From 351537e210abcb62c3f21d52fbc1004431b73f30 Mon Sep 17 00:00:00 2001 From: dltjdgh0428 Date: Thu, 28 Mar 2024 23:22:11 +0900 Subject: [PATCH] =?UTF-8?q?fix=20:=20=EA=B6=8C=ED=95=9C=20=EC=84=A4?= =?UTF-8?q?=EC=A0=95=20=ED=85=8C=EC=8A=A4=ED=8A=B8?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../auth/config/SecurityConfig.java | 18 +++++++++++------- .../auth/service/CustomOAuth2UserService.java | 2 +- 2 files changed, 12 insertions(+), 8 deletions(-) diff --git a/src/main/java/com/book_everywhere/auth/config/SecurityConfig.java b/src/main/java/com/book_everywhere/auth/config/SecurityConfig.java index d77b6da..53fc8cf 100644 --- a/src/main/java/com/book_everywhere/auth/config/SecurityConfig.java +++ b/src/main/java/com/book_everywhere/auth/config/SecurityConfig.java @@ -58,13 +58,17 @@ public SecurityFilterChain filterChain(HttpSecurity http, HandlerMappingIntrospe .formLogin(AbstractHttpConfigurer::disable) .httpBasic(AbstractHttpConfigurer::disable) .authorizeHttpRequests((authorizeRequests) -> authorizeRequests - .requestMatchers(new MvcRequestMatcher(introspector, "/")).permitAll() - .requestMatchers(new MvcRequestMatcher(introspector, "/health")).permitAll() - .requestMatchers(new MvcRequestMatcher(introspector, "/env")).permitAll() -// .requestMatchers(new MvcRequestMatcher(introspector, "/api/**")).hasAuthority("ROLE_MEMBER") - .requestMatchers(new MvcRequestMatcher(introspector, "/**")).permitAll() - .requestMatchers(new MvcRequestMatcher(introspector, "/api/**")).permitAll() - .anyRequest().authenticated() + .requestMatchers(new MvcRequestMatcher(introspector, "/")).permitAll() + .requestMatchers(new MvcRequestMatcher(introspector, "/health")).permitAll() + .requestMatchers(new MvcRequestMatcher(introspector, "/env")).permitAll() + .requestMatchers(new MvcRequestMatcher(introspector, "/test/**")).permitAll() + .requestMatchers(new MvcRequestMatcher(introspector, "/swagger-ui/**")).permitAll() + .requestMatchers(new MvcRequestMatcher(introspector, "/api/review")).permitAll() + .requestMatchers(new MvcRequestMatcher(introspector, "/api/map")).permitAll() + .requestMatchers(new MvcRequestMatcher(introspector, "/api/tags")).permitAll() + .requestMatchers(new MvcRequestMatcher(introspector, "/api/data/**")).permitAll() + .requestMatchers(new MvcRequestMatcher(introspector, "/api/**")).hasRole("ROLE_MEMBER") + .anyRequest().authenticated() ) .oauth2Login(oauth2Login -> oauth2Login diff --git a/src/main/java/com/book_everywhere/auth/service/CustomOAuth2UserService.java b/src/main/java/com/book_everywhere/auth/service/CustomOAuth2UserService.java index bdcb6d1..3f99818 100644 --- a/src/main/java/com/book_everywhere/auth/service/CustomOAuth2UserService.java +++ b/src/main/java/com/book_everywhere/auth/service/CustomOAuth2UserService.java @@ -55,7 +55,7 @@ public OAuth2User loadUser(OAuth2UserRequest userRequest) throws OAuth2Authentic Authentication authentication = new UsernamePasswordAuthenticationToken(userDetails, null, userDetails.getAuthorities()); SecurityContextHolder.getContext().setAuthentication(authentication); - return new CustomOAuth2User(attributes,Role.ROLE_MEMBER); + return new CustomOAuth2User(attributes,user.getRole()); } /**