test master 변경

This commit is contained in:
현성필
2024-01-23 11:24:09 +09:00
parent 75a695897d
commit 91e902af25
121 changed files with 329 additions and 338 deletions
@@ -0,0 +1,74 @@
package com.eactive.testmaster.config;
import com.navercorp.lucy.security.xss.servletfilter.XssEscapeServletFilter;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.csrf.CookieCsrfTokenRepository;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
@Configuration
@EnableWebSecurity
public class PortalConfigSecurity extends WebSecurityConfigurerAdapter {
private final PortalAuthenticationFailureHandler authenticationFailureHandler;
private final PortalAuthenticationSuccessHandler authenticationSuccessHandler;
private final PortalAuthenticationManager portalAuthenticationManager;
@Autowired
public PortalConfigSecurity(PortalAuthenticationFailureHandler authenticationFailureHandler,
PortalAuthenticationSuccessHandler authenticationSuccessHandler,
PortalAuthenticationManager portalAuthenticationManager) {
this.authenticationFailureHandler = authenticationFailureHandler;
this.authenticationSuccessHandler = authenticationSuccessHandler;
this.portalAuthenticationManager = portalAuthenticationManager;
}
@Bean
public FilterRegistrationBean<XssEscapeServletFilter> xssFilterRegistrationBean() {
FilterRegistrationBean<XssEscapeServletFilter> registrationBean = new FilterRegistrationBean<>();
XssEscapeServletFilter xssEscapeServletFilter = new XssEscapeServletFilter();
registrationBean.setFilter(xssEscapeServletFilter);
registrationBean.setOrder(Integer.MIN_VALUE + 1);
registrationBean.addUrlPatterns("/*");
return registrationBean;
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.headers().frameOptions().disable();//spring security 와 h2-console 같이 사용.
http
.formLogin()
.loginPage("/login")
.usernameParameter("id")
.passwordParameter("password")
.loginProcessingUrl("/actionLogin.do")
.successHandler(authenticationSuccessHandler)
.failureHandler(authenticationFailureHandler)
.and()
.logout().logoutUrl("/actionLogout.do").logoutSuccessUrl("/")
.and().authorizeRequests() // 권한요청 처리 설정 메서드
.antMatchers("/h2-console/**").permitAll() // 누구나 h2-console 접속 허용
.and()
.csrf()
.requireCsrfProtectionMatcher(new AntPathRequestMatcher("/mgmt/**", "POST"))
.csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse());
}
@Override
@Bean
public PortalAuthenticationManager authenticationManager() {
return portalAuthenticationManager;
}
}