ๋ฐ›์€ FilterChain chain ์œผ๋กœ chain.doFilter์„ ํ˜ธ์ถœํ•œ๋‹ค. ์—ฌ๊ธฐ์„œ FilterChain์€ ์ธํ„ฐํŽ˜์ด์Šค์ด๊ณ , ๊ตฌํ˜„์ฒด๋กœ VirtualFilterChain ์„ ์‚ฌ์šฉํ•œ๋‹ค. chain.doFilter ๊ฐ€ ํ˜ธ์ถœ๋˜๋ฉด VirtualFilterChain ์˜ doFilter๊ฐ€ ๋™์ž‘ํ•˜๊ฒŒ ๋œ๋‹ค.

  • ๋ชจ๋“  ํ˜ธ์ถœ์ด ๋๋‚˜๋ฉด filterchainproxy ๋Š” SecurityContextHolder์—์„œ cleatContext()๋กœ ์Šค๋ ˆ๋“œ์˜ ์„ธ์…˜์„ ์ง€์šด๋‹ค.

  • AbstractAuthenticationProcessingFilter๋Š” ์ธ์ฆ์ด ์„ฑ๊ณต์ ์œผ๋กœ ์™„๋ฃŒ๋˜๋ฉด, successfulAuthentication ๋ฉ”์†Œ๋“œ๋ฅผ ํ˜ธ์ถœํ•ด SecurityContextHolder.setContext(context); ๋กœ ์„ธ์…˜์„ ์„ค์ •ํ•œ๋‹ค.

PreviousspringSecurityConceptsNextspringSecurityOAuth2

Last updated