얼거스 개발 일지

Spring Boot 2.7 ~ 3.1 동작 확인

debug 설정 + Basic 인증 사용 + h2 web console = true 설정한 경우

@EnableWebSecurity(debug = true)
@Configuration
public class SecurityConfig {
    
    @Bean
    public SecurityFilterChain securityFilterChain(HttpSecurity http,
                                                   HandlerMappingIntrospector introspector) throws Exception {
        MvcRequestMatcher.Builder mvcMatcher = new MvcRequestMatcher.Builder(introspector);

        http.authorizeHttpRequests(config -> config
                .requestMatchers(PathRequest.toH2Console()).permitAll()
                .requestMatchers(
                        mvcMatcher.pattern("/sign-up/**"),
                        mvcMatcher.pattern("/check/**"),
                        mvcMatcher.pattern("/sign-in/**")).permitAll()
                .anyRequest().authenticated());
        
        http.httpBasic(withDefaults());
        http.csrf(AbstractHttpConfigurer::disable);
        http.headers(AbstractHttpConfigurer::disable);
        
        
        
        return http.build();
    }
    
    
    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }
    
    @Bean
    public UserDetailsService userDetailsService() {
        UserDetails user = User.builder()
                .username("zhyun")
                .password("{noop}qweasd")
                .roles("USER")
                .build();
 
        UserDetails admin = User.builder()
                .username("gimwlgus")
                .password("{noop}zxcasd")
                .roles("ADMIN")
                .build();
 
        return new InMemoryUserDetailsManager(user, admin);
    }
    
}

 

debug 설정 + Form Login 사용 + 정적 리소스 모두 허용 + filter 추가

@Slf4j
@RequiredArgsConstructor
@EnableWebSecurity(debug = true)
@Configuration
public class SecurityConfiguration {
 
    private final AccountService accountService;
    private final UserAuthenticationSuccess userAuthenticationSuccess;
 
    @Value("${server.servlet.context-path}")
    private static String CONTEXT_PATH_PROPERTY;
 
    public static final String CONTEXT_PATH = Objects.isNull(CONTEXT_PATH_PROPERTY) ? "/mission" : CONTEXT_PATH_PROPERTY;
 
    @Bean
    public SecurityFilterChain securityFilterChain(HttpSecurity httpSecurity) throws Exception {
        return httpSecurity
                .authorizeHttpRequests(
                        auth -> auth
                                .requestMatchers(PathRequest.toStaticResources().atCommonLocations()).permitAll()
                                .requestMatchers(
                                        "/login/**",
                                        "/join/**",
                                        "/kiosk/**",
                                        "/error/**"
                                ).permitAll()
                                .requestMatchers("/", "/seller/**").hasRole("SELLER")
                                .requestMatchers("/", "/store/**", "/review/**").hasRole("CUSTOMER")
                                .anyRequest().authenticated()
                )
                .csrf(AbstractHttpConfigurer::disable) 
                .headers(AbstractHttpConfigurer::disable)
                .formLogin(
                        login -> login
                                .loginPage("/login").permitAll()
                                .successHandler(userAuthenticationSuccess)
                )
                .addFilterBefore(new SecurityExceptionHandlerFilter(), UsernamePasswordAuthenticationFilter.class)
                .addFilterBefore(new SecurityLoginFilter(accountService , passwordEncoder()), UsernamePasswordAuthenticationFilter.class)
                .logout(
                        logout -> logout
                                .logoutSuccessUrl("/")
                                .invalidateHttpSession(true)
                )
                .build();
    }
 
    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }
 
}