Feat/38 add enable global method security

src/main/java/com/undertheriver/sgsg/config/SecurityConfig.java

@@ -1,6 +1,7 @@
 package com.undertheriver.sgsg.config;
 
 import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.builders.WebSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
@@ -9,6 +10,7 @@
 import org.springframework.security.oauth2.client.web.AuthorizationRequestRepository;
 import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest;
 import org.springframework.security.web.AuthenticationEntryPoint;
+import org.springframework.security.web.access.AccessDeniedHandler;
 import org.springframework.security.web.authentication.AuthenticationFailureHandler;
 import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
@@ -20,6 +22,11 @@
 @RequiredArgsConstructor
 @EnableWebSecurity
 @Configuration
+@EnableGlobalMethodSecurity(
+	securedEnabled = true,
+	jsr250Enabled = true,
+	prePostEnabled = true
+)
 public class SecurityConfig extends WebSecurityConfigurerAdapter {
 
 	private final CustomOAuth2UserService customOAuth2UserService;
@@ -34,6 +41,8 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
 
 	private final AuthenticationEntryPoint authenticationEntryPoint;
 
+	private final AccessDeniedHandler customAccessDeniedHandler;
+
 	@Override
 	public void configure(WebSecurity web) throws Exception {
 		web.ignoring()
@@ -61,10 +70,11 @@ protected void configure(HttpSecurity http) throws Exception {
 			.antMatchers("/").permitAll()
 			.anyRequest().authenticated()
 		.and()
+			.addFilterBefore(tokenAuthenticationFilter, UsernamePasswordAuthenticationFilter.class)
 			.exceptionHandling()
-			.authenticationEntryPoint(authenticationEntryPoint)
+				.accessDeniedHandler(customAccessDeniedHandler)
+				.authenticationEntryPoint(authenticationEntryPoint)
 		.and()
-			.addFilterBefore(tokenAuthenticationFilter, UsernamePasswordAuthenticationFilter.class)
 		.sessionManagement()
 			.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
 		.and()

src/main/java/com/undertheriver/sgsg/config/security/handler/RestAccessDeniedHandler.java

@@ -0,0 +1,25 @@
+package com.undertheriver.sgsg.config.security.handler;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.access.AccessDeniedException;
+import org.springframework.security.web.access.AccessDeniedHandler;
+import org.springframework.web.servlet.HandlerExceptionResolver;
+
+import lombok.RequiredArgsConstructor;
+
+@Configuration
+@RequiredArgsConstructor
+public class RestAccessDeniedHandler implements AccessDeniedHandler {
+
+	private final HandlerExceptionResolver handlerExceptionResolver;
+
+	@Override
+	public void handle(HttpServletRequest request, HttpServletResponse response,
+		AccessDeniedException accessDeniedException) {
+
+		handlerExceptionResolver.resolveException(request, response, null, accessDeniedException);
+	}
+}

src/main/java/com/undertheriver/sgsg/config/security/handler/RestAuthenticationEntryPoint.java

@@ -0,0 +1,28 @@
+package com.undertheriver.sgsg.config.security.handler;
+
+import java.io.IOException;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.web.AuthenticationEntryPoint;
+import org.springframework.web.servlet.HandlerExceptionResolver;
+
+import lombok.RequiredArgsConstructor;
+
+@Configuration
+@RequiredArgsConstructor
+public class RestAuthenticationEntryPoint implements AuthenticationEntryPoint {
+
+	private final HandlerExceptionResolver handlerExceptionResolver;
+
+	@Override
+	public void commence(HttpServletRequest request, HttpServletResponse response,
+		AuthenticationException authException) throws IOException, ServletException {
+
+		handlerExceptionResolver.resolveException(request, response, null, authException);
+	}
+}

src/main/java/com/undertheriver/sgsg/config/security/handler/CustomAuthenticationFailureHandler.java → src/main/java/com/undertheriver/sgsg/config/security/handler/RestAuthenticationFailureHandler.java

@@ -22,7 +22,7 @@
 @Slf4j
 @Configuration
 @RequiredArgsConstructor
-public class CustomAuthenticationFailureHandler extends SimpleUrlAuthenticationFailureHandler {
+public class RestAuthenticationFailureHandler extends SimpleUrlAuthenticationFailureHandler {
 
 	private final HttpCookieOAuth2AuthorizationRequestRepository authorizationRequestRepository;
 

src/main/java/com/undertheriver/sgsg/config/security/handler/CustomAuthenticationSuccessHandler.java → src/main/java/com/undertheriver/sgsg/config/security/handler/RestAuthenticationSuccessHandler.java

@@ -31,13 +31,13 @@
 
 @Configuration
 @Slf4j
-public class CustomAuthenticationSuccessHandler extends SimpleUrlAuthenticationSuccessHandler {
+public class RestAuthenticationSuccessHandler extends SimpleUrlAuthenticationSuccessHandler {
 
 	private final HttpCookieOAuth2AuthorizationRequestRepository httpCookieOAuth2AuthorizationRequestRepository;
 	private final JwtProvider jwtProvider;
 	private final Set<URI> authorizedRedirectUris;
 
-	public CustomAuthenticationSuccessHandler(
+	public RestAuthenticationSuccessHandler(
 		HttpCookieOAuth2AuthorizationRequestRepository httpCookieOAuth2AuthorizationRequestRepository,
 		JwtProvider jwtProvider,
 		AppProperties appProperties