[Spring Security] UsernamePasswordAuthenticationFilter

2025. 5. 7. 05:10ยท๐Ÿ› ๏ธBackend/๐ŸŒณSpring
๋ชฉ์ฐจ
  1. โœ… 1. UsernamePasswordAuthenticationFilter
  2. โœ… 2. UsernamePasswordAuthenticationFilter ํ•ต์‹ฌ ๋ฉ”์„œ๋“œ
  3. โœ… 3. attemptAuthentication ๋ฉ”์„œ๋“œ
  4. โœ… 4. Authentication
  5. โœ… 5. AuthenticationManager
  6. โœ… 6. ProviderManager ( AuthenticationManager ๊ตฌํ˜„์ฒด )
  7. โœ… 7. AuthenticationProvider
  8. โœ… 8. DaoAuthenticationProvider ( AuthenicationProvider ์ตœ์ข… ๊ตฌํ˜„์ฒด )
  9. โœ… ์ •๋ฆฌ

  • UsernamePasswordAuthenticationFilter ๋Š” SecurityFilterChain ์— 3๋ฒˆ์งธ ํ•„ํ„ฐ์— ํ•ด๋‹นํ•˜๋Š” ์ธ์ฆ์„ ์ฒ˜๋ฆฌํ•ด์ฃผ๋Š” ํ•„ํ„ฐ์ด๋‹ค.

โœ… 1. UsernamePasswordAuthenticationFilter

  • ์œ ์ € ์•„์ด๋””์™€ ๋น„๋ฐ€๋ฒˆํ˜ธ๋ฅผ ๋ฐ›์•„ ์ธ์ฆ์„ ํ•ด์ฃผ๋Š” ํ•„ํ„ฐ์ด๋ฉฐ, ๋””ํดํŠธ๋กœ ๊ตฌํ˜„์ด ๋˜์–ด์žˆ๋Š” ํ•„ํ„ฐ์ด๋‹ค.
  • AbstractAuthenticationProcessingFilter ์ถ”์ƒ ํด๋ž˜์Šค๋ฅผ ์ƒ์†๋ฐ›์•„์„œ ๊ตฌํ˜„ํ•œ ํด๋ž˜์Šค์ด๋‹ค.
  • ์‰ฝ๊ฒŒ๋งํ•ด, ํ•ด๋‹น ํ•„ํ„ฐ๋Š” ๊ตฌํ˜„์ด ๋˜์–ด์žˆ์–ด์„œ ๋ฐ”๋กœ ์ด์šฉ์ด ๊ฐ€๋Šฅํ•˜์ง€๋งŒ, ๋ณดํ†ต ์ƒ์†๋ฐ›์•„์„œ ์žฌ์ •์˜๋ฅผ ํ•ด์„œ ์ด์šฉ์„ ํ•œ๋‹ค๋Š” ์˜๋ฏธ์ด๋‹ค.

โœ… 2. UsernamePasswordAuthenticationFilter ํ•ต์‹ฌ ๋ฉ”์„œ๋“œ

  • attemptAuthentication: ์œ ์ €์˜ ์ •๋ณด๋ฅผ ๋ฐ›์•„์„œ ๊ฒ€์ฆ์„ ํ•ด์ฃผ๋Š” ๋ฉ”์„œ๋“œ ( ์•„์ด๋””, ํŒจ์Šค์›Œ๋“œ )
  • successfulAuthentication: attemptAuthentication ๋ฉ”์„œ๋“œ์—์„œ ๊ฒ€์ฆ ์„ฑ๊ณต์‹œ ํ˜ธ์ถœ๋˜๋Š” ๋ฉ”์„œ๋“œ
  • unsuccessfulAuthentication: attemptAuthentication ๋ฉ”์„œ๋“œ์—์„œ ๊ฒ€์ฆ ์‹คํŒจ์‹œ ํ˜ธ์ถœ๋˜๋Š” ๋ฉ”์„œ๋“œ

