test master 변경
This commit is contained in:
@@ -0,0 +1,74 @@
|
||||
package com.eactive.testmaster.config;
|
||||
|
||||
|
||||
import com.navercorp.lucy.security.xss.servletfilter.XssEscapeServletFilter;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.boot.web.servlet.FilterRegistrationBean;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
||||
import org.springframework.security.web.csrf.CookieCsrfTokenRepository;
|
||||
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
|
||||
|
||||
@Configuration
|
||||
@EnableWebSecurity
|
||||
public class PortalConfigSecurity extends WebSecurityConfigurerAdapter {
|
||||
|
||||
private final PortalAuthenticationFailureHandler authenticationFailureHandler;
|
||||
|
||||
private final PortalAuthenticationSuccessHandler authenticationSuccessHandler;
|
||||
|
||||
private final PortalAuthenticationManager portalAuthenticationManager;
|
||||
|
||||
@Autowired
|
||||
public PortalConfigSecurity(PortalAuthenticationFailureHandler authenticationFailureHandler,
|
||||
PortalAuthenticationSuccessHandler authenticationSuccessHandler,
|
||||
PortalAuthenticationManager portalAuthenticationManager) {
|
||||
this.authenticationFailureHandler = authenticationFailureHandler;
|
||||
this.authenticationSuccessHandler = authenticationSuccessHandler;
|
||||
this.portalAuthenticationManager = portalAuthenticationManager;
|
||||
}
|
||||
|
||||
@Bean
|
||||
public FilterRegistrationBean<XssEscapeServletFilter> xssFilterRegistrationBean() {
|
||||
FilterRegistrationBean<XssEscapeServletFilter> registrationBean = new FilterRegistrationBean<>();
|
||||
XssEscapeServletFilter xssEscapeServletFilter = new XssEscapeServletFilter();
|
||||
registrationBean.setFilter(xssEscapeServletFilter);
|
||||
registrationBean.setOrder(Integer.MIN_VALUE + 1);
|
||||
registrationBean.addUrlPatterns("/*");
|
||||
return registrationBean;
|
||||
}
|
||||
|
||||
@Override
|
||||
protected void configure(HttpSecurity http) throws Exception {
|
||||
|
||||
http.headers().frameOptions().disable();//spring security 와 h2-console 같이 사용.
|
||||
|
||||
http
|
||||
.formLogin()
|
||||
.loginPage("/login")
|
||||
.usernameParameter("id")
|
||||
.passwordParameter("password")
|
||||
.loginProcessingUrl("/actionLogin.do")
|
||||
.successHandler(authenticationSuccessHandler)
|
||||
.failureHandler(authenticationFailureHandler)
|
||||
.and()
|
||||
.logout().logoutUrl("/actionLogout.do").logoutSuccessUrl("/")
|
||||
.and().authorizeRequests() // 권한요청 처리 설정 메서드
|
||||
.antMatchers("/h2-console/**").permitAll() // 누구나 h2-console 접속 허용
|
||||
.and()
|
||||
.csrf()
|
||||
.requireCsrfProtectionMatcher(new AntPathRequestMatcher("/mgmt/**", "POST"))
|
||||
.csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse());
|
||||
|
||||
}
|
||||
|
||||
@Override
|
||||
@Bean
|
||||
public PortalAuthenticationManager authenticationManager() {
|
||||
return portalAuthenticationManager;
|
||||
}
|
||||
|
||||
}
|
||||
Reference in New Issue
Block a user