[CHORE] Security Config 충돌 해결

sopt-makers · Mar 30, 2024 · d584964 · d584964
2 parents ccbedc1 + 7eec15f
commit d584964
Showing 1 changed file with 36 additions and 39 deletions.
diff --git a/operation-auth/src/main/java/org/sopt/makers/operation/config/SecurityConfig.java b/operation-auth/src/main/java/org/sopt/makers/operation/config/SecurityConfig.java
@@ -1,20 +1,19 @@
-package org.sopt.makers.operation.config;
+package org.sopt.makers.operation.security.config;
 
 import lombok.RequiredArgsConstructor;
 import lombok.val;
-import org.sopt.makers.operation.filter.JwtAuthenticationFilter;
-import org.sopt.makers.operation.filter.JwtExceptionFilter;
+import org.sopt.makers.operation.security.jwt.JwtAuthenticationFilter;
+import org.sopt.makers.operation.security.jwt.JwtExceptionFilter;
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
-import org.springframework.context.annotation.Profile;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.crypto.factory.PasswordEncoderFactories;
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
-import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
 import org.springframework.web.cors.CorsConfiguration;
 import org.springframework.web.cors.CorsConfigurationSource;
 import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
@@ -25,58 +24,56 @@
 public class SecurityConfig {
     private final JwtAuthenticationFilter jwtAuthenticationFilter;
     private final JwtExceptionFilter jwtExceptionFilter;
-    private final ValueConfig valueConfig;
+
+    @Value("${admin.url.prod}")
+    private String ADMIN_PROD_URL;
+
+    @Value("${admin.url.dev}")
+    private String ADMIN_DEV_URL;
+
+    @Value("${admin.url.prod_legacy}")
+    private String ADMIN_PROD_URL_LEGACY;
+
+    @Value("${admin.url.dev_legacy}")
+    private String ADMIN_DEV_URL_LEGACY;
+
+    @Value("${admin.url.local}")
+    private String ADMIN_LOCAL_URL;
 
     @Bean
     public static PasswordEncoder passwordEncoder() {
         return PasswordEncoderFactories.createDelegatingPasswordEncoder();
     }
-
     @Bean
-    @Profile("dev")
-    public SecurityFilterChain filterChainDev(HttpSecurity http) throws Exception {
-        http.authorizeHttpRequests(authorizeHttpRequests -> authorizeHttpRequests
-                .requestMatchers(new AntPathRequestMatcher("/swagger-ui/**")).permitAll()
-                .requestMatchers(new AntPathRequestMatcher("/v3/**")).permitAll()
-        );
-        setHttp(http);
-        return http.build();
-    }
-
-    @Bean
-    @Profile("prod")
-    public SecurityFilterChain filterChainProd(HttpSecurity http) throws Exception {
-        setHttp(http);
-        return http.build();
-    }
-
-    private void setHttp(HttpSecurity http) throws Exception {
-        http.httpBasic().disable()
+    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
+        return http.antMatcher("/**")
+                .httpBasic().disable()
                 .csrf().disable()
                 .formLogin().disable()
                 .cors().configurationSource(corsConfigurationSource())
                 .and()
-                .authorizeHttpRequests(authorizeHttpRequests ->
-                        authorizeHttpRequests
-                                .requestMatchers(new AntPathRequestMatcher("/api/v1/auth/*")).permitAll()
-                                .requestMatchers(new AntPathRequestMatcher("/api/v1/test/**")).permitAll()
-                                .requestMatchers(new AntPathRequestMatcher("/error")).permitAll()
-                                .anyRequest().authenticated())
-                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
+                    .authorizeRequests()
+                    .antMatchers("/api/v1/auth/**","/exception/**").permitAll()
+                .and()
+                    .authorizeRequests()
+                    .antMatchers("/api/v1/**", "/swagger-ui/**").authenticated()
+                .and()
+                    .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
                 .and()
                     .addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class)
-                    .addFilterBefore(jwtExceptionFilter, JwtAuthenticationFilter.class);
+                    .addFilterBefore(jwtExceptionFilter, JwtAuthenticationFilter.class)
+                .build();
     }
 
     @Bean
     public CorsConfigurationSource corsConfigurationSource() {
         val configuration = new CorsConfiguration();
 
-        configuration.addAllowedOrigin(valueConfig.getADMIN_PROD_URL());
-        configuration.addAllowedOrigin(valueConfig.getADMIN_DEV_URL());
-        configuration.addAllowedOrigin(valueConfig.getADMIN_PROD_URL_LEGACY());
-        configuration.addAllowedOrigin(valueConfig.getADMIN_DEV_URL_LEGACY());
-        configuration.addAllowedOrigin(valueConfig.getADMIN_LOCAL_URL());
+        configuration.addAllowedOrigin(ADMIN_PROD_URL);
+        configuration.addAllowedOrigin(ADMIN_DEV_URL);
+        configuration.addAllowedOrigin(ADMIN_LOCAL_URL);
+        configuration.addAllowedOrigin(ADMIN_PROD_URL_LEGACY);
+        configuration.addAllowedOrigin(ADMIN_DEV_URL_LEGACY);
         configuration.addAllowedHeader("*");
         configuration.addAllowedMethod("*");
         configuration.setAllowCredentials(true);