jwt security setting

2020-12-13 20:18:09 +09:00
parent 0086dccf86
commit 0558392291
5 changed files with 129 additions and 1 deletions
--- a/spring-security-jwt/src/main/java/com/security/jwt/config/CorsConfig.java
+++ b/spring-security-jwt/src/main/java/com/security/jwt/config/CorsConfig.java
@@ -0,0 +1,23 @@
+package com.security.jwt.config;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.web.cors.CorsConfiguration;
+import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
+import org.springframework.web.filter.CorsFilter;
+
+@Configuration
+public class CorsConfig {
+
+    @Bean
+    public CorsFilter corsFilter() {
+        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
+        CorsConfiguration config = new CorsConfiguration();
+        config.setAllowCredentials(true); // 내 서버가 응답을 할 때 json을 자바스크립트에서 처리할 수 있게 할지를 설정 하는 것
+        config.addAllowedOrigin("*"); // 모든 ip에 응답을 허용
+        config.addAllowedHeader("*"); // 모든 header에 응답을 허용
+        config.addAllowedMethod("*"); // 모든 메소드에 대해 요청을 허용(get, post, put, delete, patch)
+        source.registerCorsConfiguration("/api/**", config);
+        return new CorsFilter(source);
+    }
+}
--- a/spring-security-jwt/src/main/java/com/security/jwt/config/SecurityConfig.java
+++ b/spring-security-jwt/src/main/java/com/security/jwt/config/SecurityConfig.java
@@ -0,0 +1,36 @@
+package com.security.jwt.config;
+
+import lombok.RequiredArgsConstructor;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.config.http.SessionCreationPolicy;
+import org.springframework.web.filter.CorsFilter;
+
+@Configuration
+@EnableWebSecurity
+@RequiredArgsConstructor
+public class SecurityConfig extends WebSecurityConfigurerAdapter {
+
+    private final CorsFilter corsFilter;
+
+    @Override
+    protected void configure(HttpSecurity http) throws Exception {
+        http.csrf().disable();
+        http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS) // 세션 사용 X
+                .and()
+                .addFilter(corsFilter) // @CrossOrigin(인증X), 시큐리티 필터에 등록(인증O) 모든 요청이 corsFilter를 거친다.
+                .formLogin().disable()
+                .httpBasic().disable()
+                .authorizeRequests()
+                .antMatchers("/api/v1/user/**")
+                .access("hasRole('ROLE_USER') or hasRole('ROLE_MANAGER') or hasRole('ROLE_ADMIN')")
+                .antMatchers("/api/v1/manager/**")
+                .access("hasRole('ROLE_MANAGER') or hasRole('ROLE_ADMIN')")
+                .antMatchers("/api/v1/admin/**")
+                .access("hasRole('ROLE_ADMIN')")
+                .anyRequest().permitAll();
+
+    }
+}
--- a/spring-security-jwt/src/main/java/com/security/jwt/controller/RestApiController.java
+++ b/spring-security-jwt/src/main/java/com/security/jwt/controller/RestApiController.java
@@ -0,0 +1,13 @@
+package com.security.jwt.controller;
+
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+@RestController
+public class RestApiController {
+
+    @GetMapping("home")
+    public String home() {
+        return "<h1>home</h1>";
+    }
+}
--- a/spring-security-jwt/src/main/java/com/security/jwt/model/User.java
+++ b/spring-security-jwt/src/main/java/com/security/jwt/model/User.java
@@ -0,0 +1,35 @@
+package com.security.jwt.model;
+
+
+import lombok.AllArgsConstructor;
+import lombok.Data;
+import lombok.NoArgsConstructor;
+
+import javax.persistence.Entity;
+import javax.persistence.GeneratedValue;
+import javax.persistence.GenerationType;
+import javax.persistence.Id;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.List;
+
+@Entity
+@Data
+@AllArgsConstructor
+@NoArgsConstructor
+public class User {
+
+    @Id
+    @GeneratedValue(strategy = GenerationType.IDENTITY)
+    private long id;
+    private String username;
+    private String password;
+    private String roles; // USER, ADMIN
+
+    public List<String> getRoleList() {
+        if(this.roles.length() > 0) {
+            return Arrays.asList(this.roles.split(","));
+        }
+        return new ArrayList<>();
+    }
+}
--- a/spring-security-jwt/src/main/resources/application.yml
+++ b/spring-security-jwt/src/main/resources/application.yml
@@ -1 +1,22 @@
- 
+server:
+  port: 8080
+  servlet:
+    context-path: /
+    encoding:
+      charset: UTF-8
+      enabled: true
+      force: true
+
+spring:
+  datasource:
+    driver-class-name: com.mysql.cj.jdbc.Driver
+    url: jdbc:mysql://localhost:3306/security?serverTimezone=Asia/Seoul
+    username: cos
+    password: cos1234
+
+  jpa:
+    hibernate:
+      ddl-auto: create #create update none
+      naming:
+        physical-strategy: org.hibernate.boot.model.naming.PhysicalNamingStrategyStandardImpl
+    show-sql: true