? ????? Spring ??? ???? OAuth 2.0? ???? ?? ???? ??? ????.
Spring Security? Java ?? ???????? ??? ?? ? ??? ?? ????? ???? ?? ???? ??? ??? ?? ??? ????????. ?? ? ??????, REST API ? ?? ??? ???? ???? ? ?? ???? Spring ???? ?? ?? ?????. Spring Security? ?????? ???????? ?? ??? ???? ???? ?? ??? ??? ?? ? ????.
??? ??? ?? ??
Spring Security? ?? ??? ??? ???? ?? Java ?? ? ??? ?? ?? ?? ??? ???? ?? ?????. Spring Security? ? ??????? ???? ???? ???? ??? ?????.
Spring Security? ????? ?? ?? ??????
Spring Security? ?????? Spring ?? ???????? HTTP ??? ???? ???????? ?? ??? ???? ? ??? ??? ??, ?? ? ???? ? ??? ??? ???.
1. ????? ??
?????(?: ????, ??? ? ?? Postman? ?? API ??)? ??? HTTP ??? ?? ? ?? ??? ?????.
?:
GET /api/admin/dashboard HTTP/1.1
2. ??? ????
??? ????(?: Tomcat)? ??? ???? ?? Spring ??????? ?? ????? DispatcherServlet? ?????. ??? ??????? ?? ?????? ???? ????.
3. ??? ?? ?? ??
DispatcherServlet? ??? ???? ?? Spring Security? ?? ??? ??? ?????. ?? ??? ??? ???, ? ??? ?? ?? ??? ?????. ??? ??? ??? ?????? ??? ???? ?? ?? ? ?? ?? ?? ??? ????? ?????.
??? ?? ??:
?? ??:
? ??? ??? ??? ??/????, JWT ?? ?? ??? ?? ??? ?? ??? ???? ??? ?????.?? ??:
?? ? ??? ??? ??? ???? ??? ???? ????? ? ??? ?? ?? ??? ??? ??? ?????.?? ??:
* **CsrfFilter**: Validates CSRF tokens to prevent Cross-Site Request Forgery attacks. * **CorsFilter**: Manages Cross-Origin Resource Sharing (CORS) rules for secure API access from different domains. * **ExceptionTranslationFilter**: Handles security-related exceptions (e.g., invalid credentials) and sends appropriate responses to the client.
4. ?? ????
??? ???? Spring Security? ?? ??? ???? SecurityContext? ?????. ??? ?? ???? ???? ??? ?? ? ??? ?? ?? ?? ??? ?? ???? ? ????.
?? ??:
??: ??? ???(?: ??? ??)? ?????.
?? ??: JWT ?? ?? ????? ?? ?? ????? ?????.
??: ????? ??? ??? ??? ?????.
?? ??? ?? ??:
??? ?? ??? ?????.
?? ??? ???? ?? ??? ???? SecurityContext? ?????.
?? ??? ???? ?? ?? ExceptionTranslationFilter? ?????? 401 Unauthorized ??? ????.
5. DispatcherServlet
??? Spring ?? ?? ??? ????? ???? DispatcherServlet? ?? ??? ?????.
??? ??:
URL ? HTTP ???? ???? ???? ??? ??? ???? ???? ?????.???? ??:
??? ????? ??? ???? ??? ? ???? ?? ?? Spring ?? ??? ??? ?? ??? ??? ?????.
Spring Security? ??????? ??? ?????
Spring Security? ??? ?? ? ??????? ???? ?? ?? ???? ??? ?????. ??? ?????? ??? ???? ?? ?? ? ??? ???? ?? ???????? ???? ???? ????? ?????.
Spring Security? ??? ??, ?? ?? ? ?? ?? ??? ????? ????? ???? ???? ??? ?? ??? ??? ????? ??? ? ?? ???? ?????. ?? ?? ??? ??? ?? ??? ?? ??????? ??? ?? ?? ?? ??? ??????.
??? ?? ????: ?? ?? ??
Spring Security? ?? ??? ??? ? ?? ? ?? ?????? ???? ??? ?? ?? ?? ?? ??? ???????.
?? ???
AuthenticationManager? ???? ?? ??? ???? ???? ???? ? ???? ?? ???? authenticate(?? ??)? ???? ????????. AuthenticationManager? ?? ???? ??? ? ?? ?????? ??? ? ???, ?? ??? ?? ??? ????? ?? ??? ?????.
?? ???
AuthenticationProvider? ?? ??? ???? ???? ???? ?? ??? ???? ????????. ??? ??/????, OAuth ?? LDAP? ?? ?? ?? ????? ?????. ?? AuthenticationProvider ??? ??? ? ???? ??????? ??? ?? ??? ??? ? ????.
