From cb904e14ba3de31d83079dd5037a16820cb1113b Mon Sep 17 00:00:00 2001 From: mjkhan21 Date: Fri, 30 Jun 2023 17:34:33 +0900 Subject: [PATCH] =?UTF-8?q?=EC=99=B8=EB=B6=80=20static=20resource=20?= =?UTF-8?q?=EC=84=9C=EB=B9=84=EC=8A=A4=20=EC=B6=94=EA=B0=80?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../java/cokr/xit/base/boot/SecurityConfig.java | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/src/main/java/cokr/xit/base/boot/SecurityConfig.java b/src/main/java/cokr/xit/base/boot/SecurityConfig.java index ed5d5d4..119a1b0 100644 --- a/src/main/java/cokr/xit/base/boot/SecurityConfig.java +++ b/src/main/java/cokr/xit/base/boot/SecurityConfig.java @@ -1,5 +1,7 @@ package cokr.xit.base.boot; +import javax.annotation.Resource; + import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; @@ -18,6 +20,7 @@ import cokr.xit.base.security.authentication.web.AuthenticationExtraDetailsSourc import cokr.xit.base.security.authentication.web.AuthenticationFailure; import cokr.xit.base.security.authentication.web.AuthenticationSuccess; import cokr.xit.base.security.authentication.web.LogoutSuccess; +import cokr.xit.foundation.boot.StaticResourceConfig; import cokr.xit.foundation.web.ExceptionController; /**spring security 관련 설정 클래스 @@ -26,6 +29,11 @@ import cokr.xit.foundation.web.ExceptionController; @Configuration @EnableWebSecurity public class SecurityConfig { + @Autowired + private ExceptionController exceptionController; + @Resource(name = "staticResource") + private StaticResourceConfig staticResource; + /**SecurityFilterChain을 반환한다. * @param http http-security 설정 * @return SecurityFilterChain @@ -34,7 +42,7 @@ public class SecurityConfig { @Bean public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { http.authorizeHttpRequests(conf -> - conf.antMatchers("/resources/**", "/files/**", "/login.do", "/logout.do", "/error/*.do").permitAll() + conf.antMatchers("/login.do", "/logout.do", "/error/*.do").permitAll() .antMatchers("/**/*.do").access(authorizationManager()) .anyRequest().authenticated() ) @@ -65,16 +73,13 @@ public class SecurityConfig { return http.build(); } - @Autowired - private ExceptionController exceptionController; - /**WebSecurityCustomizer를 반환한다.
* 모든 정적 파일에 대한 접근 url은 /resources/**로 한다. * @return WebSecurityCustomizer */ @Bean public WebSecurityCustomizer webSecurityCustomizer() { - return conf -> conf.ignoring().antMatchers("/resources/**"); + return conf -> conf.ignoring().antMatchers(staticResource.getURLs(null)); } /**AuthenticationSuccess(로그인 성공 핸들러)를 반환한다.