mindol1004/hou27-jwt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
38b8ec824bff7c6bd249a671fbba040e536922dc
hou27-jwt/src/main/java/demo/api/config/SecurityConfig.java
hou27 38b8ec824b Fix antMatcher path
2022-06-16 23:08:29 +09:00

74 lines
2.4 KiB
Java
Raw Blame History

package demo.api.config;
import demo.api.jwt.JwtAccessDeniedHandler;
import demo.api.jwt.JwtAuthenticationEntryPoint;
import demo.api.jwt.JwtTokenFilter;
import demo.api.jwt.JwtTokenProvider;
import lombok.RequiredArgsConstructor;
import org.springframework.context.annotation.Bean;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;
@EnableWebSecurity
@RequiredArgsConstructor
public class SecurityConfig {
// 추가된 jwt 관련 친구들을 security config에 추가
private final JwtTokenProvider jwtTokenProvider;
private final JwtAccessDeniedHandler jwtAccessDeniedHandler;
private final JwtAuthenticationEntryPoint jwtAuthenticationEntryPoint;
@Bean
public BCryptPasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Bean
public AuthenticationManager authenticationManager(
AuthenticationConfiguration authenticationConfiguration
) throws Exception {
return authenticationConfiguration.getAuthenticationManager();
}
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
// Disable csrf to use token
http
.csrf().disable();
//
http
.authorizeRequests()
.antMatchers(
"/",
"/auth/signUp",
"/user/userList",
"/auth/signIn*",
"/user/profile/view/**",
"/favicon.ico"
).permitAll()
.anyRequest().authenticated();
// No session will be created or used by spring security
http
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS);
// exception handling for jwt
http
.exceptionHandling()
.accessDeniedHandler(jwtAccessDeniedHandler)
.authenticationEntryPoint(jwtAuthenticationEntryPoint);
// Apply JWT
http.apply(new JwtSecurityConfig(jwtTokenProvider));
return http.build();
}
}
Reference in New Issue View Git Blame Copy Permalink