package egovframework.com.security; import egovframework.com.jwt.JwtAuthenticationEntryPoint; import egovframework.com.jwt.JwtAuthenticationFilter; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.http.HttpMethod; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer; import org.springframework.security.config.http.SessionCreationPolicy; import org.springframework.security.web.SecurityFilterChain; import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; import org.springframework.web.cors.CorsConfiguration; import org.springframework.web.cors.CorsConfigurationSource; import org.springframework.web.cors.UrlBasedCorsConfigurationSource; import java.util.Arrays; /** * fileName : SecurityConfig * author : crlee * date : 2023/06/10 * description : * =========================================================== * DATE AUTHOR NOTE * ----------------------------------------------------------- * 2023/06/10 crlee 최초 생성 */ @Configuration @EnableWebSecurity public class SecurityConfig { //Http Methpd : Get 인증예외 List private String[] AUTH_GET_WHITELIST = { "/schedule/daily", //일별 일정 조회 "/schedule/week", //주간 일정 조회 "/schedule/{schdulId}", //일정 상세조회 }; // 인증 예외 List private String[] AUTH_WHITELIST = { "/", "/login/**", "/auth/login-jwt",//JWT 로그인 "/auth/login",//일반 로그인 "/cmm/main/**.do", // 메인페이지 "/cmm/fms/FileDown.do", //파일 다운로드 "/cmm/fms/getImage.do", //갤러리 이미지보기 "/cop/bbs/selectUserBBSMasterInfAPI.do", //게시판 마스터 상세 조회 "/cop/bbs/selectBoardListAPI.do", //게시판 목록조회 "/cop/bbs/selectBoardArticleAPI.do", //게시물 상세조회 /* swagger v2 */ "/v2/api-docs", "/swagger-resources", "/swagger-resources/**", "/swagger-ui.html", "/swagger-ui/**" }; private static final String[] ORIGINS_WHITELIST = { "http://localhost:3000", }; @Bean public JwtAuthenticationFilter authenticationTokenFilterBean() throws Exception { return new JwtAuthenticationFilter(); } @Bean protected CorsConfigurationSource corsConfigurationSource() { CorsConfiguration configuration = new CorsConfiguration(); configuration.setAllowedOriginPatterns(Arrays.asList("*")); configuration.setAllowedMethods(Arrays.asList("HEAD","POST","GET","DELETE","PUT")); configuration.setAllowedOrigins(Arrays.asList(ORIGINS_WHITELIST)); configuration.setAllowedHeaders(Arrays.asList("*")); configuration.setAllowCredentials(true); UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); source.registerCorsConfiguration("/**", configuration); return source; } @Bean protected SecurityFilterChain filterChain(HttpSecurity http) throws Exception { return http .csrf(AbstractHttpConfigurer::disable) .authorizeHttpRequests(authorize -> authorize .antMatchers(AUTH_WHITELIST).permitAll() .antMatchers(HttpMethod.GET,AUTH_GET_WHITELIST).permitAll() .anyRequest().authenticated() ).sessionManagement((sessionManagement) -> sessionManagement.sessionCreationPolicy(SessionCreationPolicy.STATELESS) ) .cors().and() .addFilterBefore(authenticationTokenFilterBean(), UsernamePasswordAuthenticationFilter.class) .exceptionHandling(exceptionHandlingConfigurer -> exceptionHandlingConfigurer .authenticationEntryPoint(new JwtAuthenticationEntryPoint()) ) .build(); } }