Spring Security 변경

This commit is contained in:
현성필
2024-04-25 10:48:33 +09:00
parent 7d97628d38
commit 01e6b34cdd
8 changed files with 92 additions and 77 deletions
@@ -6,15 +6,19 @@ import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.csrf.CookieCsrfTokenRepository;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
@Configuration
@EnableWebSecurity
public class PortalConfigSecurity extends WebSecurityConfigurerAdapter {
@EnableGlobalMethodSecurity(securedEnabled = true)
public class PortalConfigSecurity {
private final PortalAuthenticationFailureHandler authenticationFailureHandler;
@@ -41,34 +45,49 @@ public class PortalConfigSecurity extends WebSecurityConfigurerAdapter {
return registrationBean;
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.headers().frameOptions().disable();//spring security 와 h2-console 같이 사용.
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http
.formLogin()
.authenticationManager(portalAuthenticationManager)
// .authorizeRequests(authorizeRequests -> authorizeRequests.antMatchers("/h2-console/",
// "/css/",
// "/html/",
// "/images/",
// "/img/",
// "/js/",
// "/login",
// "/intro.do",
// "/join.do",
// "/actionLogin.do",
// "/search_id.do",
// "/admin_register_view.do",
// "/admin_register.do",
// "/reset_password.do",
// "/forgot_password.do")
// .permitAll()
// .anyRequest()
// .authenticated())
.formLogin(form -> form
.loginPage("/login")
.usernameParameter("id")
.passwordParameter("password")
.loginProcessingUrl("/actionLogin.do")
.successHandler(authenticationSuccessHandler)
.failureHandler(authenticationFailureHandler)
.and()
.logout().logoutUrl("/actionLogout.do").logoutSuccessUrl("/")
.and().authorizeRequests() // 권한요청 처리 설정 메서드
.antMatchers("/h2-console/**").permitAll() // 누구나 h2-console 접속 허용
.and()
.csrf()
.requireCsrfProtectionMatcher(new AntPathRequestMatcher("/mgmt/**", "POST"))
.csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse());
.successHandler(authenticationSuccessHandler))
.logout(logout -> logout
.logoutRequestMatcher(new AntPathRequestMatcher("/actionLogout.do", "GET"))
.logoutSuccessUrl("/"))
.csrf(csrf -> csrf
.csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
.ignoringAntMatchers("/h2-console/**")
).headers(headers -> headers.frameOptions().sameOrigin())
.sessionManagement(session -> session
.sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
.sessionFixation()
.changeSessionId()
);
return http.build();
}
@Override
@Bean
public PortalAuthenticationManager authenticationManager() {
return portalAuthenticationManager;
}
}