Lock in $30 Savings on PRO—Offer Ends Soon! ⏳

【無料サンプル】もっと実践!サーバーサイドKotlin / server_side_kotli...

FORTE
March 12, 2020

【無料サンプル】もっと実践!サーバーサイドKotlin / server_side_kotlin_2_sample

FORTE

March 12, 2020
Tweet

More Decks by FORTE

Other Decks in Technology

Transcript

  1. כׄ׭ח ׆ס勓؅䩘מ⺅זיַגד׀לֹ׵ֵ׽ֿכׇֹ׉ַױ׌ն詇脢ס FORTE نؚٜطך׌ն⯼詇ךֵ׾ր⪜ꪎ!㵅鴫!ئ٭ف٭ئؕغ Kotlinցמ䑛׀籽׀յ ♀㎇׵ئ٭ف٭ئؕغ Kotlin 勓؅剹׀ױ׊גն勓剹׵⯼詇כ⻎׋ׂ Windowsյ Mac

    ╋㸐䗎ך׌նIDE מחַיע杅מ䔔꼸׌׾砈䨾עםַע׍םסךյ⯼詇؅ 鞅؆ךַ׿ףゼ꾴םַע׍ך׌ն׵׊勓詇ס⫐㵼ך⮔־׼םַ掾ֵֿ׿ף⯼詇؅ 锶׾־յ׏ץ詇脢*1 ױךׇ┞㖥ׂד׈ַնيتعؙنؚ٭عך㎇瞩׈׎יַגד ׀ױ׌ն 劤衼ךⰻ㺁 ♀㎇ע׵זכ㵅鴫!כַֹ׆כךյؤ٤بٖ٭ُ٭⻔ׄס Web ئ٭لتךע䖩 ׍כ阋זי׻ַ׮ל❈؂׿׾ٗ٭ا٭溫ꜗյ霼隍כؓوٛآ٭ب٘٤؅⪪ꪛ׌׾ ס 2 掾מꫀ׊י㵅鴫׊יײג篙卸؅闋鞃׊ױ׊גն ٗ٭ا٭溫ꜗכ霼隍עאס䙎鮐┪յٗ٭ا٭ס⠥☭䝠㖥؅꽑־׾⺪茣䙎׷㜽ꌃ מ⪪ꪛ׊גׂםַ䝠㖥؅꽑־׾⺪茣䙎ֿ둚ׂם׽ױ׌նאסג״ج؞ٖٛطؔ׷ 茴䒘䙎מ┞㺽宜؅❈ֹ䖩锡ֵֿ׾ꌃ⮔כם׽ױ׌ն♀㎇ע勓沁ꆻ氠ך׀׾ٝيٜ כ蔦⟤؅䭥זיַֻ׾؂ׄךעֵ׽ױ׎؆ֿյ㵅鍮❛כⳛ✑׌׾ؤ٭غ؅⪪ꪛ׊ יַױ׌ն׹ׂ׹ׂע瑭ֿ⠥☭ئ٭لتכ׊י⪪ꪛյꆻ氠׊ג焒锶؅䭥זי勓沁 ꆻ氠ך׀׾ٝيٜסؤ٭غյ闋鞃؅׊יַ׀גַכ䘼זיַױ׌նך׌ֿյ♀㎇ עֵׂױך㕈狸ٝيٜס闋鞃כם׽ױ׌ն ؓوٛآ٭ب٘٤؅⪪ꪛ׌׾כַֹסע┞薭מظوٞؕכ⽿ף׿יַ׾✑噺מ ם׽ױ׌ն♀㎇עظوٞؕ⩰כ׊י heroku ؅氠ַױ׊גնherokuىٞؠע ئ٤وٜ׷㸯锺埛םؓوٛ؅⪪ꪛ׌׾⮔מע긊䊬מ➬⯈םئ٭لتך׌ն♀㎇ע heroku ؅氠ַ׾׆כך Spring Boot ؓوٛآ٭ب٘٤؅ⳛ✑׈׎׾ױךס蝆Ⲩ ֿ׮ׯםׂםזגכַֻ׾ׂ׼ַ祔ⷃמך׀ױ׊גն♀㎇עظوٞؕס䩘꽄؅ WindowsյMac ס╋偙ך闋鞃׊յؓوٛآ٭ب٘٤؅ٛٛ٭ت׌׾כַֹ׵ז כ׵ٓزي٭ب٘٤ֿ┪ֿ׾鉿掿؅闋鞃׊יַ׀ױ׌ն *1 Twwiter https://twitter.com/FORTEgp05 2
  2. ו׿ז➂ぢַֽ 勓詇ע⯼詇ր⪜ꪎ!㵅鴫!ئ٭ف٭ئؕغ Kotlinց؅鞅؆ךַ׾⯼䳀כ׊יַױ ׌ն⪽✄溷מע Kotlin + Spring Boot + JPA

