| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144 |
- package com.its.api.webapp.config;
- import com.its.api.webapp.handler.LoginFailureHandler;
- import com.its.api.webapp.handler.LoginSuccessHandler;
- import com.its.api.webapp.security.WebPasswordEncoder;
- import com.its.api.webapp.security.WebSessionListener;
- import com.its.api.webapp.service.WebLoginService;
- import lombok.RequiredArgsConstructor;
- import org.springframework.context.annotation.Bean;
- import org.springframework.context.annotation.Configuration;
- import org.springframework.http.HttpMethod;
- import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
- import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
- import org.springframework.security.config.annotation.web.builders.HttpSecurity;
- import org.springframework.security.config.annotation.web.builders.WebSecurity;
- import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
- import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
- import org.springframework.security.core.session.SessionRegistry;
- import org.springframework.security.core.session.SessionRegistryImpl;
- import org.springframework.security.crypto.password.PasswordEncoder;
- import javax.servlet.http.HttpSessionListener;
- @Configuration
- @EnableWebSecurity
- @RequiredArgsConstructor
- //@EnableGlobalMethodSecurity(securedEnabled = true)
- public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
- private final WebLoginService loginService;
- private final LoginSuccessHandler loginSuccessHandler;
- private final LoginFailureHandler loginFailureHandler;
- @Override
- public void configure(WebSecurity web) {
- // static 디렉터리의 하위 파일 목록은 인증 무시 ( = 항상통과 )
- web.ignoring().antMatchers("/js/**", "/images/**", "/libs/**", "/css/**", "/application/fonts/**");
- //web.ignoring().requestMatchers(PathRequest.toStaticResources().atCommonLocations()); // 정적 리소스 접근 가능하게
- web.ignoring().antMatchers(HttpMethod.GET, "/api/**"); // GET Method 는 모두 통과
- }
- @Override
- protected void configure(HttpSecurity http) throws Exception {
- http.csrf()
- .disable()
- ; // REST API 호출 유효하게(POST...)
- http
- .authorizeRequests()
- // SWAGGER 권한 설정
- .antMatchers("/swagger-ui.html", "/swagger/**", "/swagger-resources/**", "/webjars/**", "/v2/api-docs").permitAll()
- // 웹소켓 권한 설정하지
- .antMatchers("/ws/**").permitAll()
- // API 권한 설정하지
- //.antMatchers("/api/**").permitAll()
- // 지도 URI 권한 설정하지
- .antMatchers("/MAPDATA/**").permitAll()
- // 페이지 권한 설정
- .antMatchers("/application/facility/**", "/facility/**").permitAll()
- .antMatchers("/application/wall/**", "/wall/**").permitAll()
- .antMatchers("/application/login/**").permitAll()
- .anyRequest().authenticated()
- .and()
- .formLogin()
- .loginPage("/application/login/login.html")
- .loginProcessingUrl("/login.do")
- .defaultSuccessUrl("/application/op/00.main/main.html", true)
- .usernameParameter("username")
- .passwordParameter("password")
- .successHandler(this.loginSuccessHandler)
- .failureHandler(this.loginFailureHandler)
- .permitAll()
- .and()
- // .logout()
- // .invalidateHttpSession(true)
- // .deleteCookies("JSESSIONID")
- // .logoutSuccessUrl("/login.do")
- // .permitAll()
- // .and()
- // .exceptionHandling()
- // .accessDeniedPage("/login.do")
- // .and()
- // .headers()
- // .defaultsDisabled()
- // .frameOptions()
- // .sameOrigin()
- // .cacheControl();
- // .and() // 로그아웃 설정
- // .logout()
- // .logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
- // .logoutSuccessUrl("/login")
- // .invalidateHttpSession(true)
- // .deleteCookies("JSESSIONID")
- // .and()
- // // 403 예외처리 핸들링
- // .exceptionHandling().accessDeniedPage("/login");
- ;
- // http.sessionManagement()
- // .sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
- // .invalidSessionUrl("/login")
- // .sessionFixation()
- // .migrateSession()
- // .maximumSessions(5)
- // .maxSessionsPreventsLogin(true)
- // .expiredUrl("/login")
- // .sessionRegistry(sessionRegistry())
- // ;
- }
- public DaoAuthenticationProvider daoAuthenticationProvider() {
- DaoAuthenticationProvider authenticationProvider = new DaoAuthenticationProvider();
- authenticationProvider.setUserDetailsService(this.loginService);
- authenticationProvider.setPasswordEncoder(passwordEncoder());
- // loadUserByUsername 의 UsernameNotFoundException 이 BadCredentialsException 로 발생함.
- // Exception 을 catch 하기 위해서는 아래를 false 로 설정하면 됨.
- authenticationProvider.setHideUserNotFoundExceptions(true);
- return authenticationProvider;
- }
- @Override
- public void configure(AuthenticationManagerBuilder auth) throws Exception {
- // loadUserByUsername 의 UsernameNotFoundException 를 처리하기 위해
- // AuthenticationProvider 를 빈으로 등록해서 사용자 로그인 처리를 수행한다.
- //auth.userDetailsService(this.loginService).passwordEncoder(passwordEncoder());
- auth.authenticationProvider(daoAuthenticationProvider());
- }
- @Bean
- public PasswordEncoder passwordEncoder() {
- return new WebPasswordEncoder();
- }
- @Bean
- public SessionRegistry sessionRegistry() {
- return new SessionRegistryImpl();
- }
- @Bean
- public HttpSessionListener httpSessionListener(){
- return new WebSessionListener();
- }
- }
|
