1. 시큐리티란 무엇인가?
허가된 사용자만이 특정 웹 페이지에 접근할 수 있도록 제한하는 보안 기능이다. 인증(Authentication)과 권한 부여(Authorization)의 두 가지 기능이 있는데, 인증은 사용자가 웹 페이지에 접근할 때 JSP 컨테이너는 요청된 페이지에 보안 제약이 있는지 확인하고, 사용자에게 사용자의 이름과 암호를 확인하는 것이다. 권한 부여는 특정 사용자가 해당 페이지에 접근할 수 있는지 확인한다. (=허가)
2. 시큐리티의 두 가지 처리 기법에 대해 간단히 설명하시오.
선언적 시큐리티는 코드 작성 없이 web.xml 파일에 보안 구성을 작성하여 사용자 인증을 수행하고, 프로그래밍적 시큐리티는 request 내장 객체의 메소드를 통해 사용자의 권한을 부여한다.
3. FROM 기반 인증 처리 기법으로 로그인 페이지를 작성하는 방법을 설명하시오.
<login-config> 요소의 하위 요소인 <form-login-config>을 FORM으로 설정해주고, 정상 페이지와 오류 페이지를 각각 <form-login-page> <form-error-page> 요소를 통해 지정한다.
4. FORM 기반 인증 처리 기법을 이용하여 다음 조건에 맞게 JSP 애플리케이션을 만들고 실행 결과를 확인하시오.
// web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app>
<security-role>
<role-name>role1</role-name>
</security-role>
<security-constraint>
<web-resource-collection>
<web-resource-name>JSPBook</web-resource-name>
<url-pattern>/ch10/security.jsp</url-pattern>
<http-method>GET</http-method>
</web-resource-collection>
<auth-constraint>
<description></description>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/ch10/login.jsp</form-login-page>
<form-error-page>/ch10/login_failed.jsp</form-error-page>
</form-login-config>
</login-config>
</web-app>// security.jsp
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%>
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>Security</title>
</head>
<body>
<%
if(request.isUserInRole("admin")){
response.sendRedirect("success.jsp");
}
%>
</body>
</html>// login.jsp
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>Security</title>
</head>
<body>
<form name="loginForm" action="j_security_check" method="post">
<p> 사용자명: <input type="text" name="j_username">
<p> 비밀번호: <input type="password" name="j_password">
<p> <input type="submit" value="전송">
</form>
</body>
</html>// login_failed.jsp
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>Security</title>
</head>
<body>
<p> 인증 실패했습니다.
</body>
</html>
5. 다음 조건에 맞게 도서 웹 쇼핑몰을 위한 웹 애플리케이션을 만들고 실행 결과를 확인하시오.
// web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app>
<security-role>
<description></description>
<role-name>admin</role-name>
</security-role>
<security-constraint>
<display-name>Dynamic Web Project Security</display-name>
<web-resource-collection>
<web-resource-name>Dynamic Web Project</web-resource-name>
<description></description>
<url-pattern>/addProduct.jsp</url-pattern>
</web-resource-collection>
<auth-constraint>
<description>권한 관리자명</description>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/login_failed.jsp</form-error-page>
</form-login-config>
</login-config>
</web-app>// addProduct.jsp
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%>
<%@ taglib prefix="fmt" uri="http://java.sun.com/jsp/jstl/fmt" %>
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<link rel="stylesheet"
href="https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css">
<script type="text/javascript" src="./resources/js/validation.js"></script>
<title>상품 등록</title>
</head>
<body>
<fmt:setLocale value='<%=request.getParameter("language") %>' />
<fmt:bundle basename="bundle.message" >
<%@ include file="menu.jsp" %>
<div class="jumbotron">
<div class="contrainer">
<h1 class="display-3"><fmt:message key="title"/></h1>
</div>
</div>
<div class="container">
<div class="text-right">
<a href="?language=ko">Korean</a> | <a href="?language=en">English</a>
<a href="logout.jsp" class="btn btn-sm btn-success pull-right">logout</a>
</div>
<form name="newProduct" action="processAddProduct.jsp" class="form-horizontal" method="post" enctype="multipart/form-data">
<div class="form-group row">
<label class="col-sm-2"><fmt:message key="productId"/></label>
<div class="col-sm-3">
<input type="text" id="productId" name="productId" class="form-control">
</div>
</div>
<div class="form-group row">
<label class="col-sm-2"><fmt:message key="name"/></label>
<div class="col-sm-3">
<input type="text" id="name" name="name" class="form-control">
</div>
</div>
<div class="form-group row">
<label class="col-sm-2"><fmt:message key="unitPrice"/></label>
<div class="col-sm-3">
