|
17 | 17 | import org.springframework.security.web.SecurityFilterChain;
|
18 | 18 | import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
|
19 | 19 | import project.backend.business.auth.oauth.KakaoUserDetailsService;
|
20 |
| -import project.backend.common.auth.jwt.JwtAccessDeniedHandler; |
21 |
| -import project.backend.common.auth.jwt.JwtAuthenticationFailEntryPoint; |
22 |
| -import project.backend.common.auth.jwt.JwtFilter; |
| 20 | +import project.backend.security.jwt.JwtAccessDeniedHandler; |
| 21 | +import project.backend.security.jwt.JwtAuthenticationFailEntryPoint; |
| 22 | +import project.backend.security.jwt.JwtFilter; |
23 | 23 | import project.backend.common.error.ExceptionHandlerFilter;
|
24 | 24 |
|
25 | 25 | @Configuration
|
|
28 | 28 | @Profile("dev")
|
29 | 29 | public class SecurityConfig {
|
30 | 30 |
|
31 |
| - private final JwtAuthenticationFailEntryPoint jwtAuthenticationFailEntryPoint; |
32 |
| - private final JwtAccessDeniedHandler jwtAccessDeniedHandler; |
33 |
| - private final JwtFilter jwtFilter; |
34 |
| - private final KakaoUserDetailsService kakaoUserDetailsService; |
| 31 | + private final JwtAuthenticationFailEntryPoint jwtAuthenticationFailEntryPoint; |
| 32 | + private final JwtAccessDeniedHandler jwtAccessDeniedHandler; |
| 33 | + private final JwtFilter jwtFilter; |
| 34 | + private final KakaoUserDetailsService kakaoUserDetailsService; |
| 35 | + private final ExceptionHandlerFilter exceptionHandlerFilter; |
35 | 36 |
|
36 |
| - @Bean |
37 |
| - public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { |
38 |
| - http.formLogin(AbstractHttpConfigurer::disable) |
39 |
| - .httpBasic(AbstractHttpConfigurer::disable) |
40 |
| - .csrf(AbstractHttpConfigurer::disable) |
41 |
| - .cors(withDefaults()) |
42 |
| - .headers(headers -> headers.frameOptions(FrameOptionsConfig::disable)) |
43 |
| - .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS)) |
44 |
| - .oauth2Login(oauth -> oauth.userInfoEndpoint(config -> config.userService(kakaoUserDetailsService))) |
45 |
| - .authorizeHttpRequests(request -> request |
46 |
| - .requestMatchers("/v1/auth/**").permitAll() |
47 |
| - .requestMatchers("/v1/exception/**").permitAll() |
48 |
| - .requestMatchers(HttpMethod.POST, "/post").permitAll() |
49 |
| - .requestMatchers(HttpMethod.PATCH, "/post/*/summary").permitAll() |
50 |
| - .anyRequest().authenticated() |
51 |
| - ) |
52 |
| - .addFilterBefore(jwtFilter, UsernamePasswordAuthenticationFilter.class) |
53 |
| - .addFilterBefore(new ExceptionHandlerFilter(), JwtFilter.class) // JwtFilter 에서 CustomException 사용하기 위해 추가 |
54 |
| - .exceptionHandling(exceptionHandling -> { |
55 |
| - exceptionHandling.authenticationEntryPoint(jwtAuthenticationFailEntryPoint); |
56 |
| - exceptionHandling.accessDeniedHandler(jwtAccessDeniedHandler); |
57 |
| - }); |
| 37 | + @Bean |
| 38 | + public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { |
| 39 | + http.formLogin(AbstractHttpConfigurer::disable) |
| 40 | + .httpBasic(AbstractHttpConfigurer::disable) |
| 41 | + .csrf(AbstractHttpConfigurer::disable) |
| 42 | + .cors(withDefaults()) |
| 43 | + .headers(headers -> headers.frameOptions(FrameOptionsConfig::disable)) |
| 44 | + .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS)) |
| 45 | + .oauth2Login(oauth -> oauth.userInfoEndpoint(config -> config.userService(kakaoUserDetailsService))) |
| 46 | + .authorizeHttpRequests(request -> request |
| 47 | + .requestMatchers("/auth/**").permitAll() |
| 48 | + .requestMatchers("/exception/**").permitAll() |
| 49 | + .requestMatchers(HttpMethod.POST, "/post").permitAll() |
| 50 | + .requestMatchers(HttpMethod.PATCH, "/post/*/summary").permitAll() |
| 51 | + .anyRequest().authenticated() |
| 52 | + ) |
| 53 | + .addFilterBefore(jwtFilter, UsernamePasswordAuthenticationFilter.class) |
| 54 | + .addFilterBefore(exceptionHandlerFilter, JwtFilter.class) // ExceptionHandlerFilter 의존성 주입으로 사용 |
| 55 | + .exceptionHandling(exceptionHandling -> { |
| 56 | + exceptionHandling.authenticationEntryPoint(jwtAuthenticationFailEntryPoint); |
| 57 | + exceptionHandling.accessDeniedHandler(jwtAccessDeniedHandler); |
| 58 | + }); |
58 | 59 |
|
59 |
| - return http.build(); |
60 |
| - } |
| 60 | + return http.build(); |
| 61 | + } |
61 | 62 |
|
62 | 63 | @Bean
|
63 | 64 | public PasswordEncoder passwordEncoder() {
|
|
0 commit comments