mindol1004/spring-security-study
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add 정적리소스는 SpringSecurity 대상에서 제외하도록 ignoring추가

Browse Source
This commit is contained in:
Daeil Choi
2023-02-06 14:27:32 +09:00
parent 8c26d488fc
commit d798b23d63
1 changed files with 9 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
src/main/java/com/example/springsecuritystudy/config/SecurityConfig.java
View File

@@ -1,9 +1,11 @@
package com.example.springsecuritystudy.config;
import org.springframework.boot.autoconfigure.security.servlet.PathRequest;
import org.springframework.context.annotation.Bean;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
@@ -25,8 +27,7 @@ public class SecurityConfig {
.rememberMe();
http
.authorizeHttpRequests(auth -> auth
.antMatchers("/", "/home", "/signup",
"/css/**", "/h2-console/**").permitAll()
.antMatchers("/", "/home", "/signup", "/h2-console/**").permitAll()
.antMatchers("/note").hasRole("USER")
.antMatchers("/admin").hasRole("ADMIN")
.antMatchers(HttpMethod.POST, "/notice").hasRole("ADMIN")
@@ -49,4 +50,10 @@ public class SecurityConfig {
return http.build();
}
@Bean
public WebSecurityCustomizer webSecurityCustomizer() {
// 정적 리소스 spring security 대상에서 제외
return (web) -> web.ignoring().requestMatchers(PathRequest.toStaticResources().atCommonLocations());
}
}