?? ??:
?? ??:
AuthenticationProvider? ???? ?? ??(?: ??? ?? ? ????)? ????? ?? ??? ?????.?? ??:
? AuthenticationProvider? ?? ?? ??? ?? authenticate(?? ??) ???? ?????. ? ???:
* **CsrfFilter**: Validates CSRF tokens to prevent Cross-Site Request Forgery attacks. * **CorsFilter**: Manages Cross-Origin Resource Sharing (CORS) rules for secure API access from different domains. * **ExceptionTranslationFilter**: Handles security-related exceptions (e.g., invalid credentials) and sends appropriate responses to the client.
- ?? ??: ??(??? ??) ???? AuthenticationProvider? ??? ??? ??? ??? ? ??? ??? ?????. ?? ?? Spring Security? ?? ?? ??? ??? ??? ???? ??? ? ????.
?:
?????? ?? AuthenticationProvider? ??? ??? ????? ???? ?????.
OAuth ?? ?? ???? ?? ID ???? ??? ??? ???? ?????.
??? ???????
UserDetailsService? Spring ???? ???? ???? ???? ?? ?????? ?????. ???? ??? ??? ????? ????? ==User== ID ??? ???? ?? ??? loadUserByUsername? ???? ????. ????? ??? loadUserByUsername ???? ????? UserDetailsService ???? ???? ?????.
* Validates the user’s credentials. * Returns an authenticated `Authentication` object upon success. * Throws an `AuthenticationException` if authentication fails.
?? ? ??? ?? ???? ??? AuthenticationManager? ??? ??? ??? ?? ??? ????? AuthenticationProvider? ???? UserDetailsService ??? AuthenticationProvider? ??? ?? ??? ???? ? ??? ??? ????.
?? ?? ? ?? ???? ???? ?? JWT ?? ??? ?? Spring Security? ??? ??? ?????.
1. ??? ??
???? ?? ??(??? ?? ? ????) ?? JWT ??(??? ??)? ???? ??? ?????? ??? ??? ?? ??? ?? ??? ?????.
-
?? ??(?: UsernamePasswordAuthenticationFilter):
- ??? ?? ??(????? ??? ??? ???? ??)? ???? ??? ??? ?????. ??? UsernamePasswordAuthenticationFilter? ?????.
- ??? ???? ??? ??? ????? ???? AuthenticationManager? ?????.
- ??? ??? ??? ??? ????? ???? ?? ??? ????? ? AuthenticationFilter ?? ???? ?????? ??? ??? ????? ??? ??? ??? ?? ????? ??? ??? ??? ???. JWTFilter ? ???? ?????.
2. JWT ??
? ??? ?? ??? OncePerRequestFilter? ???? UsernamePasswordAuthenticationFilter ?? ????, ???? ??? ???? ???? ???? ??? ???.
??? ???? UsernamePasswordAuthenticationToken? ???? ?? ??? ?? ????? ???? ??? ?????? Spring ??? ??? ? ??? UsernamePasswordAuthenticationFilter? ???? UsernamePasswordAuthenticationToken? ???? ?????.
* **CsrfFilter**: Validates CSRF tokens to prevent Cross-Site Request Forgery attacks. * **CorsFilter**: Manages Cross-Origin Resource Sharing (CORS) rules for secure API access from different domains. * **ExceptionTranslationFilter**: Handles security-related exceptions (e.g., invalid credentials) and sends appropriate responses to the client.
? UsernamePasswordAuthenticationToken? UserDetails ???? ???? ??? ??? ????? ??? ? ?? ?? ??? ??? ????? ??? ?? AuthenticationManager ? AuthenticationProvider? ???? ?????.
3. ?????
- AuthenticationManager: ?? ?? ??? ???? ?? ??? ??? ??? AuthenticationProvider? ?????.
