FormLogin
@Configuration
@EnableWebSecurity
@RequiredArgsConstructor
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Value("${server.servlet.session.cookie.name}")
private String COOKIE_NAME;
private final LoginSuccessHandler loginSuccessHandler;
private final LoginFailureHandler loginFailureHandler;
private final LogoutSuccessHandler logoutSuccessHandler;
private final AuthenticationEntryPoint authenticationEntryPoint;
private final AccessDeniedHandler accessDeniedHandler;
private final UserDetailServiceImpl userDetailService;
private final DataSource dataSource;
private final JwtFilter jwtFilter;
private final JwtExceptionFilter jwtExceptionFilter;
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring()
.antMatchers("/node_modules/**")
.requestMatchers(PathRequest.toStaticResources().atCommonLocations());
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable();
http.formLogin()
.loginProcessingUrl("/api/auth/sign-in") // Login Url (POST form)
.usernameParameter("email") // Id Parameter
.passwordParameter("password") // Password Parameter
.successHandler(loginSuccessHandler) // LoginSuccessHandler
.failureHandler(loginFailureHandler); // LoginFailureHandler
http.logout()
.logoutUrl("/api/auth/logout") // Logout Url (POST)
.invalidateHttpSession(true) // 세션 무효화
.clearAuthentication(true) // 인증정보 삭제
.deleteCookies("JSESSIONID", "remember-me", COOKIE_NAME) // Logout 후 Cookie 삭제
.logoutSuccessHandler(logoutSuccessHandler); // Logout 성공 후 Handler
http.rememberMe()
.rememberMeParameter("remember-me") // Login form Parameter (boolean)
.rememberMeCookieName("remember-me") // Cookie 명칭
.tokenValiditySeconds(3600) // 로그인 기억하기 기간
.alwaysRemember(false) // 항상 기능 활성화
.userDetailsService(userDetailService)
.tokenRepository(tokenRepository()); // DB 저장
http.exceptionHandling()
.authenticationEntryPoint(authenticationEntryPoint) // AuthenticationEntryPoint (인증)
.accessDeniedHandler(accessDeniedHandler); // AccessDeniedHandler (인가)
http.authorizeRequests()
.antMatchers("/", "/api/auth/**").permitAll()
.antMatchers("/swagger-ui/**", "/swagger-resources/**", "/v2/api-docs/**").permitAll()
.antMatchers("/api/admin/**").hasRole(Role.ADMIN.toString())
.anyRequest().authenticated();
http.addFilterBefore(jwtFilter, UsernamePasswordAuthenticationFilter.class);
http.addFilterBefore(jwtExceptionFilter, JwtFilter.class);
}
@Bean
public PasswordEncoder passwordEncoder() {
return PasswordEncoderFactories.createDelegatingPasswordEncoder();
}
@Bean
public PersistentTokenRepository tokenRepository() {
JdbcTokenRepositoryImpl jdbcTokenRepository = new JdbcTokenRepositoryImpl();
jdbcTokenRepository.setDataSource(dataSource);
return jdbcTokenRepository;
}
}
JWT
@Configuration
@EnableWebSecurity
@RequiredArgsConstructor
public class SecurityConfig extends WebSecurityConfigurerAdapter {
private final AuthenticationEntryPoint authenticationEntryPoint;
private final AccessDeniedHandler accessDeniedHandler;
private final JwtFilter jwtFilter;
private final JwtExceptionFilter jwtExceptionFilter;
@Bean
public PasswordEncoder passwordEncoder() {
return PasswordEncoderFactories.createDelegatingPasswordEncoder();
}
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring()
.antMatchers("/node_modules/**")
.requestMatchers(PathRequest.toStaticResources().atCommonLocations());
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf()
.disable();
http.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS);
http.exceptionHandling()
.authenticationEntryPoint(authenticationEntryPoint)
.accessDeniedHandler(accessDeniedHandler);
http.authorizeRequests()
.antMatchers("/", "/api/auth/**").permitAll()
.antMatchers("/swagger-ui/**", "/swagger-resources/**", "/v2/api-docs/**").permitAll()
.antMatchers("/api/admin/**").hasRole(Role.ADMIN.toString())
.anyRequest().authenticated();
http.addFilterBefore(jwtFilter, UsernamePasswordAuthenticationFilter.class);
http.addFilterBefore(jwtExceptionFilter, JwtFilter.class);
}
}