From 167b3f279732140c28b36640b395e2adc06fcaff Mon Sep 17 00:00:00 2001 From: plum-king Date: Thu, 14 Nov 2024 22:03:58 +0900 Subject: [PATCH] =?UTF-8?q?#39=20Fix=20Config=20:=20spring=20security=20?= =?UTF-8?q?=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../finut_server/config/SecurityConfig.java | 37 ++++--------------- 1 file changed, 8 insertions(+), 29 deletions(-) diff --git a/src/main/java/com/finut/finut_server/config/SecurityConfig.java b/src/main/java/com/finut/finut_server/config/SecurityConfig.java index addf999..e4a44d0 100644 --- a/src/main/java/com/finut/finut_server/config/SecurityConfig.java +++ b/src/main/java/com/finut/finut_server/config/SecurityConfig.java @@ -1,22 +1,15 @@ package com.finut.finut_server.config; - -import com.finut.finut_server.apiPayload.exception.handler.CustomOAuth2AuthenticationSuccessHandler; import com.finut.finut_server.config.auth.CustomOAuth2UserService; import com.finut.finut_server.domain.user.UsersRepository; -import jakarta.servlet.http.HttpServletResponse; import jakarta.servlet.http.HttpSession; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer; -import org.springframework.security.core.userdetails.User; -import org.springframework.security.core.userdetails.UserDetails; -import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.oauth2.client.InMemoryOAuth2AuthorizedClientService; import org.springframework.security.oauth2.client.OAuth2AuthorizedClientService; import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository; -import org.springframework.security.provisioning.InMemoryUserDetailsManager; import org.springframework.security.web.SecurityFilterChain; @Configuration @@ -26,8 +19,7 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http, CustomOAuth2Us http .authorizeHttpRequests(authorizeRequests -> authorizeRequests - .requestMatchers("/swagger", "/swagger-ui.html", "/swagger-ui/**", "/api-docs", "/api-docs/**", "/v3/api-docs/**") - .permitAll() + .requestMatchers("/swagger", "/swagger-ui.html", "/swagger-ui/**", "/api-docs", "/api-docs/**", "/v3/api-docs/**").permitAll() .requestMatchers("/", "/login/**", "/h2-console/**").permitAll() .anyRequest().authenticated() ) @@ -38,27 +30,17 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http, CustomOAuth2Us ) .defaultSuccessUrl("/success", true) ) -// .formLogin(formLogin -> -// formLogin -// .defaultSuccessUrl("/success", true) -// ) .logout(logout -> logout - .logoutSuccessUrl("/") // 임시 + .logoutSuccessUrl("/") // 임시 로그아웃 성공 URL ) - .csrf(AbstractHttpConfigurer::disable) // post 요청을 위한 csrf disable + .csrf(AbstractHttpConfigurer::disable) // POST 요청을 위한 CSRF 비활성화 .headers(headers -> headers.frameOptions(frameOptions -> frameOptions.sameOrigin())); - return http.build(); - } - @Bean - public UserDetailsService userDetailsService() { - UserDetails user = User.withDefaultPasswordEncoder() - .username("user") - .password("password") - .roles("USER") - .build(); - return new InMemoryUserDetailsManager(user); + // 폼 로그인을 완전히 비활성화 + http.formLogin(AbstractHttpConfigurer::disable); + + return http.build(); } @Bean @@ -72,7 +54,4 @@ public CustomOAuth2UserService customOAuth2UserService(UsersRepository userRepos customOAuth2UserService.setAuthorizedClientService(authorizedClientService); return customOAuth2UserService; } - - - -} +} \ No newline at end of file