Skip to content

Commit

Permalink
[core] 회원 가입 요청 - 인증 생략 (#162)
Browse files Browse the repository at this point in the history 
* style: [core] SecurityConfig - 포맷팅 (#161)

* fix: [core] 회원 가입 요청 인증 생략하도록 경로 추가 (#161)
  • Loading branch information
@gdtknight
gdtknight authored Aug 9, 2023
1 parent 31093e6 commit 2222152
Showing 1 changed file with 90 additions and 75 deletions.
165 changes: 90 additions & 75 deletions core/src/main/java/com/example/core/config/_security/SecurityConfig.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,80 +25,95 @@
@Configuration
public class SecurityConfig {

@Bean
public Encryption encryption(Environment environment) {
return new AESEncryption(environment);
}

@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}

@Bean
public AuthenticationManager authenticationManager(AuthenticationConfiguration authenticationConfiguration) throws Exception {
return authenticationConfiguration.getAuthenticationManager();
}

@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http
.csrf().disable()

.headers().frameOptions().sameOrigin()

.and().cors().configurationSource(configurationSource())

.and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)

.and().formLogin().disable()

.httpBasic().disable()

.apply(new SecurityFilterManager())

.and().exceptionHandling().authenticationEntryPoint(
(request, response, authException) ->
FilterResponse.unAuthorized(response, new Exception401(ErrorMessage.UN_AUTHORIZED)))

.and().exceptionHandling().accessDeniedHandler(
(request, response, accessDeniedException) ->
FilterResponse.forbidden(response, new Exception403(ErrorMessage.FORBIDDEN)))

.and().authorizeRequests(
expressionInterceptUrlRegistry ->
expressionInterceptUrlRegistry
.antMatchers("/api/admin/user/signIn", "/api/user/signin", "/api/user/findPassword", "/api/user/emailCheck").permitAll()
.antMatchers("/api/admin/**").hasRole("ADMIN")
.antMatchers("/api/user/**").hasRole("USER")
.anyRequest().authenticated());

return http.build();
}

private CorsConfigurationSource configurationSource() {
CorsConfiguration configuration = new CorsConfiguration();
configuration.addAllowedHeader("*");
configuration.addAllowedMethod("*");
configuration.addAllowedOriginPattern("*");
configuration.setAllowCredentials(true);
configuration.addExposedHeader("Authorization");

UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**", configuration);

return source;
}

public static class SecurityFilterManager
extends AbstractHttpConfigurer<SecurityFilterManager, HttpSecurity> {

@Override
public void configure(HttpSecurity builder) throws Exception {
AuthenticationManager authenticationManager =
builder.getSharedObject(AuthenticationManager.class);
builder.addFilter(new JwtAuthenticationFilter(authenticationManager));
super.configure(builder);
}
@Bean
public Encryption encryption(Environment environment) {
return new AESEncryption(environment);
}

@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}

@Bean
public AuthenticationManager authenticationManager(
AuthenticationConfiguration authenticationConfiguration) throws Exception {
return authenticationConfiguration.getAuthenticationManager();
}

@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http.csrf()
.disable()
.headers()
.frameOptions()
.sameOrigin()
.and()
.cors()
.configurationSource(configurationSource())
.and()
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.formLogin()
.disable()
.httpBasic()
.disable()
.apply(new SecurityFilterManager())
.and()
.exceptionHandling()
.authenticationEntryPoint(
(request, response, authException) ->
FilterResponse.unAuthorized(response, new Exception401(ErrorMessage.UN_AUTHORIZED)))
.and()
.exceptionHandling()
.accessDeniedHandler(
(request, response, accessDeniedException) ->
FilterResponse.forbidden(response, new Exception403(ErrorMessage.FORBIDDEN)))
.and()
.authorizeRequests(
expressionInterceptUrlRegistry ->
expressionInterceptUrlRegistry
.antMatchers(
"/api/admin/user/signIn",
"/api/user/signin",
"/api/user/signup",
"/api/user/findPassword",
"/api/user/emailCheck")
.permitAll()
.antMatchers("/api/admin/**")
.hasRole("ADMIN")
.antMatchers("/api/user/**")
.hasRole("USER")
.anyRequest()
.authenticated());

return http.build();
}

private CorsConfigurationSource configurationSource() {
CorsConfiguration configuration = new CorsConfiguration();
configuration.addAllowedHeader("*");
configuration.addAllowedMethod("*");
configuration.addAllowedOriginPattern("*");
configuration.setAllowCredentials(true);
configuration.addExposedHeader("Authorization");

UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**", configuration);

return source;
}

public static class SecurityFilterManager
extends AbstractHttpConfigurer<SecurityFilterManager, HttpSecurity> {

@Override
public void configure(HttpSecurity builder) throws Exception {
AuthenticationManager authenticationManager =
builder.getSharedObject(AuthenticationManager.class);
builder.addFilter(new JwtAuthenticationFilter(authenticationManager));
super.configure(builder);
}
}
}

0 comments on commit 2222152

Please sign in to comment.