Spring Security 5.7 이상 SecurityFilterChain 설정

devyumi·2024년 4월 3일
스프링
0

Spring

목록 보기
9/14

Spring Security Filter Chain

  • Spring Security는 인증 및 인가 처리를 위해 다양한 필터를 연쇄적으로 실행한다.

  • Security 5.7 미만에서는 WebSecurityConfigurerAdapter을 상속했지만, 5.7 이상부터는 SecurityFilterChain 빈을 직접 등록해야 한다.


5.7 미만

@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
	auth.userDetailsService(customUserDetailsService);
}

@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
	httpSecurity
		.csrf().disable()
		.and()
				.sessionManagement()
				.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
        .and()
                .authorizeRequests()
                .antMatchers("/swagger-ui/**", "/sign-in", "/sign-up").permitAll()
                .antMatchers("/search/members/").hasRole("ADMIN")
                .anyRequest().authenticated()
		.and()
				.formLogin()
				.loginPage("/signin")
                .loginProcessingUrl("/signin")
                .defaultSuccessUrl("/home")
                .successHandler(new SignInSuccess)
                .failureHandler(new SignInFail))
		.and()
                .logoutUrl("/signout")
                .logoutSuccessUrl("/home")
                .logoutSuccessHandler(new SignOutSuccess)
		.and()
          		.exceptionHandling()
                	.authenticationEntryPoint(new CustomAuthenticationEntryPoint())
					.accessDeniedHandler(new CustomAccessDeniedHandler())
		.and()
				.addFilterBefore(new JwtAuthenticationFilter(this.userDetailsService, this.jwtResolver),
								UsernamePasswordAuthenticationFilter.class));
}

5.7 이상

 @Bean
 public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 	http
    	.httpBasic(HttpBasicConfigurer::disable)
        .csrf(CsrfConfigurer::disable)
        .cors(Customizer.withDefaults())
        .sessionManagement(configurer -> configurer.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
        .authorizeHttpRequests(authorization ->
        			authorization
                    	.requestMatchers("/swagger-ui/**", "/sign-in", "/sign-up").permitAll()
                        .requestMatchers("/search/members/").hasRole("ADMIN")
                        .anyRequest().authenticated())
		.formLogin(configurer ->
					configurer
						.loginPage("/signin")
                        .loginProcessingUrl("/signin")
                        .defaultSuccessUrl("/home")
                        .successHandler(new SignInSuccess)
                        .failureHandler(new SignInFail))
		.logout(configurer ->
					configurer
                        .logoutUrl("/signout")
                        .logoutSuccessUrl("/home")
                        .logoutSuccessHandler(new SignOutSuccess))
		.exceptionHandling(authenticationManager ->
        			authenticationManager
						.authenticationEntryPoint(new CustomAuthenticationEntryPoint())
						.accessDeniedHandler(new CustomAccessDeniedHandler()))
		.addFilterBefore(new JwtAuthenticationFilter(this.userDetailsService, this.jwtResolver),
						UsernamePasswordAuthenticationFilter.class);
	return http.build();
}
profile
devyumi
이전 포스트

Spring Security의 구조와 인증 과정

다음 포스트

JWT의 특징과 구조

0개의 댓글

관련 채용 정보