generated from gc/template-java-maven
HYOJIN
97e5a24343
- JWT 인증 및 LoginPage 제거, SecurityConfig permitAll 전환 - @PreAuthorize 어노테이션 전체 제거 (@EnableMethodSecurity 비활성화) - ADMIN/MANAGER/USER 역할 토글 버튼 (헤더) + localStorage 연동 - X-User-Id 헤더 기반 사용자 식별 (ApiKeyController, ApiKeyRequestController) - RoleGuard 컴포넌트로 관리자 전용 페이지 접근 제어 - WebViewController 루트 리다이렉트 수정 (이중 context-path 방지) closes #35
45 lines
2.0 KiB
Java
45 lines
2.0 KiB
Java
package com.gcsc.connection.config;
|
|
|
|
import org.springframework.context.annotation.Bean;
|
|
import org.springframework.context.annotation.Configuration;
|
|
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
|
import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
|
|
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
|
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
|
|
import org.springframework.security.config.annotation.web.configurers.HeadersConfigurer;
|
|
import org.springframework.security.config.http.SessionCreationPolicy;
|
|
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
|
|
import org.springframework.security.crypto.password.PasswordEncoder;
|
|
import org.springframework.security.web.SecurityFilterChain;
|
|
|
|
@Configuration
|
|
@EnableWebSecurity
|
|
// @EnableMethodSecurity -- disabled (no login)
|
|
public class SecurityConfig {
|
|
|
|
@Bean
|
|
public PasswordEncoder passwordEncoder() {
|
|
return new BCryptPasswordEncoder();
|
|
}
|
|
|
|
@Bean
|
|
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
|
|
http
|
|
.csrf(AbstractHttpConfigurer::disable)
|
|
.headers(headers -> headers
|
|
.frameOptions(HeadersConfigurer.FrameOptionsConfig::sameOrigin))
|
|
.sessionManagement(session -> session
|
|
.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
|
|
.authorizeHttpRequests(auth -> auth
|
|
.requestMatchers("/api/auth/**").permitAll()
|
|
.requestMatchers("/swagger-ui/**", "/v3/api-docs/**").permitAll()
|
|
.requestMatchers("/actuator/**").permitAll()
|
|
.requestMatchers("/", "/*.html", "/assets/**", "/favicon*", "/site.webmanifest").permitAll()
|
|
.requestMatchers("/gateway/**").permitAll()
|
|
.requestMatchers("/api/**").permitAll()
|
|
.anyRequest().permitAll());
|
|
|
|
return http.build();
|
|
}
|
|
}
|