비어 있는 spring boot 프로젝트를 생성하고 나서 dependency 에 spring boot security 만 추가해도 DefaultSecurityFilterChain 이 추가된다.
[pom.xml] 내용
<?xml version=”1.0″ encoding=”UTF-8″?><project xmlns=”http://maven.apache.org/POM/4.0.0″ xmlns:xsi=”http://www.w3.org/2001/XMLSchema-instance”xsi:schemaLocation=”http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd”><modelVersion>4.0.0</modelVersion><parent><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-parent</artifactId><version>2.1.5.RELEASE</version><relativePath/> <!– lookup parent from repository –></parent><groupId>com.example</groupId><artifactId>demo</artifactId><version>0.0.1-SNAPSHOT</version><name>demo</name><description>Demo project for Spring Boot</description><properties><java.version>1.8</java.version></properties><dependencies><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-security</artifactId></dependency><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-thymeleaf</artifactId></dependency><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-web</artifactId></dependency><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-test</artifactId><scope>test</scope></dependency><dependency><groupId>org.springframework.security</groupId><artifactId>spring-security-test</artifactId><scope>test</scope></dependency></dependencies><build><plugins><plugin><groupId>org.springframework.boot</groupId><artifactId>spring-boot-maven-plugin</artifactId></plugin></plugins></build></project>
아래는 아무 설정도 안하고 기본으로 생성한 spring boot 프로젝트에 security 를 dependency 를 추가하고 실행했을 때 나오는 로그이다.
2019-05-23 23:14:48.099 INFO 6640 — [ main] o.s.s.web.DefaultSecurityFilterChain : Creating filter chain: any request, [org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@77bd7fe7, org.springframework.security.web.context.SecurityContextPersistenceFilter@153f66e7, org.springframework.security.web.header.HeaderWriterFilter@f2e4acf, org.springframework.security.web.csrf.CsrfFilter@529cfee5, org.springframework.security.web.authentication.logout.LogoutFilter@4e4c3a38, org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter@173373b4, org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter@27fde870, org.springframework.security.web.authentication.ui.DefaultLogoutPageGeneratingFilter@35d3ab60, org.springframework.security.web.authentication.www.BasicAuthenticationFilter@16a9a4f1, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@6f667ad1, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@4a7761b1, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@10876a6, org.springframework.security.web.session.SessionManagementFilter@5eb97ced, org.springframework.security.web.access.ExceptionTranslationFilter@226b143b, org.springframework.security.web.access.intercept.FilterSecurityInterceptor@61f3fbb8]
WebSecurityConfigurerAdapter 를 상속한 Bean 을 생성해줘야 security 가 적용되는 것으로 설명되어 있는 곳도 있었지만, 내 경우에는 아무것도 하지 않았음에도 security 필터가 자동으로 추가되어 실행되었다.