|
|
|
@ -1,5 +1,11 @@
|
|
|
|
|
package cokr.xit.base.boot;
|
|
|
|
|
|
|
|
|
|
import java.util.ArrayList;
|
|
|
|
|
import java.util.Collections;
|
|
|
|
|
import java.util.List;
|
|
|
|
|
import java.util.stream.Collectors;
|
|
|
|
|
import java.util.stream.Stream;
|
|
|
|
|
|
|
|
|
|
import javax.annotation.Resource;
|
|
|
|
|
|
|
|
|
|
import org.springframework.beans.factory.annotation.Autowired;
|
|
|
|
@ -24,6 +30,7 @@ import cokr.xit.base.security.authentication.web.AuthenticationExtraDetailsSourc
|
|
|
|
|
import cokr.xit.base.security.authentication.web.AuthenticationFailure;
|
|
|
|
|
import cokr.xit.base.security.authentication.web.AuthenticationSuccess;
|
|
|
|
|
import cokr.xit.base.security.authentication.web.LogoutSuccess;
|
|
|
|
|
import cokr.xit.foundation.AbstractComponent;
|
|
|
|
|
import cokr.xit.foundation.boot.StaticResourceConfig;
|
|
|
|
|
import cokr.xit.foundation.web.ExceptionController;
|
|
|
|
|
|
|
|
|
@ -32,7 +39,7 @@ import cokr.xit.foundation.web.ExceptionController;
|
|
|
|
|
*/
|
|
|
|
|
@Configuration
|
|
|
|
|
@EnableWebSecurity
|
|
|
|
|
public class SecurityConfig {
|
|
|
|
|
public class SecurityConfig extends AbstractComponent {
|
|
|
|
|
@Autowired
|
|
|
|
|
private ExceptionController exceptionController;
|
|
|
|
|
@Resource(name = "staticResource")
|
|
|
|
@ -55,13 +62,9 @@ public class SecurityConfig {
|
|
|
|
|
*/
|
|
|
|
|
@Bean
|
|
|
|
|
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
|
|
|
|
|
String[] permitAccess = getPermittedAccess(false);
|
|
|
|
|
http.authorizeHttpRequests(conf ->
|
|
|
|
|
conf.antMatchers(
|
|
|
|
|
"/login.do",
|
|
|
|
|
"/logout.do",
|
|
|
|
|
"/error/*.do",
|
|
|
|
|
"/api/**/*.do"
|
|
|
|
|
).permitAll()
|
|
|
|
|
conf.antMatchers(permitAccess).permitAll()
|
|
|
|
|
.antMatchers("/**/*.do").access(authorizationManager())
|
|
|
|
|
.anyRequest().authenticated()
|
|
|
|
|
)
|
|
|
|
@ -94,15 +97,39 @@ public class SecurityConfig {
|
|
|
|
|
return http.build();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
private String[] getPermittedAccess(boolean ignoringOnly) {
|
|
|
|
|
String str = properties.getString("permitAccess", "");
|
|
|
|
|
List<String> ignoring = !str.isEmpty() ? Stream.of(str.split(",")).map(String::trim).toList() : Collections.emptyList();
|
|
|
|
|
if (ignoringOnly) {
|
|
|
|
|
return ignoring.toArray(new String[ignoring.size()]);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
List<String> urls = Stream.of("/login.do", "/logout.do", "/error/*.do")
|
|
|
|
|
.collect(Collectors.toCollection(() -> new ArrayList<>()));
|
|
|
|
|
if (!ignoring.isEmpty())
|
|
|
|
|
ignoring.forEach(s -> {
|
|
|
|
|
s = s.trim();
|
|
|
|
|
if (!s.isEmpty())
|
|
|
|
|
urls.add(s);
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
return urls.toArray(new String[urls.size()]);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**WebSecurityCustomizer를 반환한다.<br />
|
|
|
|
|
* 모든 정적 파일에 대한 접근 url은 /resources/**로 한다.
|
|
|
|
|
* @return WebSecurityCustomizer
|
|
|
|
|
*/
|
|
|
|
|
@Bean
|
|
|
|
|
public WebSecurityCustomizer webSecurityCustomizer() {
|
|
|
|
|
return conf -> conf.ignoring()
|
|
|
|
|
.antMatchers("/api/**/*.do")
|
|
|
|
|
String[] urls = getPermittedAccess(true);
|
|
|
|
|
return conf -> {
|
|
|
|
|
conf.ignoring()
|
|
|
|
|
.antMatchers(staticResource.getURLs(null));
|
|
|
|
|
if (urls.length > 0)
|
|
|
|
|
conf.ignoring()
|
|
|
|
|
.antMatchers(urls);
|
|
|
|
|
};
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**AuthenticationSuccess(로그인 성공 핸들러)를 반환한다.
|
|
|
|
|