Skip to content

Commit

Permalink
fix : securityConfig
Browse files Browse the repository at this point in the history
  • Loading branch information
@eojinny
eojinny committed Nov 10, 2023
1 parent 2c9a420 commit f529594
Showing 1 changed file with 18 additions and 47 deletions.
65 changes: 18 additions & 47 deletions src/main/java/gwangjang/server/global/security/SecurityConfig.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,13 +10,7 @@
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.CorsConfigurationSource;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
import org.springframework.web.servlet.config.annotation.CorsRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;

Expand All @@ -32,71 +26,48 @@ public class SecurityConfig {
public WebSecurityCustomizer webSecurityCustomizer() {
return (web) -> web.ignoring()
.requestMatchers("/resource/**", "/css/**", "/js/**", "/img/**", "/lib/**");
};
// .requestMatchers(new AntPathRequestMatcher( "/**/*.html"));

}

@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {


http
.csrf()
.disable()
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS);

http
.formLogin().disable() //폼 로그인 비활성화
.httpBasic().disable() // HTTP 기본 인증 비활성화
.exceptionHandling() //예외 처리 설정
// .authenticationEntryPoint(jwtAuthenticationEntryPoint) //인증되지 않은 사용자가 보호된 리소스에 액세스 할 때 호출되는 JwtAuthenticationEntryPoint 설정
.formLogin().disable()
.httpBasic().disable()
.exceptionHandling()
.and()
.headers().frameOptions().sameOrigin();


http
.authorizeHttpRequests(
authorize -> authorize
.requestMatchers("/auth/**").permitAll()
// .requestMatchers("/swagger-ui/index.html").permitAll()
// .requestMatchers("/admin/**").hasRole("ADMIN")
// .requestMatchers("/swagger-ui/**").permitAll()
// .requestMatchers("/swagger-resources/**").permitAll()
// .requestMatchers("/swagger-ui.html").permitAll()
.anyRequest().authenticated()
);

http.apply(new JwtSecurityConfig(tokenUtil, memberQueryService));

return http.build();
}

// CorsConfigurer 빈은 이미 사용하고 있으므로 CorsConfigurationSource 빈은 주석 처리하거나 삭제합니다.
// ...

// @Bean
// public CorsConfigurationSource corsConfigurationSource() {
// CorsConfiguration configuration = new CorsConfiguration();
//
// configuration.addAllowedOriginPattern("*");
// configuration.addAllowedHeader("*");
// configuration.addAllowedMethod("*");
// configuration.setAllowCredentials(false);
//
// UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
// source.registerCorsConfiguration("/", configuration);
// return source;
// }
}
@Bean
public WebMvcConfigurer corsConfigurer() {
return new WebMvcConfigurer() {
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**")
.allowedOrigins("http://localhost:3000")
.allowedMethods("POST", "GET", "PUT", "DELETE", "HEAD", "OPTIONS")
.allowCredentials(true);
}
};
}

}
return new WebMvcConfigurer() {
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**")
.allowedOrigins("*")
.allowedMethods("POST", "GET", "PUT", "DELETE", "HEAD", "OPTIONS")
.allowCredentials(true);
}
};
}
}

0 comments on commit f529594

Please sign in to comment.