grp_cna / SpringBootBoard

SecurityConfig.java 2.21 KB
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 
package com.daeucna.board.config;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

import com.daeucna.board.security.CustomAuthenticationFailureHandler;
import com.daeucna.board.security.CustomAuthenticationProvider;
import com.daeucna.board.security.CustomAuthenticationSuccessHandler;

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

  @Autowired
  private CustomAuthenticationSuccessHandler customAuthenticationSuccessHandler;
  @Autowired
  private CustomAuthenticationFailureHandler customAuthenticationFailureHandler;
  @Autowired
  private CustomAuthenticationProvider customAuthenticationProvider;

  @Override
  protected void configure(HttpSecurity http) throws Exception {
    http
      .csrf().disable()
      ;

    http
      .authorizeRequests()
        .antMatchers("/board/**").hasAnyRole("USER")
        .anyRequest().permitAll() 
            ;

    http
      .formLogin()
        .loginPage("/login") 
        .loginProcessingUrl("/login_proc") //("로그인 처리 경로") -> 로그인 form 의 action과 일치시켜주어야 한다 즉 스프링시큐어리티가 가로챌 url이다
        .usernameParameter("loginId")	  
        .passwordParameter("password")    
        .successHandler(customAuthenticationSuccessHandler)
        .failureHandler(customAuthenticationFailureHandler)
      .and()
      .logout()
      	.logoutUrl("/logout")
      	.logoutSuccessUrl("/")
      ;

    http
      .sessionManagement()
        .maximumSessions(1)
        .maxSessionsPreventsLogin(true) 
      ;
  }

  @Override
  protected void configure(AuthenticationManagerBuilder auth) throws Exception {
    auth.authenticationProvider(customAuthenticationProvider);
  }

}