package com.daeucna.board.config; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Configuration; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import com.daeucna.board.security.CustomAuthenticationFailureHandler; import com.daeucna.board.security.CustomAuthenticationProvider; import com.daeucna.board.security.CustomAuthenticationSuccessHandler; @Configuration @EnableWebSecurity public class SecurityConfig extends WebSecurityConfigurerAdapter { @Autowired private CustomAuthenticationSuccessHandler customAuthenticationSuccessHandler; @Autowired private CustomAuthenticationFailureHandler customAuthenticationFailureHandler; @Autowired private CustomAuthenticationProvider customAuthenticationProvider; @Override protected void configure(HttpSecurity http) throws Exception { http .csrf().disable() ; http .authorizeRequests() .antMatchers("/board/**").hasAnyRole("USER") .anyRequest().permitAll() ; http .formLogin() .loginPage("/login") .loginProcessingUrl("/login_proc") //("로그인 처리 경로") -> 로그인 form 의 action과 일치시켜주어야 한다 즉 스프링시큐어리티가 가로챌 url이다 .usernameParameter("loginId") .passwordParameter("password") .successHandler(customAuthenticationSuccessHandler) .failureHandler(customAuthenticationFailureHandler) .and() .logout() .logoutUrl("/logout") .logoutSuccessUrl("/") ; http .sessionManagement() .maximumSessions(1) .maxSessionsPreventsLogin(true) ; } @Override protected void configure(AuthenticationManagerBuilder auth) throws Exception { auth.authenticationProvider(customAuthenticationProvider); } }