운영환경처리
This commit is contained in:
@@ -26,80 +26,78 @@ import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
|
|||||||
@EnableWebSecurity
|
@EnableWebSecurity
|
||||||
public class SecurityConfig {
|
public class SecurityConfig {
|
||||||
|
|
||||||
@Value("${cors.allowed-origins}")
|
|
||||||
private List<String> allowedOrigins;
|
|
||||||
|
|
||||||
@Bean
|
@Bean
|
||||||
public SecurityFilterChain securityFilterChain(
|
public SecurityFilterChain securityFilterChain(
|
||||||
org.springframework.security.config.annotation.web.builders.HttpSecurity http,
|
org.springframework.security.config.annotation.web.builders.HttpSecurity http,
|
||||||
JwtAuthenticationFilter jwtAuthenticationFilter,
|
JwtAuthenticationFilter jwtAuthenticationFilter,
|
||||||
CustomAuthenticationProvider customAuthenticationProvider)
|
CustomAuthenticationProvider customAuthenticationProvider)
|
||||||
throws Exception {
|
throws Exception {
|
||||||
|
|
||||||
http.cors(cors -> cors.configurationSource(corsConfigurationSource()))
|
http.cors(cors -> cors.configurationSource(corsConfigurationSource()))
|
||||||
.csrf(csrf -> csrf.disable())
|
.csrf(csrf -> csrf.disable())
|
||||||
.sessionManagement(sm -> sm.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
|
.sessionManagement(sm -> sm.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
|
||||||
.formLogin(form -> form.disable())
|
.formLogin(form -> form.disable())
|
||||||
|
|
||||||
// /monitor 에서 Basic 인증을 쓰려면 disable 하면 안됨
|
// /monitor 에서 Basic 인증을 쓰려면 disable 하면 안됨
|
||||||
.httpBasic(basic -> {})
|
.httpBasic(basic -> {})
|
||||||
.logout(logout -> logout.disable())
|
.logout(logout -> logout.disable())
|
||||||
.authenticationProvider(customAuthenticationProvider)
|
.authenticationProvider(customAuthenticationProvider)
|
||||||
.authorizeHttpRequests(
|
.authorizeHttpRequests(
|
||||||
auth ->
|
auth ->
|
||||||
auth
|
auth
|
||||||
|
|
||||||
// monitor
|
// monitor
|
||||||
.requestMatchers("/monitor/health", "/monitor/health/**")
|
.requestMatchers("/monitor/health", "/monitor/health/**")
|
||||||
.permitAll()
|
.permitAll()
|
||||||
.requestMatchers("/monitor/**")
|
.requestMatchers("/monitor/**")
|
||||||
.authenticated() // Basic으로 인증되게끔
|
.authenticated() // Basic으로 인증되게끔
|
||||||
|
|
||||||
// mapsheet
|
// mapsheet
|
||||||
.requestMatchers("/api/mapsheet/**")
|
.requestMatchers("/api/mapsheet/**")
|
||||||
.permitAll()
|
.permitAll()
|
||||||
.requestMatchers(HttpMethod.POST, "/api/mapsheet/upload")
|
.requestMatchers(HttpMethod.POST, "/api/mapsheet/upload")
|
||||||
.permitAll()
|
.permitAll()
|
||||||
|
|
||||||
// test role
|
// test role
|
||||||
.requestMatchers("/api/test/admin")
|
.requestMatchers("/api/test/admin")
|
||||||
.hasRole("ADMIN")
|
.hasRole("ADMIN")
|
||||||
.requestMatchers("/api/test/label")
|
.requestMatchers("/api/test/label")
|
||||||
.hasAnyRole("ADMIN", "LABELER")
|
.hasAnyRole("ADMIN", "LABELER")
|
||||||
.requestMatchers("/api/test/review")
|
.requestMatchers("/api/test/review")
|
||||||
.hasAnyRole("ADMIN", "REVIEWER")
|
.hasAnyRole("ADMIN", "REVIEWER")
|
||||||
|
|
||||||
// common permit
|
// common permit
|
||||||
.requestMatchers("/error")
|
.requestMatchers("/error")
|
||||||
.permitAll()
|
.permitAll()
|
||||||
.requestMatchers(HttpMethod.OPTIONS, "/**")
|
.requestMatchers(HttpMethod.OPTIONS, "/**")
|
||||||
.permitAll()
|
.permitAll()
|
||||||
.requestMatchers(
|
.requestMatchers(
|
||||||
"/api/auth/signin",
|
"/api/auth/signin",
|
||||||
"/api/auth/refresh",
|
"/api/auth/refresh",
|
||||||
"/api/auth/logout",
|
"/api/auth/logout",
|
||||||
"/swagger-ui/**",
|
"/swagger-ui/**",
|
||||||
"/v3/api-docs/**",
|
"/v3/api-docs/**",
|
||||||
"/api/upload/chunk-upload-dataset",
|
"/api/upload/chunk-upload-dataset",
|
||||||
"/api/upload/chunk-upload-complete",
|
"/api/upload/chunk-upload-complete",
|
||||||
"/download_progress_test.html",
|
"/download_progress_test.html",
|
||||||
"/api/models/download/**")
|
"/api/models/download/**")
|
||||||
.permitAll()
|
.permitAll()
|
||||||
.requestMatchers("/api/members/*/password")
|
.requestMatchers("/api/members/*/password")
|
||||||
.authenticated()
|
.authenticated()
|
||||||
// default
|
// default
|
||||||
.anyRequest()
|
.anyRequest()
|
||||||
.authenticated())
|
.authenticated())
|
||||||
|
|
||||||
// JWT 필터는 앞단에
|
// JWT 필터는 앞단에
|
||||||
.addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class);
|
.addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class);
|
||||||
|
|
||||||
return http.build();
|
return http.build();
|
||||||
}
|
}
|
||||||
|
|
||||||
@Bean
|
@Bean
|
||||||
public AuthenticationManager authenticationManager(AuthenticationConfiguration configuration)
|
public AuthenticationManager authenticationManager(AuthenticationConfiguration configuration)
|
||||||
throws Exception {
|
throws Exception {
|
||||||
return configuration.getAuthenticationManager();
|
return configuration.getAuthenticationManager();
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -114,7 +112,7 @@ public class SecurityConfig {
|
|||||||
CorsConfiguration config = new CorsConfiguration(); // CORS 객체 생성
|
CorsConfiguration config = new CorsConfiguration(); // CORS 객체 생성
|
||||||
|
|
||||||
// application.yml에서 환경별로 설정된 도메인 사용
|
// application.yml에서 환경별로 설정된 도메인 사용
|
||||||
config.setAllowedOriginPatterns(allowedOrigins);
|
config.setAllowedOriginPatterns(List.of("*")); // 도메인 허용
|
||||||
|
|
||||||
config.setAllowedMethods(List.of("GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS"));
|
config.setAllowedMethods(List.of("GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS"));
|
||||||
config.setAllowedHeaders(List.of("*")); // 헤더요청 Authorization, Content-Type, X-Custom-Header
|
config.setAllowedHeaders(List.of("*")); // 헤더요청 Authorization, Content-Type, X-Custom-Header
|
||||||
|
|||||||
Reference in New Issue
Block a user