절대적 발전

기본적으로 5개의 header writer 적용 XContentTypeOptionsHeaderWriter: MIME타입 스니핑 방어 X-Content-Type-Options: nosniff https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options XXssProtectionHeaderWriter: 브라우저에 내장된 XSS 필터 적용 X-XSS-Protection: 1; mode=block https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection CacheControlHeadersWriter: 캐시 히스토리 취약점 방어 Cache-Control:..

SecurityContextRepository를 사용하여 Repository 전략에 맞게 SecurityContext를 읽어오거나 초기화 기본 전략은 HttpSessionSecurityContextRepository - HttpSession을 사용한다 This filter MUST be executed BEFORE any authentication processing mechanisms. Authentication processing mechanisms (e.g. BASIC, CAS processing filters etc) expect the SecurityContextHolder to contain a valid SecurityContext by the time they execute. 기본적으로 인..