    + Thymeleaf + ظ٭ذي٭ت h2 Database םלךظ٭ذ✑䧯յ嗱筺յ剳偆յ⯸ꯙַ؂׹׾ CRUD ⭦槏 ֿ⮔־׾յ׷זג׆כֵֿ׾յꪛ溪欎㘶םל׵׌ךמֵ׾յֵ׾ַע蔦⮔ךֻ ׼׿׾瓦䍲ס偙؅㸐骭鞅脢כ׊יַױ׌ն אסג״յ ئ٭ف٭ئؕغ Kotlin כע?Spring Boot כע?ֻזא׵א׵ Kotlin זיםמ?鞅ײ偙׵؂־׼םַ˘כַֹ☭ע׏ץ⯼詇ךֵ׾ր⪜ꪎ!㵅鴫!ئ٭ف٭ ئؕغ Kotlinց؅ֽ鞅ײמם׾׆כ؅ֽ⳹״׊ױ׌ն姌ס QR ؤ٭غյٛ٤ؠ־ ׼鮫⪜⺪茣ך׌!PR Ӛ㔳 1 ⵸衼ך顋㡰ل٦آ https://fortegp05.booth.pm/items/1560389 ֿך劤ד䖤׵׸׷ֿה ׆ס勓ע Java םלך Web ꪛ溪ס篑닫ֵֿ׾☭⻔ׄמئ٭ف٭ئؕغ Kotlin ךٗ٭ا٭霼隍כ霼⺪յظوٞؕ؅㵅鴫׊יײ׾勓ך׌ն׆ס勓؅鞅ײ箽؂׾כ 姌ס׻ֹם枱䡢מם׽ױ׌ն • Spring Security מ׻׾霼隍ס❈ַ偙ֿ⮔־׾ – ٗ٭ا٭溫ꜗ – ٗ٭ا٭霼隍 3
  3. – ظنؚٜعٗ٭ا٭ס✑䧯 – 霼隍ꫀ➳סطتعס剹׀偙 • heroku ׫סظوٞؕ – heroku סٗ٭ا٭溫ꜗ

    – ظ٭ذي٭ت䱸籽䝠㖥סُتؠס♐偙 ֵםגס Kotlin ך Web ؓوٛآ٭ب٘٤؅✑׽גַյ⠥☭ئ٭لت؅✑זי ײגַכַֹ䘼ַמ瞩ֻ׼׿ג׼׆؆םמֹ׿׊ַ׆כעֵ׽ױ׎؆ն ֿך劤דכ鍑铡׃זְֿה 勓詇ךע Spring Security ׷ heroku ס闋鞃؅׊יַױ׌ֿյֵׂױך❈ַ偙 סײךֵ׽霄箖ם♐篁ײ׷╚麃סخ٭تؤ٭غמחַיע闋鞃׊יַױ׎؆ն Spring Security מחַיע㴞櫼םج؞ٖٛطؔ؅⟛隍׌׾׵סךעֵ׽ױ׎ ؆նֵׂױךئ٤وٜخ٭تךֵ׽յ勓沁欎㘶ךסⳛ✑㵅緷׷םמ־ס茴䒘䙎隉 偂؅قت׊יַ׾׵סךעֵ׽ױ׎؆ն ױג闋鞃מע JPA ׷ Thymeleaf ׵❈氠׊יַױ׌ֿյ勓詇ךע闋鞃׊ױ׎؆ն ׻ׂ؂־׼םַ!כַֹ偙ע׏ץ⯼詇؅ׇ镣מם׾׆כ؅ֽ⳹״׊ױ׌ն ֿך劤ך⢪ְ倯 ׆ס勓ע瞉脢ֿئ٭ف٭ئؕغ Kotlin מ׻׾ٗ٭ا٭溫ꜗյ霼隍׷ظوٞؕ ؅㳔ש╚ך沼ゼמ䘼זג׆כ׷鞪׬ג׆כ؅䪫銉剹ס䓺ךؓؗعوشع׊ג׵ סך׌նאסג״յٗ٭ا٭霼隍׷溫ꜗמחַי焒׽גׄ׿ף睗 1 皹րSpring Security מ׻׾霼隍כٗ٭ا٭溫ꜗցסً٭ة־׼ׇ镣ׂד׈ַնױגכ׽ֵֻ ׍ظوٞؕ؅׊יײגַ!כַֹ׆כךֵ׿ף睗 2 皹րظوٞؕց־׼ׇ镣ׂד׈ ַն׵ה؀؆劄⮴־׼⪢ꌃ鞅؆ךַגדַי׵㝕┨㝜ך׌ն 勓剹ע׆ס勓סכֽ׽מ׷׿ףⳛׂ׵סֿך׀׾յכַֹכ׆؀؅潨䭰׊י剹 ־׿יַױ׌ն׆ס勓؅鞅״ף槏㺌׷♐篁ײֿ׌׬י槏闋ך׀׾׻ֹמע剹־׿ יַױ׎؆ն׆ס勓؅⪜׽⺚כ׊יאס׈׼מ㞺מֵ׾׆כמ蕟⽱؅䭥זיַג דׄג׼䌗ַך׌ն 杅מٗ٭ا٭霼隍յ霼⺪מחַיע׆׿؅⯈氠׌׾׆כך׈ױ׉ױםؓوٛ آ٭ب٘٤ꪛ溪ֿ⺪茣מם׾כ䘼ַױ׌ն׏ץյ׆׿؅⯈氠׊י蔦⮔氠סص٭ٜ ؅✑זג׽׊יײיׂד׈ַն ױג׆ס勓סؤّٚעⳈ䒣阾ꜗכ׊י瑭ֿ䠊׋גَؕ٤ع׷ـُזגَؕ٤ع םל؅闋鞃׊יַױ׌նגכֻף׆ױ״מلٜغ׌׾כⲯ椙ַַֿ׻٭כ־յ⯼ 詇־׼ל׿ׂ׼ַ䧯ꩽך׀יַ׾־?ײגַם需؅׊יַױ׌նKotlin כ潲䱸ꫀ ➳םַ需؅׊יַ׾־׵׊׿ױ׎؆ֿյ׻־זג׼锶יײיׂד׈ַն 鞅ײ箽؂זג䠊䞯׷ꪨꇙַס䭰䷂յꃯⲎ锡劳םלע姌סـشبٖذء؅氠ַי Twitter ך⽌ַיַגדׄ׾כ㯹׊ַך׌ն׏ץյ䠊䞯؅ֽ䔵ה׊יֽ׽ױ׌ն #׮׏ה㹋騧؟٦غ٦؟؎سKotlin 4
  4. 湡如 כׄ׭ח 2 勓詇ס⫐㵼 . . . . . .

    . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 ל؆ם☭⻔ׄ־ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 ׆ס勓ך䕑׼׿׾׆כ . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 ׆ס勓ךע闋鞃׊םַ׆כ . . . . . . . . . . . . . . . . . . . . . . . . 4 ׆ס勓ס❈ַ偙 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 ⩸鬬◜꽃 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 痥 1 畍 Spring Security ח״׷钠鏾הِ٦ؠ٦涫ꐮ 8 1.1 Spring Security כע . . . . . . . . . . . . . . . . . . . . . . . 8 1.2 ꪛ溪欎㘶מחַי . . . . . . . . . . . . . . . . . . . . . . . . . 8 1.2.1 ف٭ة٘٤┞镣㕂瞉免 . . . . . . . . . . . . . . . . 9 1.3 Spring Security ךֽ䩘鼓霼隍 . . . . . . . . . . . . . . . . . . 9 1.4 㵅氠溷ם霼隍כ׊י硄槏脢氺긖؅㵅鍮׌׾ . . . . . . . . . . . . 11 1.4.1 霼隍䝠㖥כ׊י⚈䟨סٗ٭ا٭⻏כقت٠٭غ؅陭㴻׌׾ 11 1.4.2 ظ٭ذي٭ت؅氠ַיٗ٭ا٭䝠㖥؅硄槏׌׾ . . . . . . 15 1.5 锡霼隍ً٭ةכ׊י硄槏脢氺긖؅㵅鍮׌׾ . . . . . . . . . . . . 23 1.5.1 霼隍㸐骭ً٭ةס陭㴻 . . . . . . . . . . . . . . . . . . 23 1.5.2 硄槏脢氺긖מ阾◜┞镣؅銨獏׌׾ . . . . . . . . . . . . . 25 1.5.3 硄槏脢氺긖ך阾◜סⷃ俙⯸ꯙ . . . . . . . . . . . . . . . 33 1.5.4 硄槏脢氺긖ך阾◜ס鏿俙⯸ꯙ . . . . . . . . . . . . . . . 36 1.6 ٗ٭ا٭溫ꜗ؅㵅鍮׌׾ . . . . . . . . . . . . . . . . . . . . . 41 1.6.1 ٗ٭ا٭溫ꜗ氺긖׫סꈴ瓌؅㵅鍮׌׾ . . . . . . . . . . 41 1.6.2 ٗ٭ا٭溫ꜗ⭦槏ס㵅鍮 . . . . . . . . . . . . . . . . . 49 1.6.3 ٗ٭ا٭ٞءؕ٤סⳛ✑牞霼 . . . . . . . . . . . . . . . 57 1.7 溫ꜗ׊גٗ٭ا٭䝠㖥ך阾◜䫋畇؅⯜䕣׌׾ . . . . . . . . . . . 65 痥 2 畍 رفٗ؎ 75 2.1 heroku מ׻׾ظوٞؕ . . . . . . . . . . . . . . . . . . . . . . 75 2.2 ظوٞؕסٛتؠכ㸐瞬 . . . . . . . . . . . . . . . . . . . . . 75 2.2.1 ٛتؠ . . . . . . . . . . . . . . . . . . . . . . . . . . . 75 6
  5. 2.2.2 㸐瞬 . . . . . . . .

