|
| 1 | +package dmu.dasom.api.global.auth.config; |
| 2 | + |
| 3 | +import dmu.dasom.api.domain.member.enums.Role; |
| 4 | +import dmu.dasom.api.global.auth.filter.CustomAuthenticationFilter; |
| 5 | +import dmu.dasom.api.global.auth.filter.CustomLogoutFilter; |
| 6 | +import dmu.dasom.api.global.auth.filter.JwtFilter; |
| 7 | +import dmu.dasom.api.global.auth.handler.AccessDeniedHandlerImpl; |
| 8 | +import dmu.dasom.api.global.auth.handler.AuthenticationEntryPointImpl; |
| 9 | +import dmu.dasom.api.global.auth.jwt.JwtUtil; |
| 10 | +import lombok.RequiredArgsConstructor; |
| 11 | +import org.springframework.context.annotation.Bean; |
| 12 | +import org.springframework.context.annotation.Configuration; |
| 13 | +import org.springframework.security.authentication.AuthenticationManager; |
| 14 | +import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration; |
| 15 | +import org.springframework.security.config.annotation.web.builders.HttpSecurity; |
| 16 | +import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; |
| 17 | +import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer; |
| 18 | +import org.springframework.security.config.http.SessionCreationPolicy; |
| 19 | +import org.springframework.security.web.SecurityFilterChain; |
| 20 | +import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; |
| 21 | + |
| 22 | +@Configuration |
| 23 | +@EnableWebSecurity |
| 24 | +@RequiredArgsConstructor |
| 25 | +public class SecurityConfig { |
| 26 | + |
| 27 | + private final AccessDeniedHandlerImpl accessDeniedHandler; |
| 28 | + private final AuthenticationEntryPointImpl authenticationEntryPoint; |
| 29 | + private final JwtFilter jwtFilter; |
| 30 | + private final JwtUtil jwtUtil; |
| 31 | + |
| 32 | + @Bean |
| 33 | + public AuthenticationManager authenticationManager(final AuthenticationConfiguration configuration) throws Exception { |
| 34 | + return configuration.getAuthenticationManager(); |
| 35 | + } |
| 36 | + |
| 37 | + @Bean |
| 38 | + public SecurityFilterChain filterChain(final HttpSecurity http, final AuthenticationManager authenticationManager) throws Exception { |
| 39 | + final CustomAuthenticationFilter customAuthenticationFilter = new CustomAuthenticationFilter(authenticationManager, jwtUtil); |
| 40 | + customAuthenticationFilter.setFilterProcessesUrl("/api/auth/login"); |
| 41 | + |
| 42 | + return http |
| 43 | + .csrf(AbstractHttpConfigurer::disable) |
| 44 | + .cors(AbstractHttpConfigurer::disable) |
| 45 | + .formLogin(AbstractHttpConfigurer::disable) |
| 46 | + .httpBasic(AbstractHttpConfigurer::disable) |
| 47 | + .logout(AbstractHttpConfigurer::disable) |
| 48 | + .sessionManagement(session -> session |
| 49 | + .sessionCreationPolicy(SessionCreationPolicy.STATELESS)) |
| 50 | + .authorizeHttpRequests(auth -> auth |
| 51 | + .requestMatchers("/api/admin/**").hasRole(Role.ROLE_ADMIN.getName()) |
| 52 | + .requestMatchers("/api/auth/logout").authenticated() |
| 53 | + .requestMatchers("/api/**", "/swagger-ui/**", "/v3/api-docs/**").permitAll() |
| 54 | + .anyRequest().authenticated()) |
| 55 | + .addFilterBefore(jwtFilter, CustomAuthenticationFilter.class) |
| 56 | + .addFilterAt(customAuthenticationFilter, UsernamePasswordAuthenticationFilter.class) |
| 57 | + .addFilterAfter(new CustomLogoutFilter(jwtUtil), JwtFilter.class) |
| 58 | + .exceptionHandling(handler -> handler |
| 59 | + .accessDeniedHandler(accessDeniedHandler) |
| 60 | + .authenticationEntryPoint(authenticationEntryPoint)) |
| 61 | + .build(); |
| 62 | + } |
| 63 | + |
| 64 | +} |
0 commit comments