From bbab74f0a798e7061ad17b5d0cb955cf1ac0e721 Mon Sep 17 00:00:00 2001 From: choidongkuen Date: Thu, 18 Jan 2024 06:21:34 +0900 Subject: [PATCH] =?UTF-8?q?refactor=20:=20SecurityConfig=20=EB=A6=AC?= =?UTF-8?q?=ED=8C=A9=ED=86=A0=EB=A7=81=20(#111)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../net/teumteum/core/security/SecurityConfig.java | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/src/main/java/net/teumteum/core/security/SecurityConfig.java b/src/main/java/net/teumteum/core/security/SecurityConfig.java index fc437297..9c2f8094 100644 --- a/src/main/java/net/teumteum/core/security/SecurityConfig.java +++ b/src/main/java/net/teumteum/core/security/SecurityConfig.java @@ -28,8 +28,8 @@ @RequiredArgsConstructor public class SecurityConfig { - private static final String[] PATTERNS = {"/css/**", "/images/**", "/js/**", "/favicon.ico", "/h2-console/**", - "/logins/**"}; + private static final String[] PATTERNS = {"/css/**", "/images/**", "/js/**", "/favicon.ico/**", "/h2-console/**", + "/logins/**", "/auth/**"}; private final JwtAuthenticationEntryPoint jwtAuthenticationEntryPoint; private final JwtAccessDeniedHandler accessDeniedHandler; @@ -38,14 +38,18 @@ public class SecurityConfig { @Bean public WebSecurityCustomizer webSecurityCustomizer() { return web -> web.ignoring() - .requestMatchers("/css/**", "/js/**", "/img/**", "/favicon.ico", "/error"); + .requestMatchers("/css/**", "/js/**", + "/favicon.ico", "/resources/**" + + ); } + @Bean SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { http.csrf(AbstractHttpConfigurer::disable).cors(cors -> cors.configurationSource(corsConfigurationSource())) - .authorizeHttpRequests(request -> request.requestMatchers("/auth/**", "/logins/**").permitAll() - .requestMatchers(HttpMethod.POST, "/users/registers").permitAll().requestMatchers(PATTERNS).permitAll() + .authorizeHttpRequests(request -> request.requestMatchers(PATTERNS).permitAll() + .requestMatchers(HttpMethod.POST, "/users/registers").permitAll() .anyRequest().authenticated()).httpBasic(AbstractHttpConfigurer::disable) .formLogin(AbstractHttpConfigurer::disable) .sessionManagement(sessionManagement -> sessionManagement.sessionCreationPolicy(STATELESS))