diff --git a/build.gradle b/build.gradle index 57ec9a2..4e1e2a9 100644 --- a/build.gradle +++ b/build.gradle @@ -49,7 +49,8 @@ dependencies { /* Security */ - implementation 'org.springframework.boot:spring-boot-starter-security' +// implementation 'org.springframework.boot:spring-boot-starter-security:2.6.7' + implementation 'org.springframework.boot:spring-boot-starter-security:2.7.0' /* Validation diff --git a/src/main/java/demo/api/config/SecurityConfig.java b/src/main/java/demo/api/config/SecurityConfig.java index 1031374..d8a3bdf 100644 --- a/src/main/java/demo/api/config/SecurityConfig.java +++ b/src/main/java/demo/api/config/SecurityConfig.java @@ -1,5 +1,6 @@ package demo.api.config; +import demo.api.user.repository.UserRepository; import lombok.RequiredArgsConstructor; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; @@ -10,46 +11,30 @@ import org.springframework.security.config.annotation.web.configuration.EnableWe import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; +import org.springframework.security.web.SecurityFilterChain; + -/** - * Spring Security 사용을 위한 Configuration Class를 작성하기 위해서 - * WebSecurityConfigurerAdapter를 상속하여 클래스를 생성하고 - * @Configuration 애노테이션 대신 @EnableWebSecurity 애노테이션을 추가한다. - */ @EnableWebSecurity @RequiredArgsConstructor -public class SecurityConfig extends WebSecurityConfigurerAdapter { - private final UserDetailsService userDetailsService; - - /** - * PasswordEncoder를 Bean으로 등록 - */ +public class SecurityConfig { +// private final UserRepository userRepository; + // https://spring.io/blog/2022/02/21/spring-security-without-the-websecurityconfigureradapter + // https://github.com/spring-projects/spring-security/issues/10822 @Bean - public BCryptPasswordEncoder bCryptPasswordEncoder() { + public UserDetailsService userDetailsService() { + return new UserDetailsServiceImpl(); + } + @Bean + public BCryptPasswordEncoder passwordEncoder() { return new BCryptPasswordEncoder(); } - -// /** -// * 인증 or 인가가 필요 없는 경로를 설정 -// */ -// @Override -// public void configure(WebSecurity web) throws Exception { -// web.ignoring().antMatchers("/?/**"); -// } - - /** - * 인증에 대한 지원 - */ - @Override - protected void configure(AuthenticationManagerBuilder auth) throws Exception { - auth.userDetailsService(userDetailsService).passwordEncoder(bCryptPasswordEncoder()); - } - - /** - * 인증 or 인가에 대한 설정 - */ - @Override - protected void configure(HttpSecurity http) throws Exception { + @Bean + public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { +// http +// .authorizeHttpRequests((authz) -> authz +// .anyRequest().authenticated() +// ) +// .httpBasic(withDefaults()); http .csrf().disable() .formLogin() @@ -63,5 +48,64 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter { .authorizeRequests() .antMatchers("/", "/user/signUp", "/user/userList", "/user/signIn*").permitAll() .anyRequest().authenticated(); + return http.build(); } + } + + + +///** +// * Spring Security 사용을 위한 Configuration Class를 작성하기 위해서 +// * WebSecurityConfigurerAdapter를 상속하여 클래스를 생성하고 +// * @Configuration 애노테이션 대신 @EnableWebSecurity 애노테이션을 추가한다. +// */ +//@EnableWebSecurity +//@RequiredArgsConstructor +//public class SecurityConfig extends WebSecurityConfigurerAdapter { +// private final UserDetailsService userDetailsService; +// +// /** +// * PasswordEncoder를 Bean으로 등록 +// */ +// @Bean +// public BCryptPasswordEncoder bCryptPasswordEncoder() { +// return new BCryptPasswordEncoder(); +// } +// +//// /** +//// * 인증 or 인가가 필요 없는 경로를 설정 +//// */ +//// @Override +//// public void configure(WebSecurity web) throws Exception { +//// web.ignoring().antMatchers("/?/**"); +//// } +// +// /** +// * 인증에 대한 지원 +// */ +// @Override +// protected void configure(AuthenticationManagerBuilder auth) throws Exception { +// auth.userDetailsService(userDetailsService).passwordEncoder(bCryptPasswordEncoder()); +// } +// +// /** +// * 인증 or 인가에 대한 설정 +// */ +// @Override +// protected void configure(HttpSecurity http) throws Exception { +// http +// .csrf().disable() +// .formLogin() +// .loginPage("/user/signIn") +// .loginProcessingUrl("/user/signInProc") +// .usernameParameter("email") +// .passwordParameter("password") +// .defaultSuccessUrl("/") +// .failureUrl("/user/signIn?fail=true"); +// http +// .authorizeRequests() +// .antMatchers("/", "/user/signUp", "/user/userList", "/user/signIn*").permitAll() +// .anyRequest().authenticated(); +// } +//} diff --git a/src/main/java/demo/api/config/UserDetailsServiceImpl.java b/src/main/java/demo/api/config/UserDetailsServiceImpl.java index 0b2db8a..90b8673 100644 --- a/src/main/java/demo/api/config/UserDetailsServiceImpl.java +++ b/src/main/java/demo/api/config/UserDetailsServiceImpl.java @@ -8,15 +8,16 @@ import java.util.Collection; import java.util.HashSet; import java.util.Set; import lombok.RequiredArgsConstructor; +import org.springframework.beans.factory.annotation.Autowired; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.stereotype.Service; -@Service -@RequiredArgsConstructor + public class UserDetailsServiceImpl implements UserDetailsService { - private final UserRepository userRepository; + @Autowired + private UserRepository userRepository; @Override public UserDetails loadUserByUsername(String email) throws UserNotFoundException {