diff --git a/src/main/java/com/rest/api/config/security/CustomAccessDeniedHandler.java b/src/main/java/com/rest/api/config/security/CustomAccessDeniedHandler.java index 8b30ba8..b39dbd4 100644 --- a/src/main/java/com/rest/api/config/security/CustomAccessDeniedHandler.java +++ b/src/main/java/com/rest/api/config/security/CustomAccessDeniedHandler.java @@ -5,8 +5,6 @@ import org.springframework.security.access.AccessDeniedException; import org.springframework.security.web.access.AccessDeniedHandler; import org.springframework.stereotype.Component; -import javax.servlet.RequestDispatcher; -import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.io.IOException; @@ -16,9 +14,7 @@ import java.io.IOException; public class CustomAccessDeniedHandler implements AccessDeniedHandler { @Override - public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException exception) throws IOException, - ServletException { - RequestDispatcher dispatcher = request.getRequestDispatcher("/exception/accessdenied"); - dispatcher.forward(request, response); + public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException exception) throws IOException { + response.sendRedirect("/exception/accessdenied"); } } diff --git a/src/main/java/com/rest/api/config/security/CustomAuthenticationEntryPoint.java b/src/main/java/com/rest/api/config/security/CustomAuthenticationEntryPoint.java index 35cce6b..5d96f7c 100644 --- a/src/main/java/com/rest/api/config/security/CustomAuthenticationEntryPoint.java +++ b/src/main/java/com/rest/api/config/security/CustomAuthenticationEntryPoint.java @@ -18,7 +18,6 @@ public class CustomAuthenticationEntryPoint implements AuthenticationEntryPoint @Override public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException ex) throws IOException, ServletException { - RequestDispatcher dispatcher = request.getRequestDispatcher("/exception/entrypoint"); - dispatcher.forward(request, response); + response.sendRedirect("/exception/entrypoint"); } } diff --git a/src/main/java/com/rest/api/config/security/SecurityConfiguration.java b/src/main/java/com/rest/api/config/security/SecurityConfiguration.java index 6871f99..3880c9a 100644 --- a/src/main/java/com/rest/api/config/security/SecurityConfiguration.java +++ b/src/main/java/com/rest/api/config/security/SecurityConfiguration.java @@ -32,6 +32,7 @@ public class SecurityConfiguration extends WebSecurityConfigurerAdapter { .and() .authorizeRequests() // 다음 리퀘스트에 대한 사용권한 체크 .antMatchers("/*/signin", "/*/signin/**", "/*/signup", "/*/signup/**", "/social/**").permitAll() // 가입 및 인증 주소는 누구나 접근가능 + .antMatchers(HttpMethod.GET, "/exception/**","/helloworld/**").permitAll() // hellowworld로 시작하는 GET요청 리소스는 누구나 접근가능 .antMatchers(HttpMethod.GET, "/helloworld/**","/actuator/health").permitAll() // hellowworld로 시작하는 GET요청 리소스는 누구나 접근가능 .anyRequest().hasRole("USER") // 그외 나머지 요청은 모두 인증된 회원만 접근 가능 .and()