package org.joonzis.controller;
import org.springframework.security.access.annotation.Secured;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import lombok.extern.log4j.Log4j;
@Log4j
@Controller
@RequestMapping("/sample/*")
public class SampleController {
@GetMapping("/all")
public String doAll() {
log.info("do all can access everybody");
return "/sample/all";
}
@GetMapping("/member")
public String doMember() {
log.info("logined member");
return "/sample/member";
}
@GetMapping("/admin")
public String doAdmin() {
log.info("admon only");
return "/sample/admin";
}
/*
* @PreAuthorize(표현식) 및 @Secured(배열)를 이용하여 권한 체크
*
* 컨트롤러에서 사용하느 시큐리티의 어노테이션을 활성화 하기위해
* security-context.xml이 아니 servlet-context.xml에 관련 설정을 추가해야 함
*
*/
@PreAuthorize("hasAnyRole('ROLE_ADMIN', 'ROLE_MEMBER')")
@GetMapping("/annoMember")
public void doMember2() {
log.info("로그인 어노테이션 멤버");
}
@Secured({"ROLE_ADMIN"})
@GetMapping("/annoAdmin")
public void doAdmin2() {
log.info("어드민 어노테이션");
}
}
