Spring Boot 2.7 ~ 3.1 ๋์ ํ์ธ
Basic ์ธ์ฆ ์ฌ์ฉ + h2 web console = true ์ค์ ํ ๊ฒฝ์ฐ
@Configuration
public class SecurityConfig {
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http,
HandlerMappingIntrospector introspector) throws Exception {
MvcRequestMatcher.Builder mvcMatcher = new MvcRequestMatcher.Builder(introspector);
return http
.authorizeHttpRequests(config -> config
.requestMatchers(
PathRequest.toH2Console()
).permitAll()
.requestMatchers(
mvcMatcher.pattern("/users/**"),
mvcMatcher.pattern("/admin/users/**")
).permitAll()
.anyRequest().authenticated()
)
.httpBasic(withDefaults())
.csrf(AbstractHttpConfigurer::disable)
.headers(AbstractHttpConfigurer::disable)
.build();
}
@Bean
public UserDetailsService userDetailsService() {
UserDetails user = User.builder()
.username("zhyun")
.password("{noop}qweasd")
.roles("USER")
.build();
UserDetails admin = User.builder()
.username("gimwlgus")
.password("{noop}zxcasd")
.roles("ADMIN")
.build();
return new InMemoryUserDetailsManager(user, admin);
}
}Basic ์ธ์ฆ ์ฌ์ฉ + h2 web console = false ์ค์ ํ ๊ฒฝ์ฐ
@Configuration
public class SecurityConfig {
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
return http
.authorizeHttpRequests(config -> config
.requestMatchers(
"/users/**",
"/admin/users/**"
).permitAll()
.anyRequest().authenticated()
)
.httpBasic(withDefaults())
.csrf(AbstractHttpConfigurer::disable)
.headers(AbstractHttpConfigurer::disable)
.build();
}
@Bean
public UserDetailsService userDetailsService() {
UserDetails user = User.builder()
.username("zhyun")
.password("{noop}qweasd")
.roles("USER")
.build();
UserDetails admin = User.builder()
.username("gimwlgus")
.password("{noop}zxcasd")
.roles("ADMIN")
.build();
return new InMemoryUserDetailsManager(user, admin);
}
}Form Login ์ฌ์ฉ + ์ ์ ๋ฆฌ์์ค ๋ชจ๋ ํ์ฉ
@Slf4j
@RequiredArgsConstructor
@EnableWebSecurity
@Configuration
public class SecurityConfiguration {
private final AccountService accountService;
private final UserAuthenticationSuccess userAuthenticationSuccess;
@Value("${server.servlet.context-path}")
private static String CONTEXT_PATH_PROPERTY;
public static final String CONTEXT_PATH = Objects.isNull(CONTEXT_PATH_PROPERTY) ? "/mission" : CONTEXT_PATH_PROPERTY;
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity httpSecurity) throws Exception {
return httpSecurity
.authorizeHttpRequests(
auth -> auth
.requestMatchers(PathRequest.toStaticResources().atCommonLocations()).permitAll()
.requestMatchers(
"/login/**",
"/join/**",
"/kiosk/**",
"/error/**"
).permitAll()
.requestMatchers("/", "/seller/**").hasRole("SELLER")
.requestMatchers("/", "/store/**", "/review/**").hasRole("CUSTOMER")
.anyRequest().authenticated()
)
.csrf(AbstractHttpConfigurer::disable)
.headers(AbstractHttpConfigurer::disable)
.formLogin(
login -> login
.loginPage("/login").permitAll()
.successHandler(userAuthenticationSuccess)
)
.addFilterBefore(new SecurityExceptionHandlerFilter(), UsernamePasswordAuthenticationFilter.class)
.addFilterBefore(new SecurityLoginFilter(accountService , passwordEncoder()), UsernamePasswordAuthenticationFilter.class)
.logout(
logout -> logout
.logoutSuccessUrl("/")
.invalidateHttpSession(true)
)
.build();
}
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
}๋๋ฅผ ์ํ ๋ก๊ทธ
์ ๋ง ์ด์ฌํ ๊ณต๋ถํ ๋ ๋ง๋ค์ด๋๋ ์ฝ๋์๋๋ฐ
๊ธฐ์ต์ด ์๋์ ํ์ผ์ ์์ด๋ฒ๋ฆฐ ์ค ์๊ณ ๊น์ง ๋๋๋ค;
์ด๊ฑธ ๋ธ๋ก๊ทธ์ ๊ธฐ๋ก์ ์ํด๋จ๋ค๋..ใทใท
์ด์ ๋ผ๋ ๊ธฐ๋ก โ๏ธ
security config
Hello velog!ใ