CustomSecurityConfig
페이지 정보
작성자 관리자 작성일 24-07-18 11:44 조회 1,169 댓글 0본문
package web.config;
import org.springframework.boot.autoconfigure.security.servlet.PathRequest;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;
import lombok.extern.log4j.Log4j2;
@Log4j2
@Configuration
// @PreAuthorize 혹은 @PostAuthorize 어노테이션을 이용해서 사전 혹은 사후의 권한을 체크할 수 있다.
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class CustomSecurityConfig {
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
log.info("-------시큐리티 해제-------");
http.formLogin();
return http.build();
}
@Bean
public WebSecurityCustomizer webSecurityCustomizer() {
log.info("-------시큐리티 적용 제외-------");
return (web) -> web.ignoring().requestMatchers(PathRequest.toStaticResources().atCommonLocations());
}
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
}
댓글목록 0
등록된 댓글이 없습니다.