From d798b23d63ee4844c72fdeb24730962b5ac96151 Mon Sep 17 00:00:00 2001
From: Daeil Choi <daeil.choi@classact.co.kr>
Date: Mon, 6 Feb 2023 14:27:32 +0900
Subject: [PATCH] =?UTF-8?q?Add=20=EC=A0=95=EC=A0=81=EB=A6=AC=EC=86=8C?=
 =?UTF-8?q?=EC=8A=A4=EB=8A=94=20SpringSecurity=20=EB=8C=80=EC=83=81?=
 =?UTF-8?q?=EC=97=90=EC=84=9C=20=EC=A0=9C=EC=99=B8=ED=95=98=EB=8F=84?=
 =?UTF-8?q?=EB=A1=9D=20ignoring=EC=B6=94=EA=B0=80?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../springsecuritystudy/config/SecurityConfig.java    | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/src/main/java/com/example/springsecuritystudy/config/SecurityConfig.java b/src/main/java/com/example/springsecuritystudy/config/SecurityConfig.java
index 798bf80..48f4c1f 100644
--- a/src/main/java/com/example/springsecuritystudy/config/SecurityConfig.java
+++ b/src/main/java/com/example/springsecuritystudy/config/SecurityConfig.java
@@ -1,9 +1,11 @@
 package com.example.springsecuritystudy.config;
 
+import org.springframework.boot.autoconfigure.security.servlet.PathRequest;
 import org.springframework.context.annotation.Bean;
 import org.springframework.http.HttpMethod;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
 
@@ -25,8 +27,7 @@ public class SecurityConfig {
 				.rememberMe();
 		http
 				.authorizeHttpRequests(auth -> auth
-						.antMatchers("/", "/home", "/signup",
-								"/css/**", "/h2-console/**").permitAll()
+						.antMatchers("/", "/home", "/signup", "/h2-console/**").permitAll()
 						.antMatchers("/note").hasRole("USER")
 						.antMatchers("/admin").hasRole("ADMIN")
 						.antMatchers(HttpMethod.POST, "/notice").hasRole("ADMIN")
@@ -49,4 +50,10 @@ public class SecurityConfig {
 		return http.build();
 	}
 
+	@Bean
+	public WebSecurityCustomizer webSecurityCustomizer() {
+		// 정적 리소스 spring security 대상에서 제외
+		return (web) -> web.ignoring().requestMatchers(PathRequest.toStaticResources().atCommonLocations());
+	}
+
 }