โœ… 3. attemptAuthentication ๋ฉ”์„œ๋“œ

// AbstractAuthenticationProcessingFilter.class
public abstract Authentication attemptAuthentication(
	HttpServletRequest request, 
	HttpServletResponse response) 
		throws AuthenticationException, IOException, ServletException;
  • AbstractAuthenticationProcessingFilter ์ถ”์ƒ ํด๋ž˜์Šค๋กœ๋ถ€ํ„ฐ, ์ถ”์ƒ ๋ฉ”์„œ๋“œ๋ฅผ ์ƒ์†๋ฐ›์•„ ๋งŒ๋“ค์–ด์ง„ ๋ฉ”์„œ๋“œ์ž„.
  • ์ธ์ฆ ์„ฑ๊ณต์‹œ Authentication ํด๋ž˜์Šค๋ฅผ ๋ฐ˜ํ™˜ํ•˜๋ฉฐ, ์‹คํŒจ์‹œ ์˜ˆ์™ธ๋ฅผ ๋˜์ง„๋‹ค.
  • ์ดํ›„, ์ธ์ฆ ์„ฑ๊ณต์‹œ successfulAuthentication ๋ฉ”์„œ๋“œ๋ฅผ ํ˜ธ์ถœ, ์‹คํŒจ์‹œ unsucessfulAuthentication ๋ฉ”์„œ๋“œ ์˜ˆ์™ธ๋˜์ง€๋ฉฐ ํ˜ธ์ถœ
  • ํ•ด๋‹น ๋ฉ”์„œ๋“œ์˜ ๋ฐ˜ํ™˜ํƒ€์ž…์€ Authentication ํด๋ž˜์Šค์ด๋ฉฐ, ์ด ๋ถ€๋ถ„์ด ์ œ์ผ ์ค‘์š”ํ•œ ๋ถ€๋ถ„์ด๋‹ค.

โœ… 4. Authentication

public interface Authentication extends Principal, Serializable {
    Collection<? extends GrantedAuthority> getAuthorities();

    Object getCredentials();

    Object getDetails();

    Object getPrincipal();

    boolean isAuthenticated();

    void setAuthenticated(boolean isAuthenticated) throws IllegalArgumentException;
}
  • Authentication ํด๋ž˜์Šค๋Š” ์‚ฌ์šฉ์ž์˜ ์ธ์ฆ ์ •๋ณด๋ฅผ ๋‹ด๋Š” ์ธํ„ฐํŽ˜์ด์Šค์ด๋‹ค.
  • ์—ฌ๋Ÿฌ ๊ตฌํ˜„์ฒด๊ฐ€ ์กด์žฌํ•˜๋ฉฐ, ๋Œ€ํ‘œ์ ์ธ ๊ตฌํ˜„์ฒด๋กœ๋Š” UsernamePasswordAuthenticationToken ํด๋ž˜์Šค๊ฐ€ ์žˆ๋‹ค.
  • ํ•ด๋‹น ๊ตฌํ˜„์ฒด ํด๋ž˜์Šค๋ฅผ ์กฐ๊ฑด์œผ๋กœ ์–ด๋–ค AuthenticationProvider๊ฐ€ ๋™์ž‘๋ ์ง€๊ฐ€ ๊ฒฐ์ •์ด ๋œ๋‹ค.

โœ… 5. AuthenticationManager

public interface AuthenticationManager {
    Authentication authenticate(Authentication authentication) throws AuthenticationException;
}
  • Authentication ์˜ ๊ตฌํ˜„์ฒด๋ฅผ ๋ฐ›์•„์„œ ์ธ์ฆ์„ ์ฒ˜๋ฆฌํ•ด์ฃผ๋Š” ์ „๋žต ์ธํ„ฐํŽ˜์ด์Šค์ด๋‹ค.
  • Authentication ์ธ์ฆ ์ •๋ณด๋ฅผ ๋ฐ›์•„์„œ ์„ฑ๊ณต์‹œ ๊ฐ์ฒด ๋ฐ˜ํ™˜ ์‹คํŒจ์‹œ ์˜ˆ์™ธ๋ฅผ ๋˜์ง€๋Š” ๋ฐฉ์‹์ด๋‹ค.
  • ๊ตฌํ˜„์ฒด๋กœ๋Š” ProviderManager ๊ฐ€ ์žˆ๋‹ค.