* Validates the user’s credentials. * Returns an authenticated `Authentication` object upon success. * Throws an `AuthenticationException` if authentication fails.
4. ?? ???
UserDetailsService: AuthenticationProvider? UserDetailsService? ???? ??? ??? ???? ??? ?? ??? ?????. ??? ?? UserDetailsService ???? ?????
?? ??: ??? ????? ??? ?? ??? ??? ????? ?????(????? PasswordEncoder ??).
package com.oauth.backend.services; import com.oauth.backend.entities.User; import com.oauth.backend.repositories.UserRepository; import lombok.RequiredArgsConstructor; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.core.userdetails.UsernameNotFoundException; import org.springframework.stereotype.Component; @Component public class CustomUserDetailsService implements UserDetailsService { private final UserRepository userRepository; public CustomUserDetailsService(UserRepository userRepository) { this.userRepository = userRepository; } @Override public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException { User user = userRepository.findByUsername(username); if(user==null){ throw new UsernameNotFoundException(username); } return new UserDetailsImpl(user); } public UserDetails loadUserByEmail(String email) throws UsernameNotFoundException { User user = userRepository.findByEmail(email); if(user==null){ throw new UsernameNotFoundException(email); } return new UserDetailsImpl(user); } }
?? Spring ??? ??? ?? ?? ? ? ??? ??? ?? ??? ??? Bean? ???? ??? ?? ??? ???? ?? ???? ?????.
@Component public class JWTFilter extends OncePerRequestFilter { private final JWTService jwtService; private final UserDetailsService userDetailsService; public JWTFilter(JWTService jwtService,UserDetailsService userDetailsService) { this.jwtService = jwtService; this.userDetailsService = userDetailsService; } @Override protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException { final String authHeader = request.getHeader("Authorization"); if(authHeader == null || !authHeader.startsWith("Bearer")) { filterChain.doFilter(request,response); return; } final String jwt = authHeader.substring(7); final String userName = jwtService.extractUserName(jwt); Authentication authentication = SecurityContextHolder.getContext().getAuthentication(); if(userName !=null && authentication == null) { //Authenticate UserDetails userDetails = userDetailsService.loadUserByUsername(userName); if(jwtService.isTokenValid(jwt,userDetails)) { UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken( userDetails, null, userDetails.getAuthorities() ); SecurityContextHolder.getContext() .setAuthentication(authenticationToken); } } filterChain.doFilter(request,response); } }
???? Spring Security? ???? ??? ???? ??????. ?? ???? ?????.
AuthController(??? ? ?? ??)? ProductController(?? ?? ????) ? ?? ????? ?? ??? ?? ??? ?????.
* **CsrfFilter**: Validates CSRF tokens to prevent Cross-Site Request Forgery attacks. * **CorsFilter**: Manages Cross-Origin Resource Sharing (CORS) rules for secure API access from different domains. * **ExceptionTranslationFilter**: Handles security-related exceptions (e.g., invalid credentials) and sends appropriate responses to the client.
