들어가기 전에

인증 (Authentication) : 사용자가 맞는지를 인증하는 것을 말한다. (로그인)
인가 (AUtorization)   : 인증된 사용자에 대한 접근 확인 절차
  - 토큰 인증 방식 : 토큰을 로컬 저장소나 쿠키 등에 저장해 인증하는 방식
  - 세션 인증 방식 

JWT 저장은 어디에?

• client-side : (1) HTTP Only Cookie (2) 브라우저의 로컬 저장소 (보안에 취약)

• server-side : (1) 세션 저장소 : Redis, Mamcached 에 세션 ID를 저장

  (2) SQL/NoSQL DB

JWT를 Redis 세션 저장소에 저장하고, 스프링시큐러티와 함께 사용하는 법

To implement JSON Web Token (JWT) authorization with Spring Security and Redis, you need to follow these steps:

1. Create a Redis configuration class: In this class, you will configure the Redis connection, such as the host, port, and password. You will also define a RedisTemplate bean that can be used to interact with Redis.
2. Implement a custom authentication provider: This class will handle the authentication logic and will use Redis to store and retrieve the JWT. When a user logs in, the authentication provider will generate a new JWT and store it in Redis, associating it with the user's account. On subsequent requests, the provider will retrieve the JWT from Redis and use it to verify the user's identity.
3. Modify the Security Configuration class: In this class, you will enable the custom authentication provider and configure the security rules that apply to your application.
4. Use the JWT in your controllers: In your controllers, you can use the JWT to secure your endpoints. When a user makes a request, you can retrieve the JWT from the request headers and use it to verify the user's identity.

By following these steps, you will be able to implement JWT authorization with Spring Security and Redis, allowing you to securely store and verify user sessions in a fast and scalable way.

dependencies {
    implementation 'org.springframework.boot:spring-boot-starter-data-redis'
    implementation 'io.jsonwebtoken:jjwt:0.10.7'
}

세션 기반 인증과 토큰 기반 인증 (feat. 인증과 인가)