<input type="text" id="unitPrice" name="unitPrice" class="form-control">
</div>
</div>
<div class="form-group row">
<label class="col-sm-2"><fmt:message key="author"/></label>
<div class="col-sm-3">
<input type="text" name="author" class="form-control">
</div>
</div>
<div class="form-group row">
<label class="col-sm-2"><fmt:message key="publisher"/></label>
<div class="col-sm-3">
<input type="text" name="publisher" class="form-control">
</div>
</div>
<div class="form-group row">
<label class="col-sm-2"><fmt:message key="releaseDate"/></label>
<div class="col-sm-3">
<input type="text" name="releaseDate" class="form-control">
</div>
</div>
<div class="form-group row">
<label class="col-sm-2"><fmt:message key="totalPages"/></label>
<div class="col-sm-3">
<input type="text" name="totalPages" class="form-control">
</div>
</div>
<div class="form-group row">
<label class="col-sm-2"><fmt:message key="description"/></label>
<div class="col-sm-5">
<textarea name="description" cols="50" rows="2" class="form-control"></textarea>
</div>
</div>
<div class="form-group row">
<label class="col-sm-2"><fmt:message key="category"/></label>
<div class="col-sm-3">
<input type="text" name="category" class="form-control">
</div>
</div>
<div class="form-group row">
<label class="col-sm-2"><fmt:message key="unitsInStock"/></label>
<div class="col-sm-3">
<input type="text" id="unitsInStrock" name="unitsInstock" class="form-control">
</div>
</div>
<div class="form-group row">
<label class="col-sm-2"><fmt:message key="condition"/></label>
<div class="col-sm-5">
<input type="radio" name="condition" value="New " >
신규 제품
<input type="radio" name="condition" value="Old ">
중고 제품
<input type="radio" name="condition" value="Refurbished">
재생 제품
</div>
</div>
<div class="form-group row">
<label class="col-sm-2"><fmt:message key="productImage"/></label>
<div class="col-sm-5">
<input type="file" name="productImage" class="form-control">
</div>
</div>
<div class="form-group row">
<div class="col-sm-offset-2 col-sm-10">
<input type="button" class="btn btn-primary" value='<fmt:message key="button"/>' onclick="CheckAddProduct()">
</div>
</div>
</form>
</div>
</fmt:bundle>
</body>
</html>// login.jsp
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%>
<!DOCTYPE html>
<html>
<head>
<link rel="stylesheet"
href="https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css">
<script type="text/javascript" src="./resources/js/validation.js"></script>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>Login</title>
</head>
<body>
<% request.setCharacterEncoding("utf-8"); %>
<jsp:include page="menu.jsp"/>
<div class="jumbotron">
<div class="container">
<h1 class="display-3">로그인</h1>
</div>
</div>
<div class="container" align="center">
<div class="col-md-4 cold-md-offset-4">
<h3 class="form-singin-heading">Please sign in</h3>
<%
String error = request.getParameter("error");
if(error != null){
out.println("<div class='alert alert-danger'>");
out.println("아이디와 비밀번호를 확인해주세요.");
out.println("</div>");
}
%>
<form class="form-signin" action="j_security_check" method="post">
<div class="form-group">
<label for="inputUserName" class="sr-only">User Name</label>
<input type="text" class="form-control" placeholder="ID" name='j_username' required autofocus>
</div>
<div class="form-group">
<label for="inputPassword" class="sr-only">Password</label>
<input type="password" class="form-control" placeholder="Password" name='j_password' required>
<button class="btn btn btn-lg btn-success btn-block" type="submit">로그인</button>
</div>
</form>
</div>
</div>
</body>
</html>// login_failed.jsp
<%
response.sendRedirect("login.jsp?error=1");
%>// logout.jsp
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%>
<%
session.invalidate();
response.sendRedirect("addProduct.jsp");
%>
'문제풀이 > 쉽게 배우는 JSP 웹프로그래밍' 카테고리의 다른 글
| [쉽게 배우는 JSP 웹프로그래밍] 12장 연습문제 (0) | 2020.11.19 |
|---|---|
| [쉽게 배우는 JSP 웹프로그래밍] 11장 연습문제 (0) | 2020.11.16 |
| [쉽게 배우는 JSP 웹프로그래밍] 9장 연습문제 (0) | 2020.11.02 |
| [쉽게 배우는 JSP 웹프로그래밍] 8장 연습문제 (0) | 2020.10.21 |
| [쉽게 배우는 JSP 웹프로그래밍] 7장 연습문제 (2) | 2020.10.19 |
댓글