설정 및 파일 위치 변경

src/main/java/kr/co/uplus/ez/config/SecurityConfig.java

@@ -23,26 +23,26 @@ import kr.co.uplus.ez.api.login.LoginSuccessHandler;
 import kr.co.uplus.ez.common.data.ConfigProps;
 import kr.co.uplus.ez.common.jwt.JwtAuthCookieFilter;
 import kr.co.uplus.ez.common.jwt.JwtAuthHeaderFilter;
-//import kr.co.uplus.ez.common.jwt.JwtExceptionFilter;
+import kr.co.uplus.ez.common.jwt.JwtExceptionFilter;
 import kr.co.uplus.ez.common.jwt.JwtProperties;
-import kr.co.uplus.ez.common.security.VueStaticFilter;
-import kr.co.uplus.ez.common.security.XssFilter;
+import kr.co.uplus.ez.config.filter.VueStaticFilter;
 
 @Configuration
 @EnableWebSecurity
 public class SecurityConfig extends WebSecurityConfigurerAdapter {
 
 	private static final String LOGIN_FORM_URL = "/login/**";
-	public static final String LOGIN_API_URL = "/api/v1/bo/login/*";
+	public static final String LOGIN_API_URL = "/api/v1/bo/login";
 	public static final String LOGIN_FAIL_URL = "/login?error=true";
 	public static final String LOGIN_SUCC_URL = "/";
 	private static final String API_URL = "/api/**";
+	public static final String TEST_PERMIT_URL = "/api/**/**";
 	public static final String PUBLIC_API_URL = "/api/v1/bo/**"; // 내부에서 인증없이 호출하는 API
-	public static final String[] REST_API_URLS = {API_URL};
+	public static final String[] REST_API_URLS = {API_URL, TEST_PERMIT_URL};
 
 	private static final String[] PERMIT_URL_ARRAY = {
             "/login",
-			"/api/v1/bo/login/*",
+			"/api/v1/bo/login/**",
             "/v2/api-docs",
             "/swagger-resources",
             "/swagger-resources/**",
@@ -56,12 +56,23 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
     };
 
 
+	private static final String[] AUTH_URL_ARRAY = {
+			"/api/v1/bo/login/*",
+			"/api/v1/bo/comm/**",
+			"/api/v1/bo/custMgt/**",
+			"/api/v1/bo/sysMgt/**",
+			"/api/v1/bo/channelMgt/**",
+			"/api/v1/bo/sendNumMgt/**",
+			"/api/v1/bo/mntrng/**",
+			"/api/v1/bo/riskMgt/sendNum/**",
+			"/api/v1/bo/stats/**"
+    };
+
+
 	public static final String LOGIN_ID_PARAM = "userId";
 	@SuppressWarnings("unused")
 	private static final String LOGIN_PWD_PARAM = "userPwd";
 
-	public static final String AUTH_USER = "authUser";
-
     @Autowired
     private UserDetailsService userDetailsService;
 	@Autowired
@@ -69,6 +80,11 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
 	@Autowired
 	private JwtProperties jwtProps;
 
+//	@Autowired
+//	private AuthService authService;
+
+
+
 	@Override
 	public void configure(WebSecurity web) throws Exception {
 		web.ignoring()
@@ -84,7 +100,8 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
 	public void configure(HttpSecurity http) throws Exception {
 	    http
 		    .addFilterBefore(new VueStaticFilter(), UsernamePasswordAuthenticationFilter.class) // Vue에서 호출시 화면관련 URL은 / forward
-	    	.addFilterBefore(new XssFilter(cprops), UsernamePasswordAuthenticationFilter.class)
+//	    	.addFilterBefore(new XssFilter(cprops), UsernamePasswordAuthenticationFilter.class)
+	    	.addFilterBefore(new JwtExceptionFilter(), UsernamePasswordAuthenticationFilter.class)
 			.addFilterBefore(jwtAuthFilter(), UsernamePasswordAuthenticationFilter.class)
 			.addFilterBefore(new JwtAuthHeaderFilter(jwtProps), UsernamePasswordAuthenticationFilter.class);
 
@@ -99,12 +116,12 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
 			.headers().frameOptions().disable()
 			.and()
 			.exceptionHandling()
-				.authenticationEntryPoint(new MixedAuthenticationEntryPoint(LOGIN_FORM_URL, PUBLIC_API_URL))
+				.authenticationEntryPoint(new MixedAuthenticationEntryPoint(LOGIN_FORM_URL, "/api/v1/bo/login/**"))
 				.and()
 			.authorizeRequests()
 				.requestMatchers(CorsUtils::isPreFlightRequest).permitAll() // CORS preflight 요청은 인증처리를 하지 않도록 설정
 				.antMatchers(PERMIT_URL_ARRAY).permitAll()
-				.antMatchers(API_URL).authenticated()
+				.antMatchers(AUTH_URL_ARRAY).authenticated()
 				.anyRequest().authenticated();
 
 	}