<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-jpa</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-redis</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.session</groupId>
<artifactId>spring-session</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<scope>runtime</scope>
</dependency>
$ mysql -uroot -p
mysql> CREATE DATABASE sampledb;
mysql> create table users(
username varchar(128) not null primary key,
password varchar(128) not null,
authority varchar(32) not null,
enabled boolean not null
);
mysql> INSERT INTO users (username, password, authority, enabled)
VALUES ("ishii", "password", "ROLE_ADMIN", true);
spring.datasource.url=jdbc:mysql://localhost/sampledb
spring.datasource.username=root
spring.datasource.password=password
spring.datasource.driver-class-name=com.mysql.jdbc.Driver
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
DataSource dataSource;
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/").permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.defaultSuccessUrl("/home").failureUrl("/login")
.usernameParameter("username").passwordParameter("password")
.and()
.logout().logoutRequestMatcher(new AntPathRequestMatcher("/logout"))//.logoutUrl("/logout")は動作しない
.logoutSuccessUrl("/");
}
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth
.jdbcAuthentication()
.dataSource(dataSource)
.authoritiesByUsernameQuery("SELECT username, authority FROM users WHERE username = ?")
.usersByUsernameQuery("SELECT username, password, enabled from users WHERE username = ?")
;
}
}
<h3>Login with Username and Password</h3>
<form name="f" action="/login" method="POST">
<table>
<tbody><tr><td>User:</td><td><input name="username" value="" type="text"></td></tr>
<tr><td>Password:</td><td><input name="password" type="password"></td></tr>
<tr><td colspan="2"><input name="submit" value="Login" type="submit"></td></tr>
<input name="_csrf" value="0591fc72-5106-43ce-a165-3d724023549f" type="hidden">
</tbody>
</table>
</form>
@Controller
public class HomeController {
@RequestMapping("/")
@ResponseBody
String root(Principal principal){
return "ROOT PAGE";
}
@RequestMapping("/home")
@ResponseBody
String home(Principal principal){
return "Login User Name:" + principal.getName();
}
@RequestMapping("/hogehoge")
@ResponseBody
String hogehoge(Principal principal){
return "Hogehoge:" + principal.getName();
}
}
ブラウザからSessionIDを確認
Cookie:"SESSION=e36d64ed-cc04-47f8-939f-a45d3bd50333"
redis-cli
127.0.0.1:6379> flushall
OK
127.0.0.1:6379> keys *
(empty list or set)
127.0.0.1:6379> keys *
1) "spring:session:sessions:expires:e36d64ed-cc04-47f8-939f-a45d3bd50333"
2) "spring:session:index:org.springframework.session.FindByIndexNameSessionRepository.PRINCIPAL_NAME_INDEX_NAME:ishii"
3) "spring:session:sessions:da641b42-a7be-4da0-bdde-8de964f7d218"
4) "spring:session:expirations:1471638540000"
5) "spring:session:sessions:e36d64ed-cc04-47f8-939f-a45d3bd50333"
6) "spring:session:expirations:1471636740000"
それっぽいキーの中身を確認。
127.0.0.1:6379> type "spring:session:index:org.springframework.session.FindByIndexNameSessionRepository.PRINCIPAL_NAME_INDEX_NAME:ishii"
set
127.0.0.1:6379> smembers "spring:session:index:org.springframework.session.FindByIndexNameSessionRepository.PRINCIPAL_NAME_INDEX_NAME:ishii"
1) "\xac\xed\x00\x05t\x00$e36d64ed-cc04-47f8-939f-a45d3bd50333"
127.0.0.1:6379> type "spring:session:sessions:e36d64ed-cc04-47f8-939f-a45d3bd50333"
