xit-boot
/
xit-base-starter
20
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 1 Wiki Activity

/api/**/*.do 모두 허용

Browse Source
master
mjkhan21 1 year ago
parent bbcfe599b4
commit 46c4614704
1 changed files with 22 additions and 5 deletions
Show Stats Download Patch File Download Diff File

27
src/main/java/cokr/xit/base/boot/SecurityConfig.java
Unescape Escape View File

@ -3,6 +3,7 @@ package cokr.xit.base.boot;
import javax.annotation.Resource;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.web.servlet.ServletListenerRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.ProviderManager;
@ -10,6 +11,8 @@ import org.springframework.security.authorization.AuthorizationManager;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
import org.springframework.security.core.session.SessionRegistry;
import org.springframework.security.core.session.SessionRegistryImpl;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.access.intercept.RequestAuthorizationContext;
import org.springframework.security.web.session.HttpSessionEventPublisher;
@ -36,8 +39,13 @@ public class SecurityConfig {
private StaticResourceConfig staticResource;
@Bean
public HttpSessionEventPublisher listener() {
return new HttpSessionEventPublisher();
public SessionRegistry sessionRegistry() {
return new SessionRegistryImpl();
}
@Bean
public ServletListenerRegistrationBean<HttpSessionEventPublisher> httpSessionListener() {
return new ServletListenerRegistrationBean<>(new HttpSessionEventPublisher());
}
/**SecurityFilterChain .
@ -48,7 +56,12 @@ public class SecurityConfig {
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
http.authorizeHttpRequests(conf ->
conf.antMatchers("/login.do", "/logout.do", "/error/*.do").permitAll()
conf.antMatchers(
"/login.do",
"/logout.do",
"/error/*.do",
"/api/**/*.do"
).permitAll()
.antMatchers("/**/*.do").access(authorizationManager())
.anyRequest().authenticated()
)
@ -68,7 +81,9 @@ public class SecurityConfig {
.sessionManagement(conf ->
conf.invalidSessionUrl("/error/invalidSession.do")
.sessionConcurrency(config ->
config.expiredUrl("/error/sessionExpired.do")
config
.expiredUrl("/error/sessionExpired.do")
.sessionRegistry(sessionRegistry())
)
)
.authenticationManager(authenticationManager())
@ -85,7 +100,9 @@ public class SecurityConfig {
*/
@Bean
public WebSecurityCustomizer webSecurityCustomizer() {
return conf -> conf.ignoring().antMatchers(staticResource.getURLs(null));
return conf -> conf.ignoring()
.antMatchers("/api/**/*.do")
.antMatchers(staticResource.getURLs(null));
}
/**AuthenticationSuccess( ) .

Write Preview
Loading…
Cancel
Save