반응형
SpringSecurity 에서 자동로그인 RememberMe 를 사용하면 해당 쿠키를 찾지 못하는 경우 CookieTheftException 예외가 발생합니다.
이 예외를 잡아서 처리하고 싶을 때 아래처럼 필터를 이용하신면 됩니다.
1 2 3 4 5 6 7 8 9 10 11 | @Configuration @EnableWebSecurity public class MultiHttpSecurityConfig extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws Exception { ... http.addFilterAfter(new ExceptionHandlerFilter(), SecurityContextHolderAwareRequestFilter.class); ... } } | cs |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 | import java.io.IOException; import javax.servlet.FilterChain; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.security.web.authentication.rememberme.CookieTheftException; import org.springframework.web.filter.GenericFilterBean; import kr.go.seoul.scc.mobile.web.config.Url.HOME; public class ExceptionHandlerFilter extends GenericFilterBean { private static Logger logger = LoggerFactory.getLogger(ExceptionHandlerFilter.class); /** * Default AJAX request Header */ private String ajaxHaeder = "AJAX"; public void destroy() { } public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { HttpServletRequest req = (HttpServletRequest) request; HttpServletResponse res = (HttpServletResponse) response; if (isAjaxRequest(req)) { try { chain.doFilter(req, res); } catch (CookieTheftException e) { logger.error("쿠키바뀜1", e); res.sendError(HttpServletResponse.SC_FORBIDDEN); } } else try { chain.doFilter(req, res); } catch (CookieTheftException e) { logger.error("쿠키바뀜2", e); res.sendRedirect(HOME.INTRO_EXPIRED); } } private boolean isAjaxRequest(HttpServletRequest req) { return req.getHeader(ajaxHaeder) != null && req.getHeader(ajaxHaeder).equals(Boolean.TRUE.toString()); } /** * Set AJAX Request Header (Default is AJAX) * * @param ajaxHeader */ public void setAjaxHaeder(String ajaxHeader) { this.ajaxHaeder = ajaxHeader; } } | cs |
반응형
'java' 카테고리의 다른 글
| org/springframework/boot/logging/logback/base.xml (0) | 2017.11.06 |
|---|---|
| java - replace All 대소문자 ignore case (0) | 2017.10.26 |
| java - 한글 이름 랜덤 생성 (6) | 2017.10.25 |
| java - 알파벳 증가 시키기 -alphabet (0) | 2017.10.24 |
| java - outbound 포트 방화벽 확인을 위한 port listen 소스 (1) | 2017.09.26 |
| spring boot - @Scheduled Test (2) | 2017.09.19 |
| netty - IoBuffer vs ChannelBuffer (0) | 2017.09.18 |
| jdbc connection reset (0) | 2017.09.09 |