운영환경처리
This commit is contained in:
@@ -26,80 +26,78 @@ import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
|
||||
@EnableWebSecurity
|
||||
public class SecurityConfig {
|
||||
|
||||
@Value("${cors.allowed-origins}")
|
||||
private List<String> allowedOrigins;
|
||||
|
||||
@Bean
|
||||
public SecurityFilterChain securityFilterChain(
|
||||
org.springframework.security.config.annotation.web.builders.HttpSecurity http,
|
||||
JwtAuthenticationFilter jwtAuthenticationFilter,
|
||||
CustomAuthenticationProvider customAuthenticationProvider)
|
||||
throws Exception {
|
||||
org.springframework.security.config.annotation.web.builders.HttpSecurity http,
|
||||
JwtAuthenticationFilter jwtAuthenticationFilter,
|
||||
CustomAuthenticationProvider customAuthenticationProvider)
|
||||
throws Exception {
|
||||
|
||||
http.cors(cors -> cors.configurationSource(corsConfigurationSource()))
|
||||
.csrf(csrf -> csrf.disable())
|
||||
.sessionManagement(sm -> sm.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
|
||||
.formLogin(form -> form.disable())
|
||||
.csrf(csrf -> csrf.disable())
|
||||
.sessionManagement(sm -> sm.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
|
||||
.formLogin(form -> form.disable())
|
||||
|
||||
// /monitor 에서 Basic 인증을 쓰려면 disable 하면 안됨
|
||||
.httpBasic(basic -> {})
|
||||
.logout(logout -> logout.disable())
|
||||
.authenticationProvider(customAuthenticationProvider)
|
||||
.authorizeHttpRequests(
|
||||
auth ->
|
||||
auth
|
||||
// /monitor 에서 Basic 인증을 쓰려면 disable 하면 안됨
|
||||
.httpBasic(basic -> {})
|
||||
.logout(logout -> logout.disable())
|
||||
.authenticationProvider(customAuthenticationProvider)
|
||||
.authorizeHttpRequests(
|
||||
auth ->
|
||||
auth
|
||||
|
||||
// monitor
|
||||
.requestMatchers("/monitor/health", "/monitor/health/**")
|
||||
.permitAll()
|
||||
.requestMatchers("/monitor/**")
|
||||
.authenticated() // Basic으로 인증되게끔
|
||||
// monitor
|
||||
.requestMatchers("/monitor/health", "/monitor/health/**")
|
||||
.permitAll()
|
||||
.requestMatchers("/monitor/**")
|
||||
.authenticated() // Basic으로 인증되게끔
|
||||
|
||||
// mapsheet
|
||||
.requestMatchers("/api/mapsheet/**")
|
||||
.permitAll()
|
||||
.requestMatchers(HttpMethod.POST, "/api/mapsheet/upload")
|
||||
.permitAll()
|
||||
// mapsheet
|
||||
.requestMatchers("/api/mapsheet/**")
|
||||
.permitAll()
|
||||
.requestMatchers(HttpMethod.POST, "/api/mapsheet/upload")
|
||||
.permitAll()
|
||||
|
||||
// test role
|
||||
.requestMatchers("/api/test/admin")
|
||||
.hasRole("ADMIN")
|
||||
.requestMatchers("/api/test/label")
|
||||
.hasAnyRole("ADMIN", "LABELER")
|
||||
.requestMatchers("/api/test/review")
|
||||
.hasAnyRole("ADMIN", "REVIEWER")
|
||||
// test role
|
||||
.requestMatchers("/api/test/admin")
|
||||
.hasRole("ADMIN")
|
||||
.requestMatchers("/api/test/label")
|
||||
.hasAnyRole("ADMIN", "LABELER")
|
||||
.requestMatchers("/api/test/review")
|
||||
.hasAnyRole("ADMIN", "REVIEWER")
|
||||
|
||||
// common permit
|
||||
.requestMatchers("/error")
|
||||
.permitAll()
|
||||
.requestMatchers(HttpMethod.OPTIONS, "/**")
|
||||
.permitAll()
|
||||
.requestMatchers(
|
||||
"/api/auth/signin",
|
||||
"/api/auth/refresh",
|
||||
"/api/auth/logout",
|
||||
"/swagger-ui/**",
|
||||
"/v3/api-docs/**",
|
||||
"/api/upload/chunk-upload-dataset",
|
||||
"/api/upload/chunk-upload-complete",
|
||||
"/download_progress_test.html",
|
||||
"/api/models/download/**")
|
||||
.permitAll()
|
||||
.requestMatchers("/api/members/*/password")
|
||||
.authenticated()
|
||||
// default
|
||||
.anyRequest()
|
||||
.authenticated())
|
||||
// common permit
|
||||
.requestMatchers("/error")
|
||||
.permitAll()
|
||||
.requestMatchers(HttpMethod.OPTIONS, "/**")
|
||||
.permitAll()
|
||||
.requestMatchers(
|
||||
"/api/auth/signin",
|
||||
"/api/auth/refresh",
|
||||
"/api/auth/logout",
|
||||
"/swagger-ui/**",
|
||||
"/v3/api-docs/**",
|
||||
"/api/upload/chunk-upload-dataset",
|
||||
"/api/upload/chunk-upload-complete",
|
||||
"/download_progress_test.html",
|
||||
"/api/models/download/**")
|
||||
.permitAll()
|
||||
.requestMatchers("/api/members/*/password")
|
||||
.authenticated()
|
||||
// default
|
||||
.anyRequest()
|
||||
.authenticated())
|
||||
|
||||
// JWT 필터는 앞단에
|
||||
.addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class);
|
||||
// JWT 필터는 앞단에
|
||||
.addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class);
|
||||
|
||||
return http.build();
|
||||
}
|
||||
|
||||
@Bean
|
||||
public AuthenticationManager authenticationManager(AuthenticationConfiguration configuration)
|
||||
throws Exception {
|
||||
throws Exception {
|
||||
return configuration.getAuthenticationManager();
|
||||
}
|
||||
|
||||
@@ -114,7 +112,7 @@ public class SecurityConfig {
|
||||
CorsConfiguration config = new CorsConfiguration(); // CORS 객체 생성
|
||||
|
||||
// application.yml에서 환경별로 설정된 도메인 사용
|
||||
config.setAllowedOriginPatterns(allowedOrigins);
|
||||
config.setAllowedOriginPatterns(List.of("*")); // 도메인 허용
|
||||
|
||||
config.setAllowedMethods(List.of("GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS"));
|
||||
config.setAllowedHeaders(List.of("*")); // 헤더요청 Authorization, Content-Type, X-Custom-Header
|
||||
|
||||
Reference in New Issue
Block a user