devkobe24.com

homepage

Contact

Copyright Β© 2024 | Yankos
Contents

Home > SpringSecurity > πŸ” Spring Security와 Spring Boot의 관계

πŸ” Spring Security와 Spring Boot의 관계
None 2025-10-23 -
Spring Security Framework Spring Boot Auto-Configuration

πŸ” Spring Security와 Spring Boot의 관계

λͺ©μ°¨

핡심 κ°œλ…

Spring SecurityλŠ” Spring Boot에 ν¬ν•¨λœ 것이 μ•„λ‹ˆλΌ,
Spring Bootκ°€ Spring Securityλ₯Ό 맀우 μ‰½κ²Œ μ‚¬μš©ν•  수 μžˆλ„λ‘ μ§€μ›ν•˜λŠ” κ΅¬μ‘°μž…λ‹ˆλ‹€.

κ°„λ‹¨νžˆ 말해:

  • Spring Security == λ³΄μ•ˆ μ „λ¬Έ ν”„λ ˆμž„μ›Œν¬ (독립적)
  • Spring Boot == μ—¬λŸ¬ Spring ν”„λ‘œμ νŠΈλ₯Ό μ‰½κ²Œ μ‘°λ¦½ν•΄μ£ΌλŠ” 도ꡬ

Spring Security의 독립성

πŸ“¦ λ³„κ°œμ˜ ν”„λ‘œμ νŠΈ

Spring SecurityλŠ” β€œSpring μƒνƒœκ³„β€μ— μ†ν•œ 독립적인 ν”„λ‘œμ νŠΈμž…λ‹ˆλ‹€.

Spring μƒνƒœκ³„
β”œβ”€β”€ Spring Framework (Core)
β”œβ”€β”€ Spring Boot (Auto-Configuration)
β”œβ”€β”€ Spring Security (λ³΄μ•ˆ)
β”œβ”€β”€ Spring Data JPA (데이터 μ ‘κ·Ό)
β”œβ”€β”€ Spring Web MVC (μ›Ή)
β”œβ”€β”€ Spring Cloud (λ§ˆμ΄ν¬λ‘œμ„œλΉ„μŠ€)
└── ... 기타 ν”„λ‘œμ νŠΈλ“€

πŸ•°οΈ 역사적 λ§₯락

  • Spring Security: 2003λ…„ β€œAcegi Securityβ€λ‘œ μ‹œμž‘
  • Spring Boot: 2014λ…„ 첫 릴리즈

Spring Bootκ°€ νƒ„μƒν•˜κΈ° 10λ…„ 이상 μ „λΆ€ν„° Spring SecurityλŠ” μ‘΄μž¬ν–ˆμŠ΅λ‹ˆλ‹€.

🎯 독립적 μ‚¬μš© κ°€λŠ₯

Spring SecurityλŠ” Spring Boot 없이도 μ‚¬μš©ν•  수 μžˆμŠ΅λ‹ˆλ‹€.

<!-- Spring Framework + Spring Security (Spring Boot 없이) -->
<dependency>
    <groupId>org.springframework.security</groupId>
    <artifactId>spring-security-web</artifactId>
    <version>6.2.0</version>
</dependency>
<dependency>
    <groupId>org.springframework.security</groupId>
    <artifactId>spring-security-config</artifactId>
    <version>6.2.0</version>
</dependency>

ν•˜μ§€λ§Œ 이 경우 λͺ¨λ“  섀정을 κ°œλ°œμžκ°€ 직접 ν•΄μ•Ό ν•©λ‹ˆλ‹€ (맀우 λ³΅μž‘ν•¨).

Spring Boot의 μ—­ν• 

πŸš€ Auto-Configuration의 힘

Spring BootλŠ” λ³΅μž‘ν•œ 섀정을 μžλ™ν™”ν•˜μ—¬ 개발자의 삢을 획기적으둜 κ°œμ„ ν–ˆμŠ΅λ‹ˆλ‹€.

❌ Spring Boot 이전 (전톡적인 Spring)

<!-- web.xml에 ν•„ν„° 등둝 -->
<filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>

<filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

// SecurityConfig.java - μˆ˜λ§Žμ€ 빈 μ„€μ • ν•„μš”
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Bean
    public AuthenticationManager authenticationManager() {
        // λ³΅μž‘ν•œ μ„€μ •...
    }

    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }

    @Bean
    public UserDetailsService userDetailsService() {
        // μ‚¬μš©μž 정보 λ‘œλ“œ μ„€μ •...
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        // ν•„ν„° 체인 μˆ˜λ™ ꡬ성
        http
            .authorizeRequests()
            .antMatchers("/public/**").permitAll()
            .anyRequest().authenticated()
            .and()
            .formLogin()
            .and()
            .logout();
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        // 인증 λ§€λ‹ˆμ € μ„€μ •...
    }
}