hash
127.0.0.1:6379> hgetall "spring:session:sessions:e36d64ed-cc04-47f8-939f-a45d3bd50333"
1) "lastAccessedTime"
2) "\xac\xed\x00\x05sr\x00\x0ejava.lang.Long;\x8b\xe4\x90\xcc\x8f#\xdf\x02\x00\x01J\x00\x05valuexr\x00\x10java.lang.Number\x86\xac\x95\x1d\x0b\x94\xe0\x8b\x02\x00\x00xp\x00\x00\x01V\xa4f`\xc7"
3) "sessionAttr:org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository.CSRF_TOKEN"
4) "\xac\xed\x00\x05sr\x006org.springframework.security.web.csrf.DefaultCsrfTokenZ\xef\xb7\xc8/\xa2\xfb\xd5\x02\x00\x03L\x00\nheaderNamet\x00\x12Ljava/lang/String;L\x00\rparameterNameq\x00~\x00\x01L\x00\x05tokenq\x00~\x00\x01xpt\x00\x0cX-CSRF-TOKENt\x00\x05_csrft\x00$616f9356-72b7-4305-a9ad-971c87bf22d2"
5) "creationTime"
6) "\xac\xed\x00\x05sr\x00\x0ejava.lang.Long;\x8b\xe4\x90\xcc\x8f#\xdf\x02\x00\x01J\x00\x05valuexr\x00\x10java.lang.Number\x86\xac\x95\x1d\x0b\x94\xe0\x8b\x02\x00\x00xp\x00\x00\x01V\xa4bh\xec"
7) "sessionAttr:SPRING_SECURITY_CONTEXT"
8) "\xac\xed\x00\x05sr\x00=org.springframework.security.core.context.SecurityContextImpl\x00\x00\x00\x00\x00\x00\x01\x9a\x02\x00\x01L\x00\x0eauthenticationt\x002Lorg/springframework/security/core/Authentication;xpsr\x00Oorg.springframework.security.authentication.UsernamePasswordAuthenticationToken\x00\x00\x00\x00\x00\x00\x01\x9a\x02\x00\x02L\x00\x0bcredentialst\x00\x12Ljava/lang/Object;L\x00\tprincipalq\x00~\x00\x04xr\x00Gorg.springframework.security.authentication.AbstractAuthenticationToken\xd3\xaa(~nGd\x0e\x02\x00\x03Z\x00\rauthenticatedL\x00\x0bauthoritiest\x00\x16Ljava/util/Collection;L\x00\adetailsq\x00~\x00\x04xp\x01sr\x00&java.util.Collections$UnmodifiableList\xfc\x0f%1\xb5\xec\x8e\x10\x02\x00\x01L\x00\x04listt\x00\x10Ljava/util/List;xr\x00,java.util.Collections$UnmodifiableCollection\x19B\x00\x80\xcb^\xf7\x1e\x02\x00\x01L\x00\x01cq\x00~\x00\x06xpsr\x00\x13java.util.ArrayListx\x81\xd2\x1d\x99\xc7a\x9d\x03\x00\x01I\x00\x04sizexp\x00\x00\x00\x01w\x04\x00\x00\x00\x01sr\x00Borg.springframework.security.core.authority.SimpleGrantedAuthority\x00\x00\x00\x00\x00\x00\x01\x9a\x02\x00\x01L\x00\x04rolet\x00\x12Ljava/lang/String;xpt\x00\nROLE_ADMINxq\x00~\x00\rsr\x00Horg.springframework.security.web.authentication.WebAuthenticationDetails\x00\x00\x00\x00\x00\x00\x01\x9a\x02\x00\x02L\x00\rremoteAddressq\x00~\x00\x0fL\x00\tsessionIdq\x00~\x00\x0fxpt\x00\x0f0:0:0:0:0:0:0:1t\x00$da641b42-a7be-4da0-bdde-8de964f7d218psr\x002org.springframework.security.core.userdetails.User\x00\x00\x00\x00\x00\x00\x01\x9a\x02\x00\aZ\x00\x11accountNonExpiredZ\x00\x10accountNonLockedZ\x00\x15credentialsNonExpiredZ\x00\aenabledL\x00\x0bauthoritiest\x00\x0fLjava/util/Set;L\x00\bpasswordq\x00~\x00\x0fL\x00\busernameq\x00~\x00\x0fxp\x01\x01\x01\x01sr\x00%java.util.Collections$UnmodifiableSet\x80\x1d\x92\xd1\x8f\x9b\x80U\x02\x00\x00xq\x00~\x00\nsr\x00\x11java.util.TreeSet\xdd\x98P\x93\x95\xed\x87[\x03\x00\x00xpsr\x00Forg.springframework.security.core.userdetails.User$AuthorityComparator\x00\x00\x00\x00\x00\x00\x01\x9a\x02\x00\x00xpw\x04\x00\x00\x00\x01q\x00~\x00\x10xpt\x00\x05ishii"
9) "maxInactiveInterval"
10) "\xac\xed\x00\x05sr\x00\x11java.lang.Integer\x12\xe2\xa0\xa4\xf7\x81\x878\x02\x00\x01I\x00\x05valuexr\x00\x10java.lang.Number\x86\xac\x95\x1d\x0b\x94\xe0\x8b\x02\x00\x00xp\x00\x00\a\b"
11) "sessionAttr:SPRING_SECURITY_LAST_EXCEPTION"
12) ""
127.0.0.1:6379>