bugfix

- update ftl path - delete duplicate security settings
2019-11-14 11:32:27 +09:00
4 changed files with 11 additions and 5 deletions
--- a/src/main/java/com/rest/api/config/security/CustomAccessDeniedHandler.java
+++ b/src/main/java/com/rest/api/config/security/CustomAccessDeniedHandler.java
@@ -5,6 +5,8 @@ import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.web.access.AccessDeniedHandler;
 import org.springframework.stereotype.Component;

+import javax.servlet.RequestDispatcher;
+import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import java.io.IOException;
@@ -14,7 +16,9 @@ import java.io.IOException;
 public class CustomAccessDeniedHandler implements AccessDeniedHandler {

    @Override
-    public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException exception) throws IOException {
-        response.sendRedirect("/exception/accessdenied");
+    public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException exception) throws IOException,
+            ServletException {
+        RequestDispatcher dispatcher = request.getRequestDispatcher("/exception/accessdenied");
+        dispatcher.forward(request, response);
    }
 }
--- a/src/main/java/com/rest/api/config/security/CustomAuthenticationEntryPoint.java
+++ b/src/main/java/com/rest/api/config/security/CustomAuthenticationEntryPoint.java
@@ -18,6 +18,7 @@ public class CustomAuthenticationEntryPoint implements AuthenticationEntryPoint
    @Override
    public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException ex) throws IOException,
            ServletException {
-        response.sendRedirect("/exception/entrypoint");
+        RequestDispatcher dispatcher = request.getRequestDispatcher("/exception/entrypoint");
+        dispatcher.forward(request, response);
    }
 }
--- a/src/main/java/com/rest/api/config/security/SecurityConfiguration.java
+++ b/src/main/java/com/rest/api/config/security/SecurityConfiguration.java
@@ -32,7 +32,7 @@ public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
            .and()
                .authorizeRequests() // 다음 리퀘스트에 대한 사용권한 체크
                    .antMatchers("/*/signin", "/*/signin/**", "/*/signup", "/*/signup/**", "/social/**").permitAll() // 가입 및 인증 주소는 누구나 접근가능
-                    .antMatchers(HttpMethod.GET, "/exception/**","/helloworld/**", "/actuator/health").permitAll() // 등록된 GET요청 리소스는 누구나 접근가능
+                    .antMatchers(HttpMethod.GET, "/helloworld/**","/actuator/health", "/favicon.ico").permitAll() // 등록한 GET요청 리소스는 누구나 접근가능
                    .anyRequest().hasRole("USER") // 그외 나머지 요청은 모두 인증된 회원만 접근 가능
            .and()
                .exceptionHandling().accessDeniedHandler(new CustomAccessDeniedHandler())
--- a/src/main/java/com/rest/api/controller/HelloController.java
+++ b/src/main/java/com/rest/api/controller/HelloController.java
@@ -5,13 +5,14 @@ import lombok.Setter;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.ResponseBody;

@Slf4j
@Controller
 public class HelloController {

-    private static final String HELLO = "helloworld-nice to meet you";
+    private static final String HELLO = "helloworld";

    @Setter
    @Getter