시큐리티 설정

유저 API - 로그인, 회원가입, 계정정보 추가
2023-07-23 03:26:17 +09:00
parent 23506e79f1
commit f81f07bd05
36 changed files with 1247 additions and 0 deletions
--- a/src/main/kotlin/kr/co/vividnext/sodalive/configs/SecurityConfig.kt
+++ b/src/main/kotlin/kr/co/vividnext/sodalive/configs/SecurityConfig.kt
@@ -0,0 +1,74 @@
+package kr.co.vividnext.sodalive.configs
+
+import kr.co.vividnext.sodalive.jwt.JwtAccessDeniedHandler
+import kr.co.vividnext.sodalive.jwt.JwtAuthenticationEntryPoint
+import kr.co.vividnext.sodalive.jwt.JwtFilter
+import kr.co.vividnext.sodalive.jwt.TokenProvider
+import org.springframework.context.annotation.Bean
+import org.springframework.context.annotation.Configuration
+import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity
+import org.springframework.security.config.annotation.web.builders.HttpSecurity
+import org.springframework.security.config.annotation.web.builders.WebSecurity
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
+import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer
+import org.springframework.security.config.http.SessionCreationPolicy
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder
+import org.springframework.security.crypto.password.PasswordEncoder
+import org.springframework.security.web.SecurityFilterChain
+import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter
+
+@Configuration
+@EnableWebSecurity
+@EnableGlobalMethodSecurity(prePostEnabled = true)
+class SecurityConfig(
+    private val tokenProvider: TokenProvider,
+    private val accessDeniedHandler: JwtAccessDeniedHandler,
+    private val authenticationEntryPoint: JwtAuthenticationEntryPoint
+) {
+    @Bean
+    fun passwordEncoder(): PasswordEncoder {
+        return BCryptPasswordEncoder()
+    }
+
+    @Bean
+    fun webSecurityCustomizer(): WebSecurityCustomizer {
+        return WebSecurityCustomizer { web: WebSecurity ->
+            web
+                .ignoring()
+                .antMatchers("/h2-console/**", "/favicon.ico", "/error")
+        }
+    }
+
+    @Bean
+    fun filterChain(http: HttpSecurity): SecurityFilterChain {
+        val jwtFilter = JwtFilter(tokenProvider)
+
+        return http
+            .cors()
+            .and()
+            .csrf().disable()
+            .exceptionHandling()
+            .authenticationEntryPoint(authenticationEntryPoint)
+            .accessDeniedHandler(accessDeniedHandler)
+            .and()
+            .headers()
+            .frameOptions()
+            .sameOrigin()
+            .and()
+            .sessionManagement()
+            .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
+            .and()
+            .authorizeRequests()
+            .antMatchers("/member/check/email").permitAll()
+            .antMatchers("/member/check/nickname").permitAll()
+            .antMatchers("/member/signup").permitAll()
+            .antMatchers("/member/login").permitAll()
+            .antMatchers("/member/forgot-password").permitAll()
+            .antMatchers("/stplat/terms_of_service").permitAll()
+            .antMatchers("/stplat/privacy_policy").permitAll()
+            .anyRequest().authenticated()
+            .and()
+            .addFilterBefore(jwtFilter, UsernamePasswordAuthenticationFilter::class.java)
+            .build()
+    }
+}