12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788 |
- package com.its.pis.webapp.config;
- import com.its.pis.webapp.security.SessionListener;
- import com.its.pis.webapp.service.UserService;
- import org.springframework.context.annotation.Bean;
- import org.springframework.context.annotation.Configuration;
- import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
- import org.springframework.security.config.annotation.web.builders.HttpSecurity;
- import org.springframework.security.config.annotation.web.builders.WebSecurity;
- import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
- import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
- import org.springframework.security.config.http.SessionCreationPolicy;
- import org.springframework.security.core.session.SessionRegistry;
- import org.springframework.security.core.session.SessionRegistryImpl;
- import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
- import javax.servlet.http.HttpSessionListener;
- @EnableWebSecurity
- @Configuration
- public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
- private final UserService userService;
- public WebSecurityConfig(UserService userService) {
- this.userService = userService;
- }
- public void configure(WebSecurity web) throws Exception {
- web.ignoring().antMatchers(new String[]{"/css/**", "/js/**", "/img/**", "/lib/**"});
- }
- protected void configure(HttpSecurity http) throws Exception {
- http.csrf().disable();
- http
- .authorizeRequests()
- // SWAGGER 권한 설정
- .antMatchers("/swagger-ui.html", "/swagger/**", "/swagger-resources/**", "/webjars/**", "/v2/api-docs").permitAll()
- // 웹소켓 권한 설정하지
- .antMatchers("/ws/**").permitAll()
- .antMatchers(new String[]{"/index"})
- .hasRole("ADMIN")
- .antMatchers(new String[]{"/**"})
- .hasRole("ADMIN")
- .and()
- .formLogin()
- .loginPage("/login")
- .defaultSuccessUrl("/index")
- .failureUrl("/denied")
- .permitAll()
- .and()
- .logout()
- .logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
- .logoutSuccessUrl("/login").invalidateHttpSession(true)
- .deleteCookies()
- .and()
- .exceptionHandling()
- .accessDeniedPage("/denied");
- http
- .sessionManagement()
- .sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
- .invalidSessionUrl("/login")
- .sessionFixation()
- .migrateSession()
- .maximumSessions(5)
- .maxSessionsPreventsLogin(true)
- .expiredUrl("/login")
- .sessionRegistry(this.sessionRegistry());
- }
- protected void configure(AuthenticationManagerBuilder auth) throws Exception {
- auth.userDetailsService(this.userService);
- }
- @Bean
- public SessionRegistry sessionRegistry() {
- return new SessionRegistryImpl();
- }
- @Bean
- public HttpSessionListener httpSessionListener() {
- return new SessionListener();
- }
- }
|