    . . . . . . . . . . . . . . . . . . . . 76 2.3 ظوٞؕס徙⤫ . . . . . . . . . . . . . . . . . . . . . . . . . . 76 2.3.1 霼隍䝠㖥ס欎㘶㜟俙ⵊ . . . . . . . . . . . . . . . . . . 76 2.3.2 heroku ׫סٗ٭ا٭溫ꜗ . . . . . . . . . . . . . . . . . 77 2.3.3 heroku cli ؅ Windwos מؕ٤تع٭ٜ׌׾ . . . . . . . 79 2.3.4 heroku cli ؅ Mac מؕ٤تع٭ٜ׌׾ . . . . . . . . . . 80 2.3.5 heroku cli ךٞءؕ٤׌׾ . . . . . . . . . . . . . . . . 81 2.3.6 git סؕ٤تع٭ٜ . . . . . . . . . . . . . . . . . . . . 81 2.3.7 Github ס徙⤫ . . . . . . . . . . . . . . . . . . . . . . 82 2.3.8 psql ؅ؕ٤تع٭ٜ׌׾ . . . . . . . . . . . . . . . . . 82 2.3.9 psql ؅ Windows מؕ٤تع٭ٜ׌׾ . . . . . . . . . . 82 2.3.10 psql ؅ Mac מؕ٤تع٭ٜ׌׾ . . . . . . . . . . . . . 88 2.4 heroku מظوٞؕ׌׾ . . . . . . . . . . . . . . . . . . . . . . 88 2.4.1 heroku ؓوٛ؅✑䧯׌׾ . . . . . . . . . . . . . . . . . 89 2.4.2 heroku מظ٭ذي٭تכ׊י PostgreSQL ؅جشع׌׾ 89 2.4.3 heroku מؓوٛ؅وشبٖ׌׾ . . . . . . . . . . . . . 89 2.4.4 硄槏脢ٗ٭ا٭؅溫ꜗ׌׾ . . . . . . . . . . . . . . . . 91 2.4.5 ⳛ✑牞霼 . . . . . . . . . . . . . . . . . . . . . . . . . 94 2.4.6 긊⪪ꪛמ׌׾ . . . . . . . . . . . . . . . . . . . . . . . 94 ֮הָֹ 96 ؤ٭غ؅剹ׂסֿ㝕㜟 . . . . . . . . . . . . . . . . . . . . . . . . . . . 96 ئ٭ف٭ئؕغ Kotlin ؅䌮״יַׂ . . . . . . . . . . . . . . . . . . . 97 劄䔿מם׽ױ׊גֿ˘ . . . . . . . . . . . . . . . . . . . . . . . . . . . 97 ꨵ㶨晛חאְג 98 衼罏稱➜ 99 倀皹 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99 銨筤ؕٚتع䬎䓜 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99 7
  6. 痥 1 畍 Spring Security ח״׷钠鏾ה ِ٦ؠ٦涫ꐮ 1.1 Spring Security

    הכ Spring Security ע霼隍ֽ׻צؓؠجت⯜䕣نٝ٭ّ٠٭ؠך׌ն⻏⯼סכֽ ׽ Spring نٝ٭ّ٠٭ؠס┞ꌃךֵ׽յSpring ע׵ה؀؆յJava ؓوٛآ٭ ب٘٤מ霼隍כ霼⺪ס╋偙؅䳀❵׌׾׆כֿך׀ױ׌նא׊י䒣ⲇךֵ׽յ둚䍲 מ؜تذُؕث⺪茣כםזיַױ׌ն ׆׆ךַֹ霼隍כעؓؠجت׊י׀גٗ٭ا٭؅餟⯁׊勓䓜מ勓☭ךֵ׾׆כ ؅牞霼׌׾׆כך׌ն⪽✄溷מעقت٠٭غמ׻׾牞霼מם׽ױ׌նאסג״յ قت٠٭غע䓜☭׊־焒׼םַ׵סךֵ׾כַֹ⯼䳀כםיַױ׌նםֽյٗ٭ ا٭ס ID ע霼隍ךעםׂٗ٭ا٭؅餟⯁׌׾ג״ס׵סמם׽ױ׌ն 姌מ霼⺪כעյאסٗ٭ا٭ס㺲䙎מ䗎׋יؓؠجتך׀׾碃㎪؅牞霼׌׾׆ כך׌նגכֻף硄槏脢氺긖מע硄槏脢׊־ؓؠجتך׀םַյٗ٭ا٭氺긖מ עאסٗ٭ا٭׊־ؓؠجتך׀םַםלֿ霼⺪כם׽ױ׌ն勓詇ךע Role כ ַֹ㺲䙎ךאסٗ٭ا٭ؓؠجتך׀׾碃㎪؅⯜䕣׊יַױ׌ն ⪪䑑ً٭ة蝠靣ע姌מם׽ױ׌ն https://spring.io/projects/spring-security 1.2 Ꟛ涪橆㞮חאְג 勓詇ע⯼詇ր⪜ꪎ!㵅鴫!ئ٭ف٭ئؕغ Kotlinցמ䑛׀籽ַיַױ׌סךյא סوٞةؘؠع؅䑛׀类ַך闋鞃׊יַ׀ױ׌ն׵׊勓詇־׼鮫⪜׈׿ג㖪⻉ע 姌ס URL ׻׽⯼詇ס劄䔿ס枱䡢סوٞةؘؠع؅رؗ٤ٞ٭غ׊יׂד׈ַն https://github.com/fortegp05/server_side_kotlin_bbs_sample/ releases/tag/ssk1 ׵ה؀؆⯼詇؅ׇ鮫⪜꼾ַי 1 ־׼㢼״יַגדַי׵㝕┨㝜ך׌PR https://fortegp05.booth.pm/items/1560389 8
  7. 1.3 Spring Security דֶ䩛鯪钠鏾 םֽյ勓剹ךׇ箩♃׊יַ׾خ٭تؤ٭غס㴞䧯⿣ע姌ס Github َٛةعٛ מؓشوٞ٭غ座ײך׌ն https://github.com/fortegp05/server_side_kotlin_bbs_sample ױגյ⻎׋⫐㵼؅