โœ… 6. ProviderManager ( AuthenticationManager ๊ตฌํ˜„์ฒด )

public class ProviderManager implements AuthenticationManager, ... {
    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
		...	
    }
}
  • AuthenticationManager ์ธํ„ฐํŽ˜์ด์Šค ๊ตฌํ˜„์ฒด์ด๋ฉฐ, AuthenticationProvider ๊ด€๋ฆฌ๋ฅผ ํ•˜๋Š” ์—ญํ• ์„ ํ•œ๋‹ค.
  • ์ธ์ฆ ์š”์ฒญ์„ ์ ์ ˆํ•œ AuthenticationProvider ์— ์œ„์ž„์„ ํ•ด์ค€๋‹ค.
  • ๋ฆฌ์ŠคํŠธ๋กœ ์—ฌ๋Ÿฌ Provider๋ฅผ ๊ฐ€์ง€๊ณ  ์žˆ์œผ๋ฉฐ, Authentication ๊ตฌํ˜„์ฒด์— ๋”ฐ๋ผ์„œ ๋งž๋Š” Provider๋ฅผ ๋งค์นญ์‹œ์ผœ์ค€๋‹ค.
  • ์ฆ‰, ์—ฌ๊ธฐ์„œ AuthenticationProvider ๋ฅผ ํ˜ธ์ถœํ•ด์„œ, ์ธ์ฆ์„ ํ•˜๋Š” ๊ฒƒ์ด๋‹ค.

โœ… 7. AuthenticationProvider

public interface AuthenticationProvider {
    Authentication authenticate(Authentication authentication) throws AuthenticationException;
    boolean supports(Class<?> authentication);
}
// ์ถ”์ƒํด๋ž˜์Šค -> AuthenticationProvider ๊ตฌํ˜„
public abstract class AbstractUserDetailsAuthenticationProvider implements AuthenticationProvider, ... {
	...
}
// AbstractUserDetailsAuthenticationProvider ์ถ”์ƒ ํด๋ž˜์Šค ์ง์ ‘ ๊ตฌํ˜„
public class DaoAuthenticationProvider extends AbstractUserDetailsAuthenticationProvider {
	...
}
  • ์ธ์ฆ์„ ์ฒ˜๋ฆฌํ•˜๋Š” ์ธํ„ฐํŽ˜์ด์Šค์ด๋ฉฐ, ์—ฌ๋Ÿฌ Provider๊ฐ€ ๊ตฌํ˜„ํ•˜๊ณ  ์žˆ๋‹ค.
  • ๋Œ€ํ‘œ์ ์ธ ๊ตฌํ˜„์ฒด๋กœ๋Š” DaoAuthenticationProvider ํด๋ž˜์Šค๊ฐ€ ์žˆ์Œ.
  • ๊ณ„์ธต ๊ตฌ์กฐ๋กœ๋Š” AbstractUserDetailsAuthenticationProvider ์ถ”์ƒํด๋ž˜์Šค๊ฐ€ ์žˆ์œผ๋ฉฐ,
  • AbstractUserDetailsAuthenticationProvider ์ถ”์ƒํด๋ž˜์Šค๋ฅผ DaoAuthenticationProvider๊ฐ€ ๊ตฌํ˜„ํ•˜๊ณ  ์žˆ์Œ

โœ… 8. DaoAuthenticationProvider ( AuthenicationProvider ์ตœ์ข… ๊ตฌํ˜„์ฒด )

