Add user, post 게시판 기능 추가

2023-02-02 18:01:03 +09:00
parent 8a6acc9dfc
commit 41c2dc134a
29 changed files with 711 additions and 90 deletions
--- a/src/main/java/com/example/springsecuritystudy/config/SecurityConfig.java
+++ b/src/main/java/com/example/springsecuritystudy/config/SecurityConfig.java
@@ -0,0 +1,71 @@
+package com.example.springsecuritystudy.config;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
+import org.springframework.security.core.userdetails.User;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.security.provisioning.InMemoryUserDetailsManager;
+import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
+
+import com.example.springsecuritystudy.user.UserRepository;
+
+import lombok.RequiredArgsConstructor;
+
+@EnableWebSecurity
+@RequiredArgsConstructor
+public class SecurityConfig {
+
+	private final PasswordEncoder passwordEncoder;
+	private final UserRepository userRepository;
+
+	@Bean
+	public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
+		http
+				.authorizeHttpRequests(auth -> auth
+					.antMatchers("/", "/home", "/signup", "/example").permitAll()
+					.antMatchers("/post").hasRole("USER")
+					.antMatchers("/admin").hasRole("ADMIN")
+					.anyRequest().authenticated()
+				)
+				.formLogin(form -> form
+					.loginPage("/login")
+					.defaultSuccessUrl("/")
+					.permitAll()
+				)
+				.logout(logout -> logout
+					.deleteCookies("remove")
+					.invalidateHttpSession(false)
+					.logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
+					.logoutSuccessUrl("/")
+				);
+
+		return http.build();
+	}
+
+	@Bean
+	public WebSecurityCustomizer webSecurityCustomizer() {
+		return web -> web.ignoring().antMatchers("/css/**", "/js/**", "/h2-console/**");
+	}
+
+	@Bean
+	public UserDetailsService users() {
+		UserDetails user = User.withUsername("user")
+				.password(passwordEncoder.encode("user"))
+				.roles("USER")
+				.build();
+		UserDetails admin = User.withUsername("admin")
+				.password(passwordEncoder.encode("admin"))
+				.roles("ADMIN")
+				.build();
+		UserDetails tester = User.withUsername("test")
+				.password(passwordEncoder.encode("test"))
+				.roles("ADMIN", "USER")
+				.build();
+		return new InMemoryUserDetailsManager(user, admin, tester);
+	}
+}