    Java ך銨槁׊גخ٭تؤ٭غ׵ׇ氠䟨׊יֵ׽ױ׌ն׻־ז ג׼✶׎יׇ⯈氠ׂד׈ַն https://github.com/fortegp05/java_bbs_sample 1.2.1 غ٦آّٝ♧鋮㛁瘗儗 Windows • WindowsWindows 10 Version 1903OS Build 18362. 592 • IntelliJ IDEACommunity 2019.2.1 192.6262.58 • VS CodeVersion 1.38.0 MacOS • macOSmacOS Catalina 10.15.1 • IntelliJ IDEACommunity 2019.1.3 191.7479.19 • VS CodeVersion 1.41.1 Ⱏ鸐ך׮ך • Spring Boot 2.1.8 • Java12.0.2 1.3 Spring Security דֶ䩛鯪钠鏾 א׿ךע Spring Security ؅氠ַי祔ⷃמٗ٭ا٭霼隍؅׊יײױ׌ն䬚㲳䫕 ׄ׌׾׮ל祔ⷃמך׀ױ׌סךյ┞糿מ׷זיײױ׊׺ֹնױ׍ע spring-boot- starter-security ؅ build.gradle.kts מꃯⲎ׊ױ׌ն implementation("org.springframework.boot:spring-boot-starter-security") BootRun ׊יրhttp://localhost:8080ցמؓؠجت׊יײױ׌ն׌׾כյ姌 ס׻ֹם霼隍氺긖ֿ⮂ױ׌ն 9
  8. 1.3 Spring Security דֶ䩛鯪钠鏾 Ӛ㔳 1.1 钠鏾歗꬗ ׆סٗ٭ا٭ס Username ע

    userյقت٠٭غע姌ס䓺䑑ך鱍ⳛ免סٞءמ⮂ ױ׌ն Using generated security password: f6e32e29-ab80-4f5a-a22c-ce0b48b0eadb Ӛ㔳 1.2 钠鏾䞔㜠 ׆ס䝠㖥ךٞءؕ٤׌׾כ䲔獏卆氺긖ֿ銨獏׈׿ױ׌ն 10
  9. 1.4 㹋欽涸ז钠鏾ה׃ג盖椚罏歗꬗׾㹋鄲ׅ׷ 1.4 㹋欽涸ז钠鏾ה׃ג盖椚罏歗꬗׾㹋鄲ׅ׷ ׆׿ך Spring Security מ׻׾霼隍؅篑닫ך׀ױ׊גն׊־׊յ׆סױױךע ئ٭ف٭؅鱍ⳛ׌׾גצמ嬐㎇قت٠٭غֿ㜟؂זי׊ױַױ׌׊յַהַהٞ ء־׼قت٠٭غ؅䭠זי׆םׄ׿ףם׽ױ׎؆նٗ٭ا٭⻏׵

    user ㎷㴻ך׌ ׊յقت٠٭غעꩽ׌ׁי镊ֻ׼׿םַך׊׺ֹն׵זכ蔦⮔ך䪒ַ׷׌ַقت ٠٭غמ׊גַכ䘼זי׊ױַױ׌ն חױ׽ױזגׂ㵅氠溷ךעםַ؂ׄך׌նא׆ך Spring Security ס陭㴻؅㜟 剳׊י㵅氠溷ם♐篁ײמ׊יײױ׊׺ֹն霼隍סْؕ٭ةכ׊יע硄槏脢׊־ؓ ؠجتך׀םַ硄槏脢氺긖؅✑䧯׊յאסً٭ةמ㸐׌׾霼隍כ霼⺪؅陭㴻׊י ײױ׌ն Ӛ㔳 1.3 盖椚罏歗꬗ך؎ً٦آ 1.4.1 钠鏾䞔㜠ה׃ג⟣䠐ךِ٦ؠ٦せהػأٙ٦س׾鏣㹀ׅ׷ ױ׍ע霼隍䝠㖥כ׊י⚈䟨סٗ٭ا٭⻏כقت٠٭غס陭㴻؅鉿זיַ׀ױ׌ն ױ׍עր/src/main/kotlin/com/example/app/bbs/ցס┫מրconfigցכַֹ قشآ٭ة؅✑䧯׊յ偆锺نٜؒؕրBbsAdminWebSecurityConfig.ktց؅✑䧯 ׊ױ׌ն╚麃ע姌סכֽ׽ך׌նםֽյimport 倀ע筤긖סꌬ⻉ךꄫ╚ך侉鉿׊י ַױ׌ն㵅鍮免ע侉鉿׊םַ׻ֹ׊יׂד׈ַն Ӟٔأز 1.1 盖椚罏歗꬗钠鏾䞔㜠鏣㹀 11
  10. 1.4 㹋欽涸ז钠鏾ה׃ג盖椚罏歗꬗׾㹋鄲ׅ׷ 1: package com.example.app.bbs.config 2: 3: import org.springframework.beans.factory.annotation.Autowired 4:

    import org.springframework.context.annotation.Bean 5: import org.springframework.context.annotation.Configuration 6: import org.springframework.security.config.annotation.authentication. 7: builders.AuthenticationManagerBuilder 8: import org.springframework.security.config.annotation.web.configuration. 9: EnableWebSecurity 10: import org.springframework.security.config.annotation.web.configuration. 11: WebSecurityConfigurerAdapter 12: import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder 13: import org.springframework.security.crypto.password.PasswordEncoder 14: 15: 16: @Configuration 17: @EnableWebSecurity 18: class BbsAdminWebSecurityConfig : WebSecurityConfigurerAdapter() { 19: 20: @Autowired 21: lateinit var passwordEncoder: PasswordEncoder 22: 23: @Bean 24: fun passwordEncoder(): PasswordEncoder { 25: return BCryptPasswordEncoder() 26: } 27: 28: @Override 29: override fun configure(auth: AuthenticationManagerBuilder) { 30: 31: auth.inMemoryAuthentication() 32: .withUser("admin") 33: // 如כ鍑铡欽ח䎂俑ד鎸鯹׃גְ׷ךד㹋ꥷחװ׏גכتً 34: .password(passwordEncoder.encode("root")) 35: .authorities("ROLE_ADMIN") 36: } 37: } ׆׆ך偆׊ׂ溫㖪׊ג圸倀מחַי闋鞃׊יַ׀ױ׌ն 竰䪫הؙٓأせך֮הך䭍䓜 ♀㎇ע րBbsAdminWebSecurityConfig : WebSecurityConfigurerAdapter()ց כםזיַױ׌ֿյ׆ס类䪩⩧מחַיַ׾䭇䒁עؤ٤تعٚؠذ؅⽿צד׌յ כַֹ䭰㴻מם׽ױ׌նKotlin ךע Java כꇙזי僻獏溷מؤ٤تعٚؠذ؅㴻 聋׊י类䪩⩧סؤ٤تعٚؠذ؅⽿צ⮂׌׻ֹם剹׀偙؅׊םׂכ׵յ类䪩⩧ס 㵋阋免מؤ٤تعٚؠذ؅┞糿מ⽿צ⮂׌׆כֿ⺪茣כםזיַױ׌ն override 〣 ْخشغ㵋阋ס⯼מֵ׾րoverrideց⺝ע僻獏溷מ؛٭ف٭ٚؕغ׌׾׆כ؅ 㵋阋׊ױ׌նKotlin עظنؚٜعךْخشغס؛٭ف٭ٚؕغע珡婝׈׿יַױ ׌նאסג״յ؛٭ف٭ٚؕغ׊גַכ׀ע僻獏溷מא׿؅㵋阋׌׾䖩锡ֵֿ׽ ױ׌նאסג״ס餟⯁㲳ֿրoverrideց⺝מם׽ױ׌ն 12
  11. 1.4 㹋欽涸ז钠鏾ה׃ג盖椚罏歗꬗׾㹋鄲ׅ׷ םֽյ⻎׋׻ֹם⦍׀؅׌׾׵סך@Override כַֹؓؿط٭ب٘٤ֵֿ׽ױ ׌ֿյ׆ה׼ע Kotlin ס阋靣♐坎כע摾ꫀ➳םסךյ@Override דׄ♕ׄי׵ Kotlin סؤ٤قֿٜؕכֽ׽ױ׎؆նױג╋偙♕ׄ׾䟨⽱עםַסך

