CustomSecurityConfig ( 비활성화 추가 ) > SPRING_DATA_JPA

• 목록

package web.config;

import org.springframework.boot.autoconfigure.security.servlet.PathRequest;

import org.springframework.context.annotation.Bean;

import org.springframework.context.annotation.Configuration;

import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;

import org.springframework.security.config.annotation.web.builders.HttpSecurity;

import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;

import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;

import org.springframework.security.crypto.password.PasswordEncoder;

import org.springframework.security.web.SecurityFilterChain;

import lombok.extern.log4j.Log4j2;

@Log4j2

@Configuration

//@PreAuthorize 혹은 @PostAuthorize 어노테이션을 이용해서 사전 혹은 사후의 권한을 체크할 수 있다.

@EnableGlobalMethodSecurity(prePostEnabled = true)

public class CustomSecurityConfig {

@Bean

public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {

log.info("-------시큐리티 해제-------");

//http.formLogin();

http.formLogin().loginPage("/member/login");

http.csrf().disable(); //비활성화

return http.build();

}

... 생략 ...

}