* Validates the user’s credentials. * Returns an authenticated `Authentication` object upon success. * Throws an `AuthenticationException` if authentication fails.
package com.oauth.backend.services; import com.oauth.backend.entities.User; import com.oauth.backend.repositories.UserRepository; import lombok.RequiredArgsConstructor; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.core.userdetails.UsernameNotFoundException; import org.springframework.stereotype.Component; @Component public class CustomUserDetailsService implements UserDetailsService { private final UserRepository userRepository; public CustomUserDetailsService(UserRepository userRepository) { this.userRepository = userRepository; } @Override public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException { User user = userRepository.findByUsername(username); if(user==null){ throw new UsernameNotFoundException(username); } return new UserDetailsImpl(user); } public UserDetails loadUserByEmail(String email) throws UsernameNotFoundException { User user = userRepository.findByEmail(email); if(user==null){ throw new UsernameNotFoundException(email); } return new UserDetailsImpl(user); } }
@Component public class JWTFilter extends OncePerRequestFilter { private final JWTService jwtService; private final UserDetailsService userDetailsService; public JWTFilter(JWTService jwtService,UserDetailsService userDetailsService) { this.jwtService = jwtService; this.userDetailsService = userDetailsService; } @Override protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException { final String authHeader = request.getHeader("Authorization"); if(authHeader == null || !authHeader.startsWith("Bearer")) { filterChain.doFilter(request,response); return; } final String jwt = authHeader.substring(7); final String userName = jwtService.extractUserName(jwt); Authentication authentication = SecurityContextHolder.getContext().getAuthentication(); if(userName !=null && authentication == null) { //Authenticate UserDetails userDetails = userDetailsService.loadUserByUsername(userName); if(jwtService.isTokenValid(jwt,userDetails)) { UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken( userDetails, null, userDetails.getAuthorities() ); SecurityContextHolder.getContext() .setAuthentication(authenticationToken); } } filterChain.doFilter(request,response); } }
@Bean public AuthenticationManager authenticationManager(AuthenticationConfiguration config) throws Exception{ return config.getAuthenticationManager(); }
@Bean public AuthenticationProvider authenticationProvider(){ DaoAuthenticationProvider authenticationProvider = new DaoAuthenticationProvider(); authenticationProvider.setUserDetailsService(userDetailsServiceImpl); authenticationProvider.setPasswordEncoder(passwordEncoder); return authenticationProvider; }