    override ⺝؅♕ׄג׼ؓؿط٭ب٘٤ע摾ׂי׻ַך׊׺ֹն PasswordEncoder PasswordEncoder עقت٠٭غ؅㴗⪢מ⭦槏׌׾ג״מـشبٖⵊ׌׾♐篁 ײכםזיַױ׌նبتطّך氠ַ׼׿׾قت٠٭غע䖩׍ـشبٖⵊ׌׾םל ׊יյبتطّ┪מ䌐倀ך⟛㲽׌׾׆כע婝״ױ׊׺ֹն┧ֿ┞ظ٭ذي٭ت䝠 㖥׷نٜؒؕյٞء䝠㖥םלֿ嵣⮂׊ג㖪⻉յقت٠٭غ׵嵣⮂׊י׊ױַױ׌ն א׊י׵嵣⮂׊י׊ױזגٗ٭ا٭ֿ⻎׋قت٠٭غ؅❈ַ㎇׊יַג׼յ♑ס بتطّ׵┮婞ؓؠجتס㸐骭כםזי׊ױַױ׌ն ـشبٖⵊ׊גقت٠٭غעյ⩧ס倀㲻⮬מ䨴׌׆כ䕮⩧ֿ긊䊬מ㝕㜟ך ׌նאסג״յ嵣⮂׊ג׆כֿ؂־׿ף䕮⩧׈׿׾ױֻמقت٠٭غ؅㜟ֻג׽յ ؓؠجتꈚ偂׌׾׆כֿך׀ױ׌նـشبٖⵊ׌׿ף㴞櫼כַֹ؂ׄךעֵ׽ױ ׎؆ֿյ◝ꓨ┩ꓨמ㸐瞬؅׌׾׆כך錺㵬؅㸯׈ׂ׌׾׆כֿך׀ױ׌ն ♀㎇עـشبٖⵊס♐篁ײמ BCryptPasswordEncoder ؅❈氠׊יַױ׌ֿյ ♑מ׵ַׂח־ֵ׽ױ׌ն׆׆ךע BCryptPasswordEncoder ךꪨמ⻉ֹג״ 闋鞃׊ױ׎؆ֿյ霄׊ׂע⪪䑑ס JavaDoc מ♑סؠٚتֿ▗זיַױ׌ն https://docs.spring.io/spring-security/site/docs/current/api/ org/springframework/security/crypto/password/PasswordEncoder. html םֽյ闋鞃氠מخ٭تמ䌐倀ך剹ַיַױ׌ֿյ ꆻ氠免׷ Github םלמخ٭ ت؅ push כ׀ע簮㸐׷זיעرْך׌ն㵅갾מ Github ־׼霼隍䝠㖥ֿ悁崻׌ ׾◜❛םלֿ㖥⼴׈׿יַױ׌նج؞ٖٛطؔס◜侚עـش؞٤ءםלמ׻׾㜽 ꌃ鱍㎋ס׵ס׻׽׵յ⫐ꌃ鱍㎋ס׵סֿ㝂ַכ㖥⼴׈׿יַױ׌*1 ն׆׿ע⫐ꌃ ┮婞ס׻ֹם䟨㎫溷ם鉿ⳛ׵⻻ײױ׌ֿյ䟨㎫׊יַםַِتםל׵⻻ײױ׌ն ج؞ٖٛطؔ㸐瞬ע✇׵םׄ׿ף眞ַ需ך׌ײױ׌ֿյ✇־ֵזי־׼ךעꆬַ ׵סמם׽ױ׌ն册嫘־׼둚ַ䟨餟؅䭥זיֽׂכַ׉כַֹכ׀מ浌ַ䘼ַ؅ ׊םׂי座׳⺪茣䙎ֿ둚ַך׌ն *1 䝠 㖥 ج ؞ ٖ ٛ ط ؔ ؕ ٤ ب ظ ٤ ع מ ꫀ ׌ ׾ 鞪 吉 㖥 ⼴ 剹 https://www.jnsa.org/result/incident/2018.html 13
  12. 1.4 㹋欽涸ז钠鏾ה׃ג盖椚罏歗꬗׾㹋鄲ׅ׷ [րبتطّ┪מقت٠٭غע䌐倀ך⟛㲽׌׾םցײגַם׆כעל׆ך 㳔׬׾?] ׆ס倀皹؅剹ַיַי沼ゼמ䘼זגסך׌ֿյ րبتطّ┪מقت٠٭غ ע䌐倀ך⟛㲽׌׾םցכַֹ׻ֹם׆כ؅ל׆ך㳔؆דסך׊׺ֹ־?瑭 ע阾䤾מעםַך׌ֿյ䚐׼ׂؾشع┪ךאַֹזג阾ꃍ؅锶גסדכ 䘼ַױ׌ն㸴םׂכ׵㸗ꪎ㳔吾ך׆ַֹזג⫐㵼؅㳔؆ד镊ֻעֵ׽ױ ׎؆ն┞䗎

