-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathSecurityConfig.java
36 lines (30 loc) · 1.44 KB
/
SecurityConfig.java
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
package team05.integrated_feed_backend.core.config;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.web.SecurityFilterChain;
import lombok.RequiredArgsConstructor;
@Configuration
@EnableWebSecurity
@RequiredArgsConstructor
public class SecurityConfig {
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
http
.csrf(AbstractHttpConfigurer::disable) // CSRF 보호를 비활성화 (JWT를 사용하기 때문에)
.sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS)) // 세션 사용X
.authorizeHttpRequests(authorize -> authorize
.requestMatchers("/auth/**", "/swagger-ui/**", "/v3/api-docs/**")
.permitAll() // 인증 없이 접근할 수 있는 경로 설정하기 (회원가입, 로그인 등)
.requestMatchers(HttpMethod.POST, "/api/members")
.permitAll()
.anyRequest()
.authenticated() // 그 외의 모든 요청 인증 필요
);
return http.build();
}
}