- 스프링 시큐리티 사용을 위한 디펜던시 추가
plugins {
id 'org.springframework.boot' version '2.7.2'
id 'io.spring.dependency-management' version '1.0.12.RELEASE'
id 'java'
}
group = 'me.jihye'
version = '0.0.1-SNAPSHOT'
sourceCompatibility = '1.8'
configurations {
compileOnly {
extendsFrom annotationProcessor
}
}
repositories {
mavenCentral()
}
dependencies {
implementation 'org.springframework.boot:spring-boot-starter-data-jpa'
**implementation 'org.springframework.boot:spring-boot-starter-security'**
implementation 'org.springframework.boot:spring-boot-starter-validation'
implementation 'org.springframework.boot:spring-boot-starter-web'
compileOnly 'org.projectlombok:lombok'
runtimeOnly 'com.h2database:h2'
annotationProcessor 'org.projectlombok:lombok'
testImplementation 'org.springframework.boot:spring-boot-starter-test'
testImplementation 'org.springframework.security:spring-security-test'
}
tasks.named('test') {
useJUnitPlatform()
}
- 스프링 시큐리티 필터 설정을 위한 설정
package me.jihye.leanjwt.config;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
**@EnableWebSecurity**
public class SecurityConfig extends WebSecurityConfigurerAdapter {
/**
* "/h2-console/**", "/favicon.ico" url 로 들어오는 요청은 Security 를 무시(적용x)한다.
* @param web
* @throws Exception
*/
@Override
public void configure(WebSecurity web) throws Exception {
web
.ignoring()
.antMatchers(
"/h2-console/**"
,"/favicon.ico"
);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/api/hello").permitAll() // /api/hello url 요청은 인증 없이 모든 접근을 허용 : permitAll()
.anyRequest().authenticated(); // 나머지 요청은 모두 인증해야함
}
}
