feat: SecurityConfig 파일 추가(#7)

KUSITMS-29th-TEAM-B · May 2, 2024 · 58ad7c2 · 58ad7c2
1 parent 0c0879a
commit 58ad7c2
Show file tree

Hide file tree

Showing 3 changed files with 52 additions and 14 deletions.
diff --git a/Api-Module/src/main/kotlin/com/bamyanggang/apimodule/ApiModuleApplication.kt b/Api-Module/src/main/kotlin/com/bamyanggang/apimodule/ApiModuleApplication.kt
@@ -4,7 +4,10 @@ import org.springframework.boot.autoconfigure.SpringBootApplication
 import org.springframework.boot.autoconfigure.security.servlet.UserDetailsServiceAutoConfiguration
 import org.springframework.boot.runApplication
 
-@SpringBootApplication(exclude = [UserDetailsServiceAutoConfiguration::class])
+@SpringBootApplication(
+    scanBasePackages = ["com.bamyanggang.apimodule"],
+    exclude = [UserDetailsServiceAutoConfiguration::class]
+)
 class ApiModuleApplication {
 }
 

diff --git a/Api-Module/src/main/kotlin/com/bamyanggang/apimodule/HealthCheckController.kt b/Api-Module/src/main/kotlin/com/bamyanggang/apimodule/HealthCheckController.kt
diff --git a/...c/main/kotlin/com/bamyanggang/apimodule/domain/auth/presentation/config/SecurityConfig.kt b/...c/main/kotlin/com/bamyanggang/apimodule/domain/auth/presentation/config/SecurityConfig.kt
@@ -0,0 +1,48 @@
+package com.bamyanggang.apimodule.domain.auth.presentation.config
+
+import org.springframework.context.annotation.Bean
+import org.springframework.context.annotation.Configuration
+import org.springframework.security.config.annotation.web.builders.HttpSecurity
+import org.springframework.security.config.annotation.web.builders.WebSecurity
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
+import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer
+import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer
+import org.springframework.security.config.http.SessionCreationPolicy
+import org.springframework.security.web.SecurityFilterChain
+
+
+@EnableWebSecurity
+@Configuration
+class SecurityConfig {
+    // TODO: api 추가될 때 white list url 확인해서 추가하기.
+    private val whiteList: Array<String> = arrayOf(
+        "/api/**",
+        "/api-docs/**",
+        "/",
+        "/error"
+    )
+
+    @Bean
+    fun webSecurityCustomizer(): WebSecurityCustomizer {
+        return WebSecurityCustomizer { web: WebSecurity -> web.ignoring().requestMatchers(*whiteList) }
+    }
+
+    @Bean
+    @Throws(Exception::class)
+    fun filterChain(http: HttpSecurity): SecurityFilterChain {
+        return http
+            .csrf { obj: AbstractHttpConfigurer<*, *> -> obj.disable() }
+            .formLogin { obj: AbstractHttpConfigurer<*, *> -> obj.disable() }
+            .httpBasic { obj: AbstractHttpConfigurer<*, *> -> obj.disable() }
+            .sessionManagement { sessionManagementConfigurer ->
+                sessionManagementConfigurer
+                    .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
+            }
+            .authorizeHttpRequests { authorizationManagerRequestMatcherRegistry ->
+                authorizationManagerRequestMatcherRegistry
+                    .anyRequest()
+                    .authenticated()
+            }
+            .build()
+    }
+}