85 lines
3.6 KiB
Kotlin
85 lines
3.6 KiB
Kotlin
package kr.co.vividnext.sodalive.configs
|
|
|
|
import com.fasterxml.jackson.databind.ObjectMapper
|
|
import kr.co.vividnext.sodalive.common.ExceptionHandlerFilter
|
|
import kr.co.vividnext.sodalive.jwt.JwtAccessDeniedHandler
|
|
import kr.co.vividnext.sodalive.jwt.JwtAuthenticationEntryPoint
|
|
import kr.co.vividnext.sodalive.jwt.JwtFilter
|
|
import kr.co.vividnext.sodalive.jwt.TokenProvider
|
|
import org.springframework.context.annotation.Bean
|
|
import org.springframework.context.annotation.Configuration
|
|
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity
|
|
import org.springframework.security.config.annotation.web.builders.HttpSecurity
|
|
import org.springframework.security.config.annotation.web.builders.WebSecurity
|
|
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
|
|
import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer
|
|
import org.springframework.security.config.http.SessionCreationPolicy
|
|
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder
|
|
import org.springframework.security.crypto.password.PasswordEncoder
|
|
import org.springframework.security.web.SecurityFilterChain
|
|
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter
|
|
|
|
@Configuration
|
|
@EnableWebSecurity
|
|
@EnableGlobalMethodSecurity(prePostEnabled = true)
|
|
class SecurityConfig(
|
|
private val objectMapper: ObjectMapper,
|
|
private val tokenProvider: TokenProvider,
|
|
private val accessDeniedHandler: JwtAccessDeniedHandler,
|
|
private val authenticationEntryPoint: JwtAuthenticationEntryPoint
|
|
) {
|
|
@Bean
|
|
fun passwordEncoder(): PasswordEncoder {
|
|
return BCryptPasswordEncoder()
|
|
}
|
|
|
|
@Bean
|
|
fun webSecurityCustomizer(): WebSecurityCustomizer {
|
|
return WebSecurityCustomizer { web: WebSecurity ->
|
|
web
|
|
.ignoring()
|
|
.antMatchers("/h2-console/**", "/favicon.ico", "/error")
|
|
}
|
|
}
|
|
|
|
@Bean
|
|
fun filterChain(http: HttpSecurity): SecurityFilterChain {
|
|
val jwtFilter = JwtFilter(tokenProvider)
|
|
|
|
return http
|
|
.cors()
|
|
.and()
|
|
.csrf().disable()
|
|
.exceptionHandling()
|
|
.authenticationEntryPoint(authenticationEntryPoint)
|
|
.accessDeniedHandler(accessDeniedHandler)
|
|
.and()
|
|
.headers()
|
|
.frameOptions()
|
|
.sameOrigin()
|
|
.and()
|
|
.sessionManagement()
|
|
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
|
|
.and()
|
|
.addFilterBefore(jwtFilter, UsernamePasswordAuthenticationFilter::class.java)
|
|
.addFilterBefore(ExceptionHandlerFilter(objectMapper), JwtFilter::class.java)
|
|
.authorizeRequests()
|
|
.antMatchers("/member/check/email").permitAll()
|
|
.antMatchers("/member/check/nickname").permitAll()
|
|
.antMatchers("/member/signup").permitAll()
|
|
.antMatchers("/member/signup/v2").permitAll()
|
|
.antMatchers("/member/login").permitAll()
|
|
.antMatchers("/creator-admin/member/login").permitAll()
|
|
.antMatchers("/member/forgot-password").permitAll()
|
|
.antMatchers("/stplat/terms_of_service").permitAll()
|
|
.antMatchers("/stplat/privacy_policy").permitAll()
|
|
.antMatchers("/charge/ads").permitAll()
|
|
.antMatchers("/v2/audio-content/main/home").permitAll()
|
|
.antMatchers("/v2/audio-content/main/home/popular-content-by-creator").permitAll()
|
|
.antMatchers("/v2/audio-content/main/home/content/ranking").permitAll()
|
|
.anyRequest().authenticated()
|
|
.and()
|
|
.build()
|
|
}
|
|
}
|