From 852e55ac24fd04877fd0381c0087d4c2340694b3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=ED=98=84=EC=84=B1=ED=95=84?= Date: Thu, 25 Apr 2024 11:01:26 +0900 Subject: [PATCH] =?UTF-8?q?Interceptor=20=EC=A0=9C=EA=B1=B0?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../interceptor/AuthenticInterceptor.java | 75 ------------------- .../config/PortalConfigSecurity.java | 19 ----- 2 files changed, 94 deletions(-) delete mode 100644 src/main/java/com/eactive/testmaster/common/interceptor/AuthenticInterceptor.java diff --git a/src/main/java/com/eactive/testmaster/common/interceptor/AuthenticInterceptor.java b/src/main/java/com/eactive/testmaster/common/interceptor/AuthenticInterceptor.java deleted file mode 100644 index 2c4bdff..0000000 --- a/src/main/java/com/eactive/testmaster/common/interceptor/AuthenticInterceptor.java +++ /dev/null @@ -1,75 +0,0 @@ -package com.eactive.testmaster.common.interceptor; - - -import com.eactive.testmaster.common.exception.UserNotLoginException; -import com.eactive.testmaster.common.util.SecurityUtil; -import com.eactive.testmaster.user.entity.AnonymousUser; -import com.eactive.testmaster.user.entity.User; -import org.springframework.util.AntPathMatcher; -import org.springframework.web.servlet.AsyncHandlerInterceptor; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import java.util.List; - -/** - * 인증여부 체크 인터셉터 - * - * @author - * @version 1.0 - */ - - -public class AuthenticInterceptor implements AsyncHandlerInterceptor { - - /** - * 관리자 접근 권한 패턴 목록 - */ - private List adminAuthPatternList; - - private static AntPathMatcher pathMatcher = new AntPathMatcher(); - - public List getAdminAuthPatternList() { - return adminAuthPatternList; - } - - public void setAdminAuthPatternList(List adminAuthPatternList) { - this.adminAuthPatternList = adminAuthPatternList; - } - - /** - * 인증된 사용자 여부로 인증 여부를 체크한다. - * 관리자 권한에 따라 접근 페이지 권한을 체크한다. - */ - @Override - public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { - //인증된사용자 여부 - User currentUser = SecurityUtil.getCurrentUser(); - - if (currentUser == null || currentUser instanceof AnonymousUser) { - throw new UserNotLoginException(); - } - - boolean found = findPattern(request.getRequestURI()); - - if (found) { - if (currentUser.getUserSecurity() != null && "ROLE_ADMIN".equals(currentUser.getUserSecurity())) { - return true; - } else { - throw new UserNotLoginException(); - } - } - return true; - - } - - boolean findPattern(String path) { - for (String pattern : adminAuthPatternList) { - if (pathMatcher.match(pattern, path)) { - return true; - } - } - return false; - } - -} diff --git a/src/main/java/com/eactive/testmaster/config/PortalConfigSecurity.java b/src/main/java/com/eactive/testmaster/config/PortalConfigSecurity.java index ac88e74..9af6c51 100644 --- a/src/main/java/com/eactive/testmaster/config/PortalConfigSecurity.java +++ b/src/main/java/com/eactive/testmaster/config/PortalConfigSecurity.java @@ -9,7 +9,6 @@ import org.springframework.context.annotation.Configuration; import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; -import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.config.http.SessionCreationPolicy; import org.springframework.security.web.SecurityFilterChain; import org.springframework.security.web.csrf.CookieCsrfTokenRepository; @@ -49,24 +48,6 @@ public class PortalConfigSecurity { public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { http .authenticationManager(portalAuthenticationManager) -// .authorizeRequests(authorizeRequests -> authorizeRequests.antMatchers("/h2-console/", -// "/css/", -// "/html/", -// "/images/", -// "/img/", -// "/js/", -// "/login", -// "/intro.do", -// "/join.do", -// "/actionLogin.do", -// "/search_id.do", -// "/admin_register_view.do", -// "/admin_register.do", -// "/reset_password.do", -// "/forgot_password.do") -// .permitAll() -// .anyRequest() -// .authenticated()) .formLogin(form -> form .loginPage("/login") .usernameParameter("id")