    IPA מע㴗⪢םؘؗهئؕعס✑׽偙כַֹً٭ةֵֿ׽א ׆ךע㳔׬׾׻ֹך׌ն *2 ך׌ֿյ傽䊬溷מ IPA סئؕعם؆י锶םַך׌׊յ⚶獗ך׵锶ג镊ֻ עםַסך׆׆ך㳔שכַֹסעם־ם־곓׊ַך׌נն ♀ס䨾ע勓詇ס׻ֹם鞋־סؓؗعوشعמר׿׾յ蔦⮔ךؓؗعوشع ׊׻ֹכ׊י鞪׬יײ׾ֵג׽ֿ㳔׬׾⺪茣䙎כ׊יע둚אֹך׌ն䍴 ׊י䔵זיַיע✇׵䕑׼׿םַյכַֹ׆כםס־׵׊׿ױ׎؆ն inMemoryAuthentication ׆סْخشغע霼隍؅ْٓٛך鉿ֹ׆כ؅獏׊ױ׌նْٓٛך׌סךյئ٭ ف٭؅⢶婝׌׿ף巆ֻי׊ױַױ׌ն姌מ鱍ⳛ׊גכ׀מ霼隍䝠㖥؅⟛䭥׌׾ג ״מյwithUser ْخشغ׷ password ْخشغך霼隍䝠㖥؅陭㴻׊יַױ׌ն 闋鞃ֿꩽׂם׽ױ׊גֿյ䌐倀ך鼥׎י׊ױזיַ׾قت٠٭غ؅ـشبٖⵊ ׌׾׵סמ翝׀䳕ֻ׾✑噺׊ױ׌նⷃ筙ם需յ䌐倀סقت٠٭غךֵ׾րrootց ؅ـشبٖⵊ׊ג׵ס؅㵅鍮׌׿ףַַדׄםסךյ┞䍲㵅갾מـشبٖⵊ׊ג ׵ס؅ٞءמ⮂ⲇ׊יא׿؅⺅׽⮂׊י㵅鍮׊ױ׌ն 姌؅ րBbsAdminWebSecurityConfig.configureց מ阾鼥׊י BootRun ׊יׂ ד׈ַն val password: String = passwordEncoder.encode("root") System.out.println(password) ׌׾כٞءמـشبٖⵊ׈׿גقت٠٭غֿٞءמ銨獏׈׿׾סךյؤم٭׊ יقت٠٭غכ׊י䭰㴻׊ױ׊׺ֹն׆סכ׀յ䗆׿׍מ System.out.println ע ⯸ꯙ׊יֽ׀ױ׌ն Ӟٔأز 1.2 عحءُ⻉׃׋ػأٙ٦س׾䭷㹀ׅ׷ *2 IPA ס㴗⪢םؘؗهئؕعס✑׽偙 https://www.ipa.go.jp/security/vuln/websecurity.html 14
  13. 1.4 㹋欽涸ז钠鏾ה׃ג盖椚罏歗꬗׾㹋鄲ׅ׷ 1: // 㢌刿䖓 2: auth.inMemoryAuthentication() 3: .withUser("admin") 4:

    .password( 5: "\$2a\$10\$CPNJ.PlWH8k1aMhC6ytjIuwxYuLWKMXTP3H6h.LRnpumtccpvXEGy" 6: ) 7: .authorities("ROLE_ADMIN") 8: 9: // 如כ䘌׸׆ח⵴ꤐ׃גֶֻ 10: val password: String = passwordEncoder.encode("root") 11: System.out.println(password) BootRun ׊םֽ׊יյUsername ע adminյقت٠٭غע root ךٞءؕ٤ך ׀׿ף牞霼 OK ך׌ն׆׿ךٗ٭ا٭⻏כقت٠٭غ؅⚈䟨ס׵סמ翝׀䳕ֻ׾ ׆כֿך׀ױ׊גն [㴻劻溷מلٜغBootRun׊׻ֹն] ┞宜מ㝕ꓪמ㵅鍮׊י BootRun ׌׾כؙٚ٭ֿ鱍׀גכ׀ס⮗׽⮔ׄ ֿ긖⠱מם׽ױ׌նؙٚ٭ٞء؅ꃯַ־ׄחחյ㝕ꓪס㜟剳掾؅┞⠥׍ ח锶יַׂסע긖⠱ך׌׻נնא׊יյ긖⠱מם׾כٓزيֿ┫ֿזי ꅼ״ט׼ׂםזי׊ױַױ׌ն א׆ךյ䢍׿םַؤ٭غ؅剹ַיַׂכ׀ע㸴׊׍ח剹ַיעلٜغ׌׾ כتعٝت؅┫ׅחח⯼מꅼ؆ךַׄ׾כ䘼ַױ׌նגכֻף 1 ْخش غյ1 نٜؒؕ㵅鍮׊ג׼لٜغ׌׾ס׻ֹמյٛثّ؅✑זיַׂכ׷ ׽׷׌ַך׊׺ֹն 1.4.2 ر٦ةك٦أ׾欽ְגِ٦ؠ٦䞔㜠׾盖椚ׅ׷ ⚈䟨סٗ٭ا٭כقت٠٭غ؅׵ח硄槏脢ٗ٭ا٭؅✑䧯ך׀ױ׊גֿյ׵׊ 硄槏脢ٗ٭ا٭؅鏿俙㙟׷׊ג׽յ⻏⯼׷قت٠٭غ؅㜟ֻגׂםזגכ׀מַ הַהخ٭تؤ٭غ؅ַ׋׾סע┮➬ך׌׻נն硄槏脢ٗ٭ا٭םסךא؆םמ 㜟剳ֵֿ׾؂ׄךעםַך׊׺ֹֿյ㸝匡溷מ┞薭ٗ٭ا٭׵㵅鍮׌׾־׵׊׿ םַ׆כ؅脝ֻ׾כ┞薭ٗ٭ا٭כ⻎坎מظ٭ذي٭تס䝠㖥ך霼隍ך׀ג׮ֹ ֿ➬⯈אֹך׌ն כַֹ؂ׄךյ׈׀׮ל✑䧯׊ג硄槏脢ٗ٭ا٭ס霼隍䝠㖥؅ظ٭ذي٭تס 䝠㖥מ㜟剳׊יײױ׊׺ֹնױ׍ע Entity ؅✑䧯׊יַ׀ױ׌ն Ӟٔأز 1.3 User ך Entity ⡲䧭 15