|
|
@ -19,8 +19,10 @@ import org.springframework.http.HttpMethod;
|
|
|
|
import org.springframework.security.authentication.AuthenticationManager;
|
|
|
|
import org.springframework.security.authentication.AuthenticationManager;
|
|
|
|
import org.springframework.security.config.BeanIds;
|
|
|
|
import org.springframework.security.config.BeanIds;
|
|
|
|
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
|
|
|
|
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
|
|
|
|
|
|
|
|
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
|
|
|
|
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
|
|
|
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
|
|
|
import org.springframework.security.config.annotation.web.builders.WebSecurity;
|
|
|
|
import org.springframework.security.config.annotation.web.builders.WebSecurity;
|
|
|
|
|
|
|
|
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
|
|
|
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
|
|
|
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
|
|
|
import org.springframework.security.config.http.SessionCreationPolicy;
|
|
|
|
import org.springframework.security.config.http.SessionCreationPolicy;
|
|
|
|
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
|
|
|
|
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
|
|
|
@ -66,6 +68,12 @@ import java.util.Arrays;
|
|
|
|
* </pre>
|
|
|
|
* </pre>
|
|
|
|
*/
|
|
|
|
*/
|
|
|
|
@Configuration
|
|
|
|
@Configuration
|
|
|
|
|
|
|
|
@EnableWebSecurity
|
|
|
|
|
|
|
|
@EnableGlobalMethodSecurity(
|
|
|
|
|
|
|
|
securedEnabled = true,
|
|
|
|
|
|
|
|
jsr250Enabled = true,
|
|
|
|
|
|
|
|
prePostEnabled = true
|
|
|
|
|
|
|
|
)
|
|
|
|
@RequiredArgsConstructor
|
|
|
|
@RequiredArgsConstructor
|
|
|
|
public class SecurityConfig extends WebSecurityConfigurerAdapter {
|
|
|
|
public class SecurityConfig extends WebSecurityConfigurerAdapter {
|
|
|
|
|
|
|
|
|
|
|
@ -152,28 +160,43 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
|
|
|
|
@Override
|
|
|
|
@Override
|
|
|
|
protected void configure(HttpSecurity http) throws Exception {
|
|
|
|
protected void configure(HttpSecurity http) throws Exception {
|
|
|
|
http
|
|
|
|
http
|
|
|
|
// Rest API이므로 기본설정 안함 - 기본 설정은 비인증시 로그인 폼으로 direct
|
|
|
|
.cors()
|
|
|
|
.httpBasic().disable()
|
|
|
|
.and()
|
|
|
|
// Rest API 이므로 csrf 보안 불필요
|
|
|
|
// jwt token 인증 - 세션은 필요 없어 생성 안함
|
|
|
|
.csrf().disable()
|
|
|
|
.sessionManagement()
|
|
|
|
// jwt token 인증 - 세션은 필요 없어 생성 안함
|
|
|
|
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
|
|
|
|
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
.and()
|
|
|
|
.and()
|
|
|
|
.cors()
|
|
|
|
// Rest API 이므로 csrf 보안 불필요
|
|
|
|
|
|
|
|
.csrf()
|
|
|
|
|
|
|
|
.disable()
|
|
|
|
|
|
|
|
.formLogin()
|
|
|
|
|
|
|
|
.disable()
|
|
|
|
|
|
|
|
// Rest API이므로 기본설정 안함 - 기본 설정은 비인증시 로그인 폼으로 direct
|
|
|
|
|
|
|
|
.httpBasic()
|
|
|
|
|
|
|
|
.disable()
|
|
|
|
|
|
|
|
.exceptionHandling()
|
|
|
|
|
|
|
|
.authenticationEntryPoint(new RestAuthenticationEntryPoint())
|
|
|
|
|
|
|
|
.accessDeniedHandler(tokenAccessDeniedHandler)
|
|
|
|
.and()
|
|
|
|
.and()
|
|
|
|
.authorizeRequests()
|
|
|
|
.authorizeRequests()
