grp_ai / matching_ai_withui

Blame view

src/main/java/daeucna/config/security/SecurityConfig.java 2.96 KB
Edit Raw Normal View History
2034b5b1   함상기   Init Version 2024... 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
 
  package daeucna.config.security;
  
  import org.springframework.context.annotation.Bean;
  import org.springframework.context.annotation.Configuration;
  import org.springframework.security.config.Customizer;
  import org.springframework.security.config.annotation.web.builders.HttpSecurity;
  import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
  import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
  import org.springframework.security.config.http.SessionCreationPolicy;
  import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
  import org.springframework.security.crypto.password.PasswordEncoder;
  import org.springframework.security.web.SecurityFilterChain;
  
  import daeucna.config.security.jwt.JwtAuthenticationEntryPoint;
  import daeucna.config.security.jwt.JwtTokenProvider;
  import lombok.RequiredArgsConstructor;
  
  @Configuration
  @EnableWebSecurity
  @RequiredArgsConstructor
  public class SecurityConfig {
  
      private final JwtTokenProvider tokenProvider;
      private final JwtAuthenticationEntryPoint jwtAuthenticationEntryPoint;
  
      // PasswordEncoder는 BCryptPasswordEncoder를 사용
      @Bean
      public PasswordEncoder passwordEncoder() {
          return new BCryptPasswordEncoder();
      }
      
      @Bean
      public SecurityFilterChain filterChain(HttpSecurity httpSecurity) throws Exception {
          httpSecurity
          		// token을 사용하는 방식이기 때문에 csrf를 disable합니다.
  		        .csrf(AbstractHttpConfigurer::disable)
  		        .securityMatcher("/api/**")
  		        .authorizeHttpRequests((authorizeHttpRequests) ->
  	 				authorizeHttpRequests
  			            .requestMatchers("/api/admin/**").hasRole("ADMIN")
  		                .requestMatchers("/api/authenticate").permitAll() // 로그인 api
  		                .requestMatchers("/api/refreshtoken").permitAll() // Refresh Token api
  		                .requestMatchers("/api/signup").permitAll() // 회원가입 api
  		                .requestMatchers("/api/exceptionDenied").permitAll() // Exception Denied		
  //		                .anyRequest().permitAll()
  		                .anyRequest().authenticated() // 그 외 인증 없이 접근X
  	 			)
  	 			.formLogin(Customizer.withDefaults())
  		        .headers((headers) ->
  					headers
  						.frameOptions(frameOptions -> frameOptions
  			                     .sameOrigin()
  			            )
  				)
  		        .exceptionHandling(exceptionHandling -> exceptionHandling
  		        		.authenticationEntryPoint(jwtAuthenticationEntryPoint)
  	 					.accessDeniedPage("/api/exceptionDenied")
  				)
                  // 세션을 사용하지 않기 때문에 STATELESS로 설정
  		        .sessionManagement((sessionManagement) ->
  					sessionManagement
  		                .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
  		        )
                  .apply(new JwtSecurityConfig(tokenProvider)); // JwtFilter를 addFilterBefore로 등록했던 JwtSecurityConfig class 적용
  
          return httpSecurity.build();
      }
  
  }