log 파일 추가, 권한별 메뉴 기능 추가

2025-12-22 18:27:39 +09:00
parent de1f548784
commit 3c6a5015c7
10 changed files with 354 additions and 11 deletions
--- a/src/main/java/com/kamco/cd/kamcoback/config/SecurityConfig.java
+++ b/src/main/java/com/kamco/cd/kamcoback/config/SecurityConfig.java
@@ -2,6 +2,7 @@ package com.kamco.cd.kamcoback.config;

 import com.kamco.cd.kamcoback.auth.CustomAuthenticationProvider;
 import com.kamco.cd.kamcoback.auth.JwtAuthenticationFilter;
+import com.kamco.cd.kamcoback.auth.RedisAuthorizationManager;
 import java.util.List;
 import lombok.RequiredArgsConstructor;
 import org.springframework.context.annotation.Bean;
@@ -11,6 +12,7 @@ import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
 import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
@@ -27,16 +29,17 @@ public class SecurityConfig {

  private final JwtAuthenticationFilter jwtAuthenticationFilter;
  private final CustomAuthenticationProvider customAuthenticationProvider;
+  private final RedisAuthorizationManager redisAuthorizationManager;

  @Bean
  public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {

    http.cors(cors -> cors.configurationSource(corsConfigurationSource()))
-        .csrf(csrf -> csrf.disable())
+        .csrf(AbstractHttpConfigurer::disable)
        .sessionManagement(sm -> sm.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
-        .formLogin(form -> form.disable())
-        .httpBasic(basic -> basic.disable())
-        .logout(logout -> logout.disable())
+        .formLogin(AbstractHttpConfigurer::disable)
+        .httpBasic(AbstractHttpConfigurer::disable)
+        .logout(AbstractHttpConfigurer::disable)
        .authenticationProvider(customAuthenticationProvider)
        .authorizeHttpRequests(
            auth ->
@@ -74,10 +77,10 @@ public class SecurityConfig {
                        "/api/auth/logout",
                        "/swagger-ui/**",
                        "/api/members/*/password",
-                        "/api/code/type/**",
                        "/v3/api-docs/**")
                    .permitAll()
                    .anyRequest()
+                    //            .access(redisAuthorizationManager)
                    .authenticated())
        .addFilterBefore(
            jwtAuthenticationFilter,