config/

SecurityConfig.java

CORS, 기본 로그인 페이지 제공 여부 등 웹 보안 관련된 설정 관리

package com.example.pkscl.config;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Bean
    public PasswordEncoder getPasswordEncoder() {
        return new BCryptPasswordEncoder();
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
            .cors().disable()      // cors 비활성화
            .csrf().disable()      // csrf 비활성화
            .formLogin().disable() //기본 로그인 페이지 없애기
            .logout().disable()    //기본 로그아웃 페이지 없애기
            .headers().frameOptions().disable();
    }

}

WebConfig.java

인터셉터 순서 및 URL 설정, CORS 설정 관리

package com.example.pkscl.config;

import com.example.pkscl.Interceptor.EditPageInterceptor;
import com.example.pkscl.Interceptor.LoginCheckInterceptor;
import com.example.pkscl.Interceptor.LoginPageInterceptor;

import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.CorsRegistry;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
  
@Configuration
public class WebConfig implements WebMvcConfigurer{
    
    @Override
    public void addInterceptors(InterceptorRegistry registry) {
        registry.addInterceptor(new EditPageInterceptor())
        .order(1)
        .addPathPatterns("/edit-main**");
        registry.addInterceptor(new LoginCheckInterceptor())
        .order(2)
        .addPathPatterns("/**")
        .excludePathPatterns("/","/css/**", "/*.ico", "/error", "/login/**", "/signup/**","/signUp/**", "/major-list", "/index.html", "/static/**", "/*.json", "/*.css", "/*.js" , "/*.png", "/email/*", "/verify/**", "/img/**", "/newpwd/**", "/email.png", "/logo.png","/password.png");
        registry.addInterceptor(new LoginPageInterceptor())
        .order(3)
        .addPathPatterns("/", "");
    }

    @Override
    public void addCorsMappings(CorsRegistry registry) {
        registry.addMapping("/**")
            .allowedOrigins("*")
            .allowedMethods("*");
    }
    
}

Previous시스템 흐름도 및 구조도 Nextcontroller/

Last updated 2 years ago