외부 static resource 서비스 추가

1 year ago · cb904e14ba
parent 8210977f0d
commit cb904e14ba
1 changed files with 10 additions and 5 deletions
--- a/src/main/java/cokr/xit/base/boot/SecurityConfig.java
+++ b/src/main/java/cokr/xit/base/boot/SecurityConfig.java
@ -1,5 +1,7 @@
 package cokr.xit.base.boot;

+import javax.annotation.Resource;
+
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
@ -18,6 +20,7 @@ import cokr.xit.base.security.authentication.web.AuthenticationExtraDetailsSourc
 import cokr.xit.base.security.authentication.web.AuthenticationFailure;
 import cokr.xit.base.security.authentication.web.AuthenticationSuccess;
 import cokr.xit.base.security.authentication.web.LogoutSuccess;
+import cokr.xit.foundation.boot.StaticResourceConfig;
 import cokr.xit.foundation.web.ExceptionController;

 /**spring security 관련 설정 클래스
@ -26,6 +29,11 @@ import cokr.xit.foundation.web.ExceptionController;
@Configuration
@EnableWebSecurity
 public class SecurityConfig {
+	@Autowired
+	private ExceptionController exceptionController;
+	@Resource(name = "staticResource")
+	private StaticResourceConfig staticResource;
+
 	/**SecurityFilterChain을 반환한다.
 	 * @param http http-security 설정
 	 * @return SecurityFilterChain
@ -34,7 +42,7 @@ public class SecurityConfig {
 	@Bean
 	public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
 		http.authorizeHttpRequests(conf ->
-				conf.antMatchers("/resources/**", "/files/**", "/login.do", "/logout.do", "/error/*.do").permitAll()
+				conf.antMatchers("/login.do", "/logout.do", "/error/*.do").permitAll()
 					.antMatchers("/**/*.do").access(authorizationManager())
 					.anyRequest().authenticated()
 			)
@ -65,16 +73,13 @@ public class SecurityConfig {
 		return http.build();
 	}

-	@Autowired
-	private ExceptionController exceptionController;
-
 	/**WebSecurityCustomizer를 반환한다.<br />
 	 * 모든 정적 파일에 대한 접근 url은 /resources/**로 한다.
 	 * @return WebSecurityCustomizer
 	 */
 	@Bean
 	public WebSecurityCustomizer webSecurityCustomizer() {
-		return conf -> conf.ignoring().antMatchers("/resources/**");
+		return conf -> conf.ignoring().antMatchers(staticResource.getURLs(null));
 	}

 	/**AuthenticationSuccess(로그인 성공 핸들러)를 반환한다.