|
|
|
|
// GET, POST 요청시 : OPTIONS preflight 요청 - 실제 서버가 살아있는지를 사전에 확인하는 요청
|
|
|
|
// GET, POST 요청시 : OPTIONS preflight 요청 - 실제 서버가 살아있는지를 사전에 확인하는 요청
|
|
|
|
// Spring에서 OPTIONS에 대한 요청을 막고 있어 OPTIONS 요청이 왔을 때도 오류를 리턴하지 않도록 설정
|
|
|
|
// Spring에서 OPTIONS에 대한 요청을 막고 있어 OPTIONS 요청이 왔을 때도 오류를 리턴하지 않도록 설정
|
|
|
|
.requestMatchers(CorsUtils::isPreFlightRequest).permitAll()
|
|
|
|
.requestMatchers(CorsUtils::isPreFlightRequest).permitAll()
|
|
|
|
.antMatchers("/**/signup", "/**/login", "/**/swagger-ui.html").permitAll()
|
|
|
|
.antMatchers(
|
|
|
|
.antMatchers(HttpMethod.GET, "/**/users/**").permitAll()
|
|
|
|
"/",
|
|
|
|
.anyRequest().permitAll() //.hasRole(RoleType.USER.getCode())
|
|
|
|
"/favicon.ico",
|
|
|
|
|
|
|
|
"/**/*.png",
|
|
|
|
|
|
|
|
"/**/*.gif",
|
|
|
|
|
|
|
|
"/**/*.svg",
|
|
|
|
|
|
|
|
"/**/*.jpg",
|
|
|
|
|
|
|
|
"/**/*.html",
|
|
|
|
|
|
|
|
"/**/*.css",
|
|
|
|
|
|
|
|
"/**/*.js").permitAll()
|
|
|
|
|
|
|
|
.antMatchers("/auth/**", "/oauth2/**", "/**/users/**").permitAll()
|
|
|
|
|
|
|
|
.anyRequest().authenticated()
|
|
|
|
.and()
|
|
|
|
.and()
|
|
|
|
.exceptionHandling()
|
|
|
|
//.anyRequest().permitAll() //.hasRole(RoleType.USER.getCode())
|
|
|
|
.authenticationEntryPoint(new RestAuthenticationEntryPoint())
|
|
|
|
|
|
|
|
.accessDeniedHandler(tokenAccessDeniedHandler)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
// .and()
|
|
|
|
// .and()
|
|
|
|
// .logout()
|
|
|
|
// .logout()
|
|
|
@ -182,27 +205,21 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
|
|
|
|
// .invalidateHttpSession(true)
|
|
|
|
// .invalidateHttpSession(true)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
.and()
|
|
|
|
|
|
|
|
.oauth2Login()
|
|
|
|
.oauth2Login()
|
|
|
|
.authorizationEndpoint()
|
|
|
|
.authorizationEndpoint()
|
|
|
|
.baseUri("/oauth2/authorization")
|
|
|
|
.baseUri("/oauth2/authorization")
|
|
|
|
.authorizationRequestRepository(oAuth2AuthorizationRequestBasedOnCookieRepository())
|
|
|
|
.authorizationRequestRepository(oAuth2AuthorizationRequestBasedOnCookieRepository())
|
|
|
|
|
|
|
|
|
|
|
|
.and()
|
|
|
|
.and()
|
|
|
|
.userInfoEndpoint()
|
|
|
|
.userInfoEndpoint()
|
|
|
|
.userService(customOAuth2UserService)
|
|
|
|
.userService(customOAuth2UserService)
|
|
|
|
|
|
|
|
.and()
|
|
|
|
.and()
|
|
|
|
|
|
|
|
.redirectionEndpoint()
|
|
|
|
|
|
|
|
.baseUri("/*/oauth2/code/*")
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
.and()
|
|
|
|
|
|
|
|
.successHandler(oAuth2AuthenticationSuccessHandler())
|
|
|
|
.successHandler(oAuth2AuthenticationSuccessHandler())
|
|
|
|
.failureHandler(oAuth2AuthenticationFailureHandler())
|
|
|
|
.failureHandler(oAuth2AuthenticationFailureHandler())
|
|
|
|
|
|
|
|
|
|
|
|
.and()
|
|
|
|
.and()
|
|
|
|
// jwt token filter를 id / password 인증 필터 전에 넣는다
|
|
|
|
// jwt token filter를 id / password 인증 필터 전에 넣는다
|
|
|
|
.addFilterBefore(tokenAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class);
|
|
|
|
.addFilterBefore(tokenAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class);
|
|
|
|
|
|
|
|
|
|
|
|
http.headers().frameOptions().disable();
|
|
|
|
http.headers().frameOptions().disable();
|
|
|
|
}
|
|
|
|
}
|
|
|
|