βœ… Spring Boot μ‚¬μš© μ‹œ

// build.gradle - 단 ν•œ μ€„μ˜ μ˜μ‘΄μ„± μΆ”κ°€
dependencies {
    implementation 'org.springframework.boot:spring-boot-starter-security'
}

<!-- λ˜λŠ” pom.xml -->
<dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-security</artifactId>
</dependency>

μ΄κ²ƒλ§ŒμœΌλ‘œ 끝! Spring Bootκ°€ μžλ™μœΌλ‘œ:

  • Spring Security ν•„ν„° 체인 등둝
  • κΈ°λ³Έ 둜그인 νŽ˜μ΄μ§€ 생성
  • μ„Έμ…˜ 기반 인증 μ„€μ •
  • CSRF 보호 ν™œμ„±ν™”
  • κΈ°λ³Έ μ‚¬μš©μž 계정 생성 (username: user, password: μ½˜μ†”μ— 좜λ ₯)
Using generated security password: 8e557245-73e2-4286-969a-ff57fe326336

πŸŽ›οΈ μ»€μŠ€ν„°λ§ˆμ΄μ§•λ„ 간단

ν•„μš”ν•œ λΆ€λΆ„λ§Œ μ˜€λ²„λΌμ΄λ“œν•˜λ©΄ λ©λ‹ˆλ‹€.

@Configuration
@EnableWebSecurity
public class SecurityConfig {

    @Bean
    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
        http
            .authorizeHttpRequests(auth -> auth
                .requestMatchers("/public/**").permitAll()
                .requestMatchers("/admin/**").hasRole("ADMIN")
                .anyRequest().authenticated()
            )
            .formLogin(Customizer.withDefaults())
            .oauth2Login(Customizer.withDefaults());  // OAuth2도 μ‰½κ²Œ!

        return http.build();
    }
}

μ‹€μ „ μ˜ˆμ‹œ

πŸ“‹ μ˜μ‘΄μ„± 관계 μ΄ν•΄ν•˜κΈ°

Spring BootλŠ” μ—¬λŸ¬ Spring ν”„λ‘œμ νŠΈλ₯Ό μ‘°λ¦½ν•˜μ—¬ μ‰½κ²Œ μ‚¬μš©ν•˜κ²Œ ν•΄μ£ΌλŠ” β€˜μ‘°λ¦½ λ„κ΅¬β€™μž…λ‹ˆλ‹€.

β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
β”‚         Spring Boot                 β”‚
β”‚    (쑰립 도ꡬ / 런처)                β”‚
β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜
              ↓ μ„ νƒμ μœΌλ‘œ 톡합
    β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
    β”‚         β”‚         β”‚         β”‚
β”Œβ”€β”€β”€β–Όβ”€β”€β”€β” β”Œβ”€β”€β–Όβ”€β”€β”€β” β”Œβ”€β”€β”€β–Όβ”€β”€β”€β” β”Œβ”€β”€β–Όβ”€β”€β”€β”
β”‚Spring β”‚ β”‚Springβ”‚ β”‚Spring β”‚ β”‚Springβ”‚
β”‚Securityβ”‚ β”‚Data  β”‚ β”‚  Web  β”‚ β”‚Cloud β”‚
β”‚       β”‚ β”‚  JPA β”‚ β”‚  MVC  β”‚ β”‚      β”‚
β””β”€β”€β”€β”€β”€β”€β”€β”˜ β””β”€β”€β”€β”€β”€β”€β”˜ β””β”€β”€β”€β”€β”€β”€β”€β”˜ β””β”€β”€β”€β”€β”€β”€β”˜

πŸ› οΈ μ‹€μ œ ν”„λ‘œμ νŠΈ μ„€μ •

1. κΈ°λ³Έ μ›Ή μ• ν”Œλ¦¬μΌ€μ΄μ…˜

dependencies {
    implementation 'org.springframework.boot:spring-boot-starter-web'
}

이 μƒνƒœμ—μ„œλŠ” λ³΄μ•ˆμ΄ μ „ν˜€ μ—†μŠ΅λ‹ˆλ‹€ (λͺ¨λ“  μ—”λ“œν¬μΈνŠΈ 곡개).

2. λ³΄μ•ˆ μΆ”κ°€

dependencies {
    implementation 'org.springframework.boot:spring-boot-starter-web'
    implementation 'org.springframework.boot:spring-boot-starter-security'  // μΆ”κ°€
}

이제 λͺ¨λ“  μ—”λ“œν¬μΈνŠΈκ°€ λ³΄ν˜Έλ©λ‹ˆλ‹€ (κΈ°λ³Έ 폼 둜그인 ν™œμ„±ν™”).

