💡Spring Security 6.X 버젼에서 SecurityConfig 클래스를 작성 할 때 변경 된 점이 있다.
아래 사이트에 접속해서 사용법을 확인해보자.


HttpSecurity - spring-security-config 6.2.0 javadoc

 

HttpSecurity - spring-security-config 6.2.0 javadoc

Latest version of org.springframework.security:spring-security-config https://javadoc.io/doc/org.springframework.security/spring-security-config Current version 6.2.0 https://javadoc.io/doc/org.springframework.security/spring-security-config/6.2.0 package-

javadoc.io

 

변경 전 SecutiryConfig 클래스

@Bean
    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
        http
                .csrf().disable()
                .httpBasic().disable()
                .formLogin().disable()
                .addFilter(corsFilter())
                .addFilterBefore(new JwtAuthenticationFilter(jwtTokenProvider), UsernamePasswordAuthenticationFilter.class)
                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)

                .and()
                .exceptionHandling()
                .authenticationEntryPoint(jwtAuthenticationEntryPoint) //customEntryPoint
                .accessDeniedHandler(jwtAccessDeniedHandler) // cutomAccessDeniedHandler

                .and()
                .authorizeRequests() // '인증'이 필요하다
                .antMatchers("/users/mypage/**").authenticated() // 마이페이지 인증 필요
                .antMatchers("/admin/**").hasRole("ADMIN") // 관리자 페이지
                .anyRequest().permitAll();
        return http.build();
    }

 

 

변경 후 SecurityConfig 클래스

@Bean
    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
        http
                .csrf(csrf -> csrf.disable())
                .httpBasic(httpBasic -> httpBasic.disable())
                .formLogin(formLogin -> formLogin.disable())
                .addFilter(corsFilter())
                .addFilterBefore(new JwtAuthenticationFilter(jwtTokenProvider), UsernamePasswordAuthenticationFilter.class)
                .sessionManagement((sessionManagement) ->
                        sessionManagement.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
                )
                .authorizeRequests((authorizeRequests) ->
                        authorizeRequests
                                .requestMatchers("/users/mypage/**").authenticated()
                                .requestMatchers("/admin/**").hasRole("ADMIN"))
                // 예외 처리
                .exceptionHandling((exceptionHandling) ->
                        exceptionHandling.authenticationEntryPoint(jwtAuthenticationEntryPoint) //customEntryPoint
                                .accessDeniedHandler(jwtAccessDeniedHandler) // cutomAccessDeniedHandler
                        );
        return http.build();
    }

 

'과거 기록' 카테고리의 다른 글

[오류] what went wrong: cannot locate tasks that match ':api:apiapplication.main()' as project 'api' not found in root project 'api'. / IntellJ Cummunitiy Edition 멀티 모듈 구성 오류  (0) 2024.01.12
[Oracle] M2 맥에서 colima start 안되는 오류 해결 방법 / M2 맥에서 오라클 DB 이슈 해결  (0) 2023.11.06
[git] 레포지토리 변경하기  (0) 2023.11.04

티스토리툴바