  • AbstractUserDetailsAuthenticationProvider ์ถ”์ƒํด๋ž˜์Šค๊ฐ€ AuthenticationProvider๋ฅผ ๊ตฌํ˜„ํ•˜๊ณ  ์žˆ์Œ.
  • DaoAuthenticationProvider ๋Š” AbstractUserDetailsAuthenticationProvider ์ถ”์ƒํด๋ž˜์Šค๋ฅผ ์ƒ์† ๋ฐ›์•„์„œ ๊ตฌํ˜„์ค‘
  • ๋ฐ์ดํ„ฐ๋ฒ ์ด์Šค ๊ธฐ๋ฐ˜ ์‚ฌ์šฉ์ž ์ธ์ฆ์„ ์ฒ˜๋ฆฌํ•˜๋Š” ๊ตฌํ˜„์ฒด์ด๋‹ค.
  • UserDetailsService๋ฅผ ์‚ฌ์šฉํ•˜์—ฌ ๋ฐ์ดํ„ฐ๋ฒ ์ด์Šค์— ์ €์žฅ๋œ ์‚ฌ์šฉ์ž ์ •๋ณด๋ฅผ ์กฐํšŒํ•œ๋‹ค.
  • ๋‚ด๋ถ€์ ์œผ๋กœ PasswordEncoder๋ฅผ ์‚ฌ์šฉํ•˜์—ฌ ์ž…๋ ฅ ๋น„๋ฐ€๋ฒˆํ˜ธ์™€ DB ๋น„๋ฐ€๋ฒˆํ˜ธ๋ฅผ ๋น„๊ตํ•˜์—ฌ ์ธ์ฆ์„ ์ˆ˜ํ–‰ํ•จ.
  • ์ฆ‰, PasswordEncoder๋กœ DB์— ๋น„๋ฐ€๋ฒˆํ˜ธ ์•”ํ˜ธํ™”๋ฅผ ํ•ด์„œ ๋„ฃ์–ด์ค˜์•ผ์ง€๋งŒ ๋™์ž‘์ด ๋จ.

โœ… ์ •๋ฆฌ

  • Spring Security ๋Š” ์ด๋ฏธ ํ•„ํ„ฐํ˜•ํƒœ๋กœ ๊ตฌํ˜„์ด ๋˜์–ด์žˆ์œผ๋ฉฐ, UsernamePasswordAuthenticationFilter๋„ ๊ตฌํ˜„๋˜์–ด์žˆ์Œ
  • ํ•ต์‹ฌ์€ UsernamePasswordAuthenticationFilter ์˜ attemptAuthentication  ๋ฉ”์„œ๋“œ๊ฐ€ ์ธ์ฆ์„ ๋ฐ›์•„์„œ ์ฒ˜๋ฆฌ๋ฅผ ํ•œ๋‹ค๋Š” ๋ถ€๋ถ„
  • ํ•ด๋‹น UsernamePasswordAuthenticationFilter ๋ฅผ ์ƒ์†๋ฐ›์•„์„œ ์ด์šฉํ•˜๋ฉด attemptAuthenication ์„ ์žฌ์ •์˜ ํ•ด์ค˜์•ผํ•จ.
  • attemptAuthentication ๋ฉ”์„œ๋“œ์˜ ๋ฐ˜ํ™˜ ํƒ€์ž…์€ Authentication ํƒ€์ž…์ด๋ฉฐ, ํ•ด๋‹น ํด๋ž˜์Šค๋กœ ๋ฐ˜ํ™˜์„ ํ•ด์ค˜์•ผํ•จ.
  • Authentication ๊ตฌํ˜„์ฒด ์ค‘ ์‚ฌ์šฉํ•  ๊ตฌํ˜„์ฒด๋ฅผ ๋„ฃ์–ด์ฃผ๊ฒŒ ๋˜๋ฉด, ๋‚ด๋ถ€์—์„œ ํ•ด๋‹น ๊ตฌํ˜„์ฒด์— ๋งž๋Š” ์ธ์ฆ ๋กœ์ง์ด ์ˆ˜ํ–‰์ด ๋จ.
  • ๊ฒฐ๋ก ์€ UsernamePasswordAuthenticationToken ๋ฅผ ์ด์šฉํ•˜๋ฉด DaoAuthenticationProvider ๊ฐ€ ์‹คํ–‰์ด ๋จ.

