fix : 권한 설정 테스트

dltjdgh0428 · Mar 28, 2024 · 351537e · 351537e
1 parent 06f31f1
commit 351537e
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 8 deletions.
diff --git a/src/main/java/com/book_everywhere/auth/config/SecurityConfig.java b/src/main/java/com/book_everywhere/auth/config/SecurityConfig.java
@@ -58,13 +58,17 @@ public SecurityFilterChain filterChain(HttpSecurity http, HandlerMappingIntrospe
                 .formLogin(AbstractHttpConfigurer::disable)
                 .httpBasic(AbstractHttpConfigurer::disable)
                 .authorizeHttpRequests((authorizeRequests) -> authorizeRequests
-                                .requestMatchers(new MvcRequestMatcher(introspector, "/")).permitAll()
-                                .requestMatchers(new MvcRequestMatcher(introspector, "/health")).permitAll()
-                                .requestMatchers(new MvcRequestMatcher(introspector, "/env")).permitAll()
-//                        .requestMatchers(new MvcRequestMatcher(introspector, "/api/**")).hasAuthority("ROLE_MEMBER")
-                                .requestMatchers(new MvcRequestMatcher(introspector, "/**")).permitAll()
-                                .requestMatchers(new MvcRequestMatcher(introspector, "/api/**")).permitAll()
-                                .anyRequest().authenticated()
+                        .requestMatchers(new MvcRequestMatcher(introspector, "/")).permitAll()
+                        .requestMatchers(new MvcRequestMatcher(introspector, "/health")).permitAll()
+                        .requestMatchers(new MvcRequestMatcher(introspector, "/env")).permitAll()
+                        .requestMatchers(new MvcRequestMatcher(introspector, "/test/**")).permitAll()
+                        .requestMatchers(new MvcRequestMatcher(introspector, "/swagger-ui/**")).permitAll()
+                        .requestMatchers(new MvcRequestMatcher(introspector, "/api/review")).permitAll()
+                        .requestMatchers(new MvcRequestMatcher(introspector, "/api/map")).permitAll()
+                        .requestMatchers(new MvcRequestMatcher(introspector, "/api/tags")).permitAll()
+                        .requestMatchers(new MvcRequestMatcher(introspector, "/api/data/**")).permitAll()
+                        .requestMatchers(new MvcRequestMatcher(introspector, "/api/**")).hasRole("ROLE_MEMBER")
+                        .anyRequest().authenticated()
                 )
                 .oauth2Login(oauth2Login ->
                         oauth2Login

diff --git a/src/main/java/com/book_everywhere/auth/service/CustomOAuth2UserService.java b/src/main/java/com/book_everywhere/auth/service/CustomOAuth2UserService.java
@@ -55,7 +55,7 @@ public OAuth2User loadUser(OAuth2UserRequest userRequest) throws OAuth2Authentic
         Authentication authentication = new UsernamePasswordAuthenticationToken(userDetails, null, userDetails.getAuthorities());
         SecurityContextHolder.getContext().setAuthentication(authentication);
 
-        return new CustomOAuth2User(attributes,Role.ROLE_MEMBER);
+        return new CustomOAuth2User(attributes,user.getRole());
     }
 
     /**