3. JWT 인증으둜 ν™•μž₯

dependencies {
    implementation 'org.springframework.boot:spring-boot-starter-web'
    implementation 'org.springframework.boot:spring-boot-starter-security'
    implementation 'io.jsonwebtoken:jjwt-api:0.12.3'
    runtimeOnly 'io.jsonwebtoken:jjwt-impl:0.12.3'
    runtimeOnly 'io.jsonwebtoken:jjwt-jackson:0.12.3'
}

@Configuration
public class SecurityConfig {

    @Bean
    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
        http
            .csrf(csrf -> csrf.disable())  // Statelessμ΄λ―€λ‘œ CSRF λΉ„ν™œμ„±ν™”
            .sessionManagement(session -> session
                .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
            )
            .addFilterBefore(jwtAuthenticationFilter(),
                           UsernamePasswordAuthenticationFilter.class);

        return http.build();
    }
}

πŸ”„ μ„ νƒμ˜ 자유

κ°œλ°œμžλŠ” build.gradle λ˜λŠ” pom.xml을 톡해 ν•„μš”ν•œ κ²ƒλ§Œ μ„ νƒν•©λ‹ˆλ‹€.

ν•„μš”ν•œ κΈ°λŠ₯ μΆ”κ°€ν•  Starter
μ›Ή μ• ν”Œλ¦¬μΌ€μ΄μ…˜ spring-boot-starter-web
λ³΄μ•ˆ spring-boot-starter-security
λ°μ΄ν„°λ² μ΄μŠ€ (JPA) spring-boot-starter-data-jpa
OAuth2 ν΄λΌμ΄μ–ΈνŠΈ spring-boot-starter-oauth2-client
OAuth2 λ¦¬μ†ŒμŠ€ μ„œλ²„ spring-boot-starter-oauth2-resource-server

정리

🎯 핡심 μš”μ•½

Spring Security Spring Boot
독립적인 λ³΄μ•ˆ μ „λ¬Έ ν”„λ ˆμž„μ›Œν¬ μ—¬λŸ¬ Spring ν”„λ‘œμ νŠΈλ₯Ό μ‘°λ¦½ν•˜λŠ” 도ꡬ
2003λ…„λΆ€ν„° 쑴재 (Acegi Security) 2014λ…„ 탄생
Spring Boot 없이도 μ‚¬μš© κ°€λŠ₯ Security 없이도 μ‚¬μš© κ°€λŠ₯
인증/μΈκ°€μ˜ λͺ¨λ“  κΈ°λŠ₯ 제곡 Auto-Configuration으둜 μ„€μ • μžλ™ν™”

πŸ“Œ 관계 정리

Spring Security β‰  Spring Boot의 일뢀

Spring Security = Spring μƒνƒœκ³„μ˜ 독립 ν”„λ‘œμ νŠΈ
Spring Boot = Spring Securityλ₯Ό μ‰½κ²Œ μ‚¬μš©ν•˜κ²Œ ν•΄μ£ΌλŠ” 지원 도ꡬ

πŸ’‘ 싀무 관점

β€œSpring Bootλ₯Ό μ‚¬μš©ν•œλ‹€β€λŠ” 것은:

  • Spring Frameworkλ₯Ό 기반으둜
  • ν•„μš”ν•œ Spring ν”„λ‘œμ νŠΈλ“€(Security, Data JPA λ“±)을 μ„ νƒν•˜μ—¬
  • Auto-Configuration의 λ„μ›€μœΌλ‘œ λΉ λ₯΄κ²Œ κ°œλ°œν•˜λŠ” 것

β€œSpring Securityλ₯Ό μ‚¬μš©ν•œλ‹€β€λŠ” 것은:

  • μ• ν”Œλ¦¬μΌ€μ΄μ…˜μ— 인증/인가 κΈ°λŠ₯을 μΆ”κ°€ν•˜λŠ” 것
  • Spring Bootκ°€ 없어도 κ°€λŠ₯ν•˜μ§€λ§Œ, Spring Boot와 ν•¨κ»˜ μ“°λ©΄ 훨씬 νŽΈλ¦¬ν•¨

πŸš€ λ‹€μŒ ν•™μŠ΅ 주제

  • Spring Boot Auto-Configuration λ‚΄λΆ€ λ™μž‘ 원리
  • spring-boot-starter-securityκ°€ μžλ™ μ„€μ •ν•˜λŠ” Beanλ“€
  • Custom Auto-Configuration λ§Œλ“€κΈ°
  • Spring Boot Actuator와 Security 톡합

κ²°λ‘ : Spring SecurityλŠ” Spring Boot의 일뢀가 μ•„λ‹ˆλΌ, Spring Bootκ°€ κ°•λ ₯ν•˜κ²Œ μ§€μ›ν•˜κ³  톡합해 μ£ΌλŠ” λ³„κ°œμ˜ λ³΄μ•ˆ μ „λ¬Έ ν”„λ ˆμž„μ›Œν¬μž…λ‹ˆλ‹€.