 

'๐Ÿ› ๏ธBackend > ๐ŸŒณSpring' ์นดํ…Œ๊ณ ๋ฆฌ์˜ ๋‹ค๋ฅธ ๊ธ€

[Spring Framework] @RestController & @Controller ์ฐจ์ด  (0) 2025.05.12
[Spring Framework] DispatcherServle  (0) 2025.05.12
[Spring Data JPA] JPA Entity ํด๋ž˜์Šค์— ๊ธฐ๋ณธ ์ƒ์„ฑ์ž๊ฐ€ ํ•„์š”ํ•œ ์ด์œ   (0) 2024.12.30
[Spring Framework] IoC ์ปจํ…Œ์ด๋„ˆ ๋™์ž‘ ์›๋ฆฌ  (0) 2024.11.14
[Spring MVC] ์š”์ฒญ๊ณผ ์‘๋‹ต์— ๋Œ€ํ•œ ๋™์ž‘ ์›๋ฆฌ  (1) 2024.11.05
  1. โœ… 1. UsernamePasswordAuthenticationFilter
  2. โœ… 2. UsernamePasswordAuthenticationFilter ํ•ต์‹ฌ ๋ฉ”์„œ๋“œ
  3. โœ… 3. attemptAuthentication ๋ฉ”์„œ๋“œ
  4. โœ… 4. Authentication
  5. โœ… 5. AuthenticationManager
  6. โœ… 6. ProviderManager ( AuthenticationManager ๊ตฌํ˜„์ฒด )
  7. โœ… 7. AuthenticationProvider
  8. โœ… 8. DaoAuthenticationProvider ( AuthenicationProvider ์ตœ์ข… ๊ตฌํ˜„์ฒด )
  9. โœ… ์ •๋ฆฌ
'๐Ÿ› ๏ธBackend/๐ŸŒณSpring' ์นดํ…Œ๊ณ ๋ฆฌ์˜ ๋‹ค๋ฅธ ๊ธ€
  • [Spring Framework] @RestController & @Controller ์ฐจ์ด
  • [Spring Framework] DispatcherServle
  • [Spring Data JPA] JPA Entity ํด๋ž˜์Šค์— ๊ธฐ๋ณธ ์ƒ์„ฑ์ž๊ฐ€ ํ•„์š”ํ•œ ์ด์œ 
  • [Spring Framework] IoC ์ปจํ…Œ์ด๋„ˆ ๋™์ž‘ ์›๋ฆฌ
junbin2
junbin2
java.lang.NullPointerException
  • junbin2
    bin's Development Diary
    junbin2
  • ์ „์ฒด
    ์˜ค๋Š˜
    ์–ด์ œ
    • ์ „์ฒด๋ณด๊ธฐ (157)
      • ๐ŸŽ“๋ฐฉ์†กํ†ต์‹ ๋Œ€ํ•™๊ต (26)
        • ๐Ÿ–ฅ๏ธ์ปดํ“จํ„ฐ๊ณผํ•™๊ณผ (1)
        • ๐ŸŒ์œ ๋น„์ฟผํ„ฐ์Šค ์ปดํ“จํŒ… (11)
        • โš™๏ธ์ปดํ“จํ„ฐ์˜ ์ดํ•ด (11)
        • ๐Ÿ›๏ธ์„ธ๊ณ„์˜์ •์น˜์™€๊ฒฝ์ œ (3)
      • ๐Ÿ› ๏ธBackend (54)
        • ๐Ÿ“š๋ฐฑ์—”๋“œ ๊ณต๋ถ€ (4)
        • โ˜•Java (22)
        • ๐ŸŒณSpring (12)
        • โšกPython (13)
        • JavaScript (1)
        • ๐Ÿ›ข๏ธDatabase (0)
        • Algorithm Problem Solving (2)
      • ๐ŸŒ Network (7)
        • ๐Ÿ“œHTTP (7)
      • ๐Ÿš€DevOps (1)
      • Data Structure (1)
      • โ›บ์ŠคํŒŒ๋ฅดํƒ€์ฝ”๋”ฉํด๋Ÿฝ (65)
      • ์ •๋ณด (1)
      • ์ •๋ฆฌ๊ฐ€ ํ•„์š”ํ•œ ๊ธ€ (2)
  • ๋ธ”๋กœ๊ทธ ๋ฉ”๋‰ด

