From 22221521ada4d2e8b4e3a01eb5f620224d5b4a58 Mon Sep 17 00:00:00 2001 From: YongHo Shin Date: Wed, 9 Aug 2023 21:16:59 +0900 Subject: [PATCH] =?UTF-8?q?[core]=20=ED=9A=8C=EC=9B=90=20=EA=B0=80?= =?UTF-8?q?=EC=9E=85=20=EC=9A=94=EC=B2=AD=20-=20=EC=9D=B8=EC=A6=9D=20?= =?UTF-8?q?=EC=83=9D=EB=9E=B5=20(#162)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * style: [core] SecurityConfig - 포맷팅 (#161) * fix: [core] 회원 가입 요청 인증 생략하도록 경로 추가 (#161) --- .../core/config/_security/SecurityConfig.java | 165 ++++++++++-------- 1 file changed, 90 insertions(+), 75 deletions(-) diff --git a/core/src/main/java/com/example/core/config/_security/SecurityConfig.java b/core/src/main/java/com/example/core/config/_security/SecurityConfig.java index e6c2492..1c9efa6 100644 --- a/core/src/main/java/com/example/core/config/_security/SecurityConfig.java +++ b/core/src/main/java/com/example/core/config/_security/SecurityConfig.java @@ -25,80 +25,95 @@ @Configuration public class SecurityConfig { - @Bean - public Encryption encryption(Environment environment) { - return new AESEncryption(environment); - } - - @Bean - public PasswordEncoder passwordEncoder() { - return new BCryptPasswordEncoder(); - } - - @Bean - public AuthenticationManager authenticationManager(AuthenticationConfiguration authenticationConfiguration) throws Exception { - return authenticationConfiguration.getAuthenticationManager(); - } - - @Bean - public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { - http - .csrf().disable() - - .headers().frameOptions().sameOrigin() - - .and().cors().configurationSource(configurationSource()) - - .and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS) - - .and().formLogin().disable() - - .httpBasic().disable() - - .apply(new SecurityFilterManager()) - - .and().exceptionHandling().authenticationEntryPoint( - (request, response, authException) -> - FilterResponse.unAuthorized(response, new Exception401(ErrorMessage.UN_AUTHORIZED))) - - .and().exceptionHandling().accessDeniedHandler( - (request, response, accessDeniedException) -> - FilterResponse.forbidden(response, new Exception403(ErrorMessage.FORBIDDEN))) - - .and().authorizeRequests( - expressionInterceptUrlRegistry -> - expressionInterceptUrlRegistry - .antMatchers("/api/admin/user/signIn", "/api/user/signin", "/api/user/findPassword", "/api/user/emailCheck").permitAll() - .antMatchers("/api/admin/**").hasRole("ADMIN") - .antMatchers("/api/user/**").hasRole("USER") - .anyRequest().authenticated()); - - return http.build(); - } - - private CorsConfigurationSource configurationSource() { - CorsConfiguration configuration = new CorsConfiguration(); - configuration.addAllowedHeader("*"); - configuration.addAllowedMethod("*"); - configuration.addAllowedOriginPattern("*"); - configuration.setAllowCredentials(true); - configuration.addExposedHeader("Authorization"); - - UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); - source.registerCorsConfiguration("/**", configuration); - - return source; - } - - public static class SecurityFilterManager - extends AbstractHttpConfigurer { - - @Override - public void configure(HttpSecurity builder) throws Exception { - AuthenticationManager authenticationManager = - builder.getSharedObject(AuthenticationManager.class); - builder.addFilter(new JwtAuthenticationFilter(authenticationManager)); - super.configure(builder); - } + @Bean + public Encryption encryption(Environment environment) { + return new AESEncryption(environment); + } + + @Bean + public PasswordEncoder passwordEncoder() { + return new BCryptPasswordEncoder(); + } + + @Bean + public AuthenticationManager authenticationManager( + AuthenticationConfiguration authenticationConfiguration) throws Exception { + return authenticationConfiguration.getAuthenticationManager(); + } + + @Bean + public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { + http.csrf() + .disable() + .headers() + .frameOptions() + .sameOrigin() + .and() + .cors() + .configurationSource(configurationSource()) + .and() + .sessionManagement() + .sessionCreationPolicy(SessionCreationPolicy.STATELESS) + .and() + .formLogin() + .disable() + .httpBasic() + .disable() + .apply(new SecurityFilterManager()) + .and() + .exceptionHandling() + .authenticationEntryPoint( + (request, response, authException) -> + FilterResponse.unAuthorized(response, new Exception401(ErrorMessage.UN_AUTHORIZED))) + .and() + .exceptionHandling() + .accessDeniedHandler( + (request, response, accessDeniedException) -> + FilterResponse.forbidden(response, new Exception403(ErrorMessage.FORBIDDEN))) + .and() + .authorizeRequests( + expressionInterceptUrlRegistry -> + expressionInterceptUrlRegistry + .antMatchers( + "/api/admin/user/signIn", + "/api/user/signin", + "/api/user/signup", + "/api/user/findPassword", + "/api/user/emailCheck") + .permitAll() + .antMatchers("/api/admin/**") + .hasRole("ADMIN") + .antMatchers("/api/user/**") + .hasRole("USER") + .anyRequest() + .authenticated()); + + return http.build(); + } + + private CorsConfigurationSource configurationSource() { + CorsConfiguration configuration = new CorsConfiguration(); + configuration.addAllowedHeader("*"); + configuration.addAllowedMethod("*"); + configuration.addAllowedOriginPattern("*"); + configuration.setAllowCredentials(true); + configuration.addExposedHeader("Authorization"); + + UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); + source.registerCorsConfiguration("/**", configuration); + + return source; + } + + public static class SecurityFilterManager + extends AbstractHttpConfigurer { + + @Override + public void configure(HttpSecurity builder) throws Exception { + AuthenticationManager authenticationManager = + builder.getSharedObject(AuthenticationManager.class); + builder.addFilter(new JwtAuthenticationFilter(authenticationManager)); + super.configure(builder); } + } }