???? ??? ??, ??? ? ??? ????? Google/Github?? ??? ??? ???? ??? OAuth2.0? ???? ?? ??? ? ????.
OAuth 2.0
OAuth 2.0? ???? ?? ???? ?? ??? ???? ??? ?? ???(?: Google Drive, Github)? ??? ???? ?? ??? ??? ?3? ??????? ??? ? ??? ?? ??? ?? ???? ???????.
?? 'Google? ???', 'github? ???'? ?? ?? ???? ????? ? ?????.
Google, Facebook, Github? ?? ???? ?? ??? ?? ??? ??? ?? OAuth 2.0 ????? ???? ?? ??? ?????.
OAuth 2.0? ?? ??
?? ???
??
?? ??
??? ??
??? ??
??
???
?? ? ??? ??? ???????
?? ???
??? ???? ?? ??????(??? ??????)? ????? ??????.
??
??? ??? ???? ???? ?????? (??) ?????????.
??? ??
??? ???? ???? ???? ?? ???????? ???? ? ????.
?? ??
??? ???? ???? ?????(?: Google ??)? ??? ??? ???? ?????.
??? ??
?? ??? ?????? ??? ?? ????, ???? ???? ??? ??? ???? ? ????. ????? ??? ?? ? ????? ???? ?? ??? ??? ??? ? ??? ??? ?? ??? ?? ?? ?? ??? ?????.
??
???? ??? ?? ????, ?????? ??? ???? ??? ? ?? ??? ??? ? ?? ??? ?????. ?? ?? ??? ???? ???, ?? ?? ?? ??? ??? ????? ?? ????? ?? ??? ?????.
???
????? ??????? Authorization Server??? ??? ??? ?? ? ?? ??? ????. ?? ??? ????? ??????? ??? ???? ???? ???? ???? ? ?? ??? ???? ???? ? ??? ?????.
????? ???? ? ?? ?? ??? ????? ??? ??? ???? ?????
OAuth 2.0?? ???? Grant ??? ?? 2??? ????
-
?? ?? ??
?? ?? ???? ??/??? ???? ?? ???? ?? ? ??????? ?????
??? ?????? ?? ??? ???? ???? ???? ?????? ??? ??? ?????.
??:
- ?????? ???? ?? ??? ???????.
- ???? ????? ?????.
- ????? ????? ?????.
- ?????? ??? ??? ?? ???? ?? ??? ?????.
-
??? ??
?? ??? ?(SPA) ?? ???? ?? ???????? ?????. ??? ??? ??? ???? ???? ?? ?? ? ?????.
??:
- ?????? ???? ?? ??? ???????.
- ???? ????? ?????.
- ?? ??? ??? ??? ?? ?????.
??? ??? ?? ? ??? ??? ?????? ?? ??? ?? ?? ??? ???????
-
?? ??
???(?: google, github) ? ??? ?? ?? KeyCloak? ???? ?? ?? ?? ?? OAuth 2.0 ??? ???? ?? ??? ?? ????(?? ????? ?? ?? ???????).
-
??? ?? ??????
??? ?? ??, ??, ??? ?? ?? ?? ? JWT ?? ??? ?? ?? ??? ???? ?? ??? ??????/???? ? ????
-
React ??????(?????)
??? ??? ?? ???? ?? ??? ?????? ?????? ???.
??? ???? ??? ? ?? ?????(?/?)? ???? Google ????? ?????? ????. ???? URI? ??? ?????? ?????? ? ?? ???? ?? ???. ??? ?? ?? ????_url? ?? ???????. ?? ?? ????? ID? ???? ??? ?? ??? ?? ????? ?????.
???, ???? Google? ????? ????? ?? ??(Google)? ??? ??? ???? ?????? ??? ??? ? ?? ?? ??? ?? ??? ???? ??? ??? ?? ?? ??? ?? ?? ??? ??? ?? ??? ??? ? ??? ????? ??? ???? ????? ??????? ??? ???? ? ? ?? ??? ?????? ?? ????.
?? ??? ???????. ?, OAuth ?????? Google ?? ????? ??? ???? URL? ??? ?????? URL? ????? ?????.
* **CsrfFilter**: Validates CSRF tokens to prevent Cross-Site Request Forgery attacks. * **CorsFilter**: Manages Cross-Origin Resource Sharing (CORS) rules for secure API access from different domains. * **ExceptionTranslationFilter**: Handles security-related exceptions (e.g., invalid credentials) and sends appropriate responses to the client.
?? ?????. ???? ?? ??? ? ?? ??? ????? ?? ??? ????? ??????? ?? ? ????.
???? ????? ?????, ????? ???? ??? ?????
? ??? ??? ??? OAuth ??? ?? ?????. ??? ??? PHP ??? ????? ?? ?? ??? ?????!