    • ํ™ˆ
    • ํƒœ๊ทธ
    • ๋ฐฉ๋ช…๋ก
  • ๋งํฌ

    • GitHub
  • ๊ณต์ง€์‚ฌํ•ญ

  • ์ธ๊ธฐ ๊ธ€

  • ํƒœ๊ทธ

    Spring Framework
    ์œ ๋น„์ฟผํ„ฐ์Šค
    Java
    ์„ธ๊ณ„ํ™”
    ์œ ๋น„์ฟผํ„ฐ์Šค ์ปดํ“จํŒ…
    ์œ ๋น„์ฟผํ„ฐ์Šค ์ปดํ“จํŒ…๊ฐœ๋ก 
    spring
    ์Šคํ”„๋ง
    ํด๋ž˜์Šค
    ์ž…์ถœ๋ ฅ
    ํŒŒ์ด์ฌ
    ๋ฐฉํ†ต๋Œ€
    ๋ฐฉ์†ก๋Œ€
    Python
    ์ž๋ฐ”
    ์ปดํŒŒ์ผ๋Ÿฌ
    ์ปดํ“จํ„ฐ์˜ ์ดํ•ด
    ๋‹คํ˜•์„ฑ
    ๋ฐฉ์†กํ†ต์‹ ๋Œ€ํ•™๊ต
    ํด๋ผ์šฐ๋“œ
  • ์ตœ๊ทผ ๋Œ“๊ธ€

  • ์ตœ๊ทผ ๊ธ€

  • hELLOยท Designed By์ •์ƒ์šฐ.v4.10.1
junbin2
[Spring Security] UsernamePasswordAuthenticationFilter

๊ฐœ์ธ์ •๋ณด

  • ํ‹ฐ์Šคํ† ๋ฆฌ ํ™ˆ
  • ํฌ๋Ÿผ
  • ๋กœ๊ทธ์ธ
์ƒ๋‹จ์œผ๋กœ

ํ‹ฐ์Šคํ† ๋ฆฌํˆด๋ฐ”

๋‹จ์ถ•ํ‚ค

๋‚ด ๋ธ”๋กœ๊ทธ

๋‚ด ๋ธ”๋กœ๊ทธ - ๊ด€๋ฆฌ์ž ํ™ˆ ์ „ํ™˜
Q
Q
์ƒˆ ๊ธ€ ์“ฐ๊ธฐ
W
W

๋ธ”๋กœ๊ทธ ๊ฒŒ์‹œ๊ธ€

๊ธ€ ์ˆ˜์ • (๊ถŒํ•œ ์žˆ๋Š” ๊ฒฝ์šฐ)
E
E
๋Œ“๊ธ€ ์˜์—ญ์œผ๋กœ ์ด๋™
C
C

๋ชจ๋“  ์˜์—ญ

์ด ํŽ˜์ด์ง€์˜ URL ๋ณต์‚ฌ
S
S
๋งจ ์œ„๋กœ ์ด๋™
T
T
ํ‹ฐ์Šคํ† ๋ฆฌ ํ™ˆ ์ด๋™
H
H
๋‹จ์ถ•ํ‚ค ์•ˆ๋‚ด
Shift + /
โ‡ง + /

* ๋‹จ์ถ•ํ‚ค๋Š” ํ•œ๊ธ€/์˜๋ฌธ ๋Œ€์†Œ๋ฌธ์ž๋กœ ์ด์šฉ ๊ฐ€๋Šฅํ•˜๋ฉฐ, ํ‹ฐ์Šคํ† ๋ฆฌ ๊ธฐ๋ณธ ๋„๋ฉ”์ธ์—์„œ๋งŒ ๋™์ž‘ํ•ฉ๋‹ˆ๋‹ค.