Add custom filter 추가
This commit is contained in:
Daeil Choi
clowncdi
@@ -1,25 +1,46 @@
|
||||
package com.example.springsecuritystudy.config;
|
||||
|
||||
import com.example.springsecuritystudy.filter.StopwatchFilter;
|
||||
import com.example.springsecuritystudy.filter.TesterAuthenticationFilter;
|
||||
import lombok.RequiredArgsConstructor;
|
||||
import org.springframework.boot.autoconfigure.security.servlet.PathRequest;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.http.HttpMethod;
|
||||
import org.springframework.security.authentication.AuthenticationManager;
|
||||
import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
|
||||
import org.springframework.security.web.SecurityFilterChain;
|
||||
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
|
||||
import org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter;
|
||||
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
|
||||
|
||||
import lombok.RequiredArgsConstructor;
|
||||
|
||||
/**
|
||||
* Security 설정 Config
|
||||
*/
|
||||
@EnableWebSecurity
|
||||
@EnableWebSecurity(debug = true)
|
||||
@RequiredArgsConstructor
|
||||
public class SecurityConfig {
|
||||
|
||||
@Bean
|
||||
public AuthenticationManager authenticationManager(AuthenticationConfiguration authenticationConfiguration) throws Exception {
|
||||
return authenticationConfiguration.getAuthenticationManager();
|
||||
}
|
||||
|
||||
|
||||
@Bean
|
||||
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
|
||||
// stopwatch filter
|
||||
http.addFilterBefore(
|
||||
new StopwatchFilter(),
|
||||
WebAsyncManagerIntegrationFilter.class
|
||||
);
|
||||
// tester authentication filter
|
||||
http.addFilterBefore(
|
||||
new TesterAuthenticationFilter(authenticationManager(http.getSharedObject(AuthenticationConfiguration.class))),
|
||||
UsernamePasswordAuthenticationFilter.class
|
||||
);
|
||||
http
|
||||
.httpBasic().disable()
|
||||
.csrf();
|
||||
@@ -27,7 +48,7 @@ public class SecurityConfig {
|
||||
.rememberMe();
|
||||
http
|
||||
.authorizeHttpRequests(auth -> auth
|
||||
.antMatchers("/", "/home", "/signup", "/h2-console/**").permitAll()
|
||||
.antMatchers("/", "/home", "/signup").permitAll()
|
||||
.antMatchers("/note").hasRole("USER")
|
||||
.antMatchers("/admin").hasRole("ADMIN")
|
||||
.antMatchers(HttpMethod.POST, "/notice").hasRole("ADMIN")
|
||||
@@ -53,7 +74,10 @@ public class SecurityConfig {
|
||||
@Bean
|
||||
public WebSecurityCustomizer webSecurityCustomizer() {
|
||||
// 정적 리소스 spring security 대상에서 제외
|
||||
return (web) -> web.ignoring().requestMatchers(PathRequest.toStaticResources().atCommonLocations());
|
||||
return (web) -> web.ignoring()
|
||||
.antMatchers("/h2-console/**")
|
||||
.requestMatchers(PathRequest.toStaticResources().atCommonLocations())
|
||||
;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user