? AI ??

Undress AI Tool
??? ???? ??

Undresser.AI Undress
???? ?? ??? ??? ?? AI ?? ?

AI Clothes Remover
???? ?? ???? ??? AI ?????.

Clothoff.io
AI ? ???

Video Face Swap
??? ??? AI ?? ?? ??? ???? ?? ???? ??? ?? ????!

?? ??

??? ??

???++7.3.1
???? ?? ?? ?? ???

SublimeText3 ??? ??
??? ??, ???? ?? ????.

???? 13.0.1 ???
??? PHP ?? ?? ??

???? CS6
??? ? ?? ??

SublimeText3 Mac ??
? ??? ?? ?? ?????(SublimeText3)

??? ??











?? ?? ?? ??? ??? ?? ??? ??, ? ? ?? ? ??? ?????. 1. ??? ?? ???? ?? ???? ???-????, ? ??? ??? ??? ? ????, Hashmap? ???-??? ?? ??? ??? ???? ????. 2. NULL ? ?? ???? HashMap? ??? NULL ?? ?? ? ?? ???? ?? HashTable? NULL ?? ?? ???? ??? NullPointerException? ?????. 3. ????? ??? ????? ?? ??? ?? ?? ? ????? HashTable? ? ??? ?? ?? ??? ????. ?? ConcurrenTashMap? ???? ?? ????.

Java? ?? ??? ??? ?? ??? ??? ?? ??? ??? ?? ??? ?? ?? ??? ???? ??? ?? ???? ?????. 1. ??? ???? ??? ?? ?? ? ???? ?? ??? ???? ?? ?? ??? ? ????. 2. ???? ?? ??? ???? ??? ?? ???? ?? ?? ??? ???????. 3. ?? ???? ?? ?? ?? ? ???? ???? ?? NULL ?? ??? ? ????. 4. ?? ???? ??? ?? ?? ? ??? ?????? ?? ??? ??? ?? ?? ??? ????? ??? ??? ??? ??????? ?? ???? ??????.

staticmethodsininterfaceswereIntRectionSelffacesswithinteffaceswithinteffaceswithintintinjava8toallowutilityFunctionswithinterfaceitswithinteffaceswithinterfaceffaces

JIT ????? ??? ???, ??? ?? ? ???, ?? ?? ? ???? ? ? ?? ?? ??? ? ?? ??? ?? ??? ??????. 1. ??? ???? ?? ?? ??? ??? ?? ?? ???? ??? ?? ?????. 2. ??? ?? ? ??? ?? ?? ? ??? ???? ?? ?? ???; 3. ?? ??? ??? ?? ??? ???? ???? ???? ? ?? ?? ??? ?????. 4. ?? ??? ?? ??? ??? ???? ???? ?? ? ??? ???? ?? ??? ?????.

???? ??? ??? Java?? ??? ?? ???? ??? ?? ? ? ??? ??? ???? ? ?????. ?? ???? ??? ??, ??? ?? ??? ?? ?? ??? ??? ????? ???? ????? ?????. ?? ??? ??? ??, ????? ? ??? ????, ?? ??? ??? ?????? ? ?? ? ?? ?????.

injava, thefinalkeywordpreventsavariable'svalue'svalueffrombeingchangedafterassignment, butitsbehaviordiffersforprimitivesandobjectreences.forprimitivevariables, asinfinalintmax_speed = 100; wherereassoncesanerror.forobjectref

??? ??? ?? ?? ??? ????? ? ???? ????? ???? ?? ???? ?? ???? ?????. ?? ??? ??? ????. ?? ?? ?? ??? ???? ???? ?? ?? ??? ??? ?? ?? ??? ??? ?????. ?? ??? ??? ????. ?? ??? ?? ??? ?? ?? ??? ?? ?? ??? ???? NewClass ()? ??? ?? ???? ????. ?? ??? ?? ??? ???? ?? ??? ?? ? ? ??? ?? ?? ??? ????? ????? ?????. ?? ??, ?? ?????? ?????, ??? ? ?? ????? ??? ?? ?????. ???? ?? ?? ??? ???? ?? ???? ?? ? ??? ???? ?? ??? ?? ?????? ?????. ???? ???? ??? ??, ?? ?? ? ?? ??? ????, ?? ?? ???? ?????.

??? ? ?? ??? ???? : ????? ?? ?. 1. int? ???? ???? ?? ?? ?? ? ??? ???? ?????. 2. ?? ? ???? (int) myDouble ??? ?? ?? ??? ?????. ?? ??? ??? ?? ??? ?? ??, ?? ?? ?? ???? ?? ??? ?? ???? ?? ?????. ???? ? ??? ??? ????. ?? ??? ??? ??? ??? ??? ?? ??? ??? ? ??? ?? ???? ??? ??? ??? ??? ? ??? ?? ??? ?? ??? ?? ?? ? ? ????. ?? ?? ??? ?? ??? ??? ??? ??? ? ??????.
