jbcheong/hubez-admin
1
0
Fork 0
mirror of http://git.mhez-qa.uplus.co.kr/hubez/hubez-admin.git synced 2025-12-07 03:57:56 +09:00
Code Issues Projects Releases Wiki Activity
Files
acbd7d1352e2d5e0c23a797f62709ab8452859d8
hubez-admin/src/main/java/kr/co/uplus/ez/config/SecurityConfig.java
kimre acbd7d1352 설정 및 파일 위치 변경
2022-05-30 15:52:40 +09:00

156 lines
5.5 KiB
Java
Raw Blame History

package kr.co.uplus.ez.config;
import javax.servlet.Filter;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.factory.PasswordEncoderFactories;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.web.cors.CorsUtils;
import kr.co.uplus.ez.api.login.LoginFailureHandler;
import kr.co.uplus.ez.api.login.LoginSuccessHandler;
import kr.co.uplus.ez.common.data.ConfigProps;
import kr.co.uplus.ez.common.jwt.JwtAuthCookieFilter;
import kr.co.uplus.ez.common.jwt.JwtAuthHeaderFilter;
import kr.co.uplus.ez.common.jwt.JwtExceptionFilter;
import kr.co.uplus.ez.common.jwt.JwtProperties;
import kr.co.uplus.ez.config.filter.VueStaticFilter;
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
private static final String LOGIN_FORM_URL = "/login/**";
public static final String LOGIN_API_URL = "/api/v1/bo/login";
public static final String LOGIN_FAIL_URL = "/login?error=true";
public static final String LOGIN_SUCC_URL = "/";
private static final String API_URL = "/api/**";
public static final String TEST_PERMIT_URL = "/api/**/**";
public static final String PUBLIC_API_URL = "/api/v1/bo/**"; // 내부에서 인증없이 호출하는 API
public static final String[] REST_API_URLS = {API_URL, TEST_PERMIT_URL};
private static final String[] PERMIT_URL_ARRAY = {
"/login",
"/api/v1/bo/login/**",
"/v2/api-docs",
"/swagger-resources",
"/swagger-resources/**",
"/configuration/ui",
"/configuration/security",
"/swagger-ui.html",
"/webjars/**",
"/v3/api-docs/**",
"/swagger-ui/**",
"/"
};
private static final String[] AUTH_URL_ARRAY = {
"/api/v1/bo/login/*",
"/api/v1/bo/comm/**",
"/api/v1/bo/custMgt/**",
"/api/v1/bo/sysMgt/**",
"/api/v1/bo/channelMgt/**",
"/api/v1/bo/sendNumMgt/**",
"/api/v1/bo/mntrng/**",
"/api/v1/bo/riskMgt/sendNum/**",
"/api/v1/bo/stats/**"
};
public static final String LOGIN_ID_PARAM = "userId";
@SuppressWarnings("unused")
private static final String LOGIN_PWD_PARAM = "userPwd";
@Autowired
private UserDetailsService userDetailsService;
@Autowired
private ConfigProps cprops;
@Autowired
private JwtProperties jwtProps;
// @Autowired
// private AuthService authService;
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring()
.antMatchers("/static/**", "/assets/**");
}
@Bean
public Filter jwtAuthFilter() {
return new JwtAuthCookieFilter(jwtProps);
}
@Override
public void configure(HttpSecurity http) throws Exception {
http
.addFilterBefore(new VueStaticFilter(), UsernamePasswordAuthenticationFilter.class) // Vue에서 호출시 화면관련 URL은 / forward
// .addFilterBefore(new XssFilter(cprops), UsernamePasswordAuthenticationFilter.class)
.addFilterBefore(new JwtExceptionFilter(), UsernamePasswordAuthenticationFilter.class)
.addFilterBefore(jwtAuthFilter(), UsernamePasswordAuthenticationFilter.class)
.addFilterBefore(new JwtAuthHeaderFilter(jwtProps), UsernamePasswordAuthenticationFilter.class);
http
.cors().and()
.csrf().disable()
// Spring Security가 HttpSession 객체를 생성하지 않도록 설정
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.headers().contentTypeOptions().disable()
.and()
.headers().frameOptions().disable()
.and()
.exceptionHandling()
.authenticationEntryPoint(new MixedAuthenticationEntryPoint(LOGIN_FORM_URL, "/api/v1/bo/login/**"))
.and()
.authorizeRequests()
.requestMatchers(CorsUtils::isPreFlightRequest).permitAll() // CORS preflight 요청은 인증처리를 하지 않도록 설정
.antMatchers(PERMIT_URL_ARRAY).permitAll()
.antMatchers(AUTH_URL_ARRAY).authenticated()
.anyRequest().authenticated();
}
@Override
protected void configure(final AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder());
}
@Bean
public PasswordEncoder passwordEncoder() {
return PasswordEncoderFactories.createDelegatingPasswordEncoder();
}
@Bean
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Bean
public LoginSuccessHandler loginSuccessHandler() {
return new LoginSuccessHandler();
}
@Bean
public LoginFailureHandler loginFailureHandler() {
return new LoginFailureHandler(LOGIN_FAIL_URL);
}
}
Reference in New Issue View Git Blame Copy Permalink