인프런 커뮤니티 질문&답변
작성한 질문수
스프링 시큐리티 질문
작성
·
860
·
수정됨
0
package kr.bit.config;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.crypto.factory.PasswordEncoderFactories;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;
@Configuration //스프링 컨테이너 설정파일이라고 메모리에 올림
@EnableWebSecurity
public class SecurityConfiguration {
@Autowired
private UserDetailsServiceImpl userDetailsService;
//패스워드 인코딩 객체를 스프링 컨테이너에 등록
@Bean
public PasswordEncoder PasswordEncoder() {
return PasswordEncoderFactories.createDelegatingPasswordEncoder();
}
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http.csrf(csrfConfig ->
csrfConfig.disable()
)
.authorizeHttpRequests(authorizeRequests -> authorizeRequests
.anyRequest().permitAll()
)
.formLogin(login -> login
.loginPage("/member/login")
.defaultSuccessUrl("/board/list")
)
.logout(logout -> logout
.logoutUrl("/member/logout")
.logoutSuccessUrl("/")
)
.userDetailsService(userDetailsService);
return http.build();
}
}
모든 접근에 대해 permitAll()을 하면
http://localhost:8080/m15/member/login
둘다 잘 접속 되지만
package kr.bit.config;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.crypto.factory.PasswordEncoderFactories;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;
@Configuration //스프링 컨테이너 설정파일이라고 메모리에 올림
@EnableWebSecurity
public class SecurityConfiguration {
@Autowired
private UserDetailsServiceImpl userDetailsService;
//패스워드 인코딩 객체를 스프링 컨테이너에 등록
@Bean
public PasswordEncoder PasswordEncoder() {
return PasswordEncoderFactories.createDelegatingPasswordEncoder();
}
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http.csrf(csrfConfig ->
csrfConfig.disable()
)
.authorizeHttpRequests(authorizeRequests -> authorizeRequests
.requestMatchers("/", "/member/**").permitAll()
.requestMatchers("/board/**").authenticated()
)
.formLogin(login -> login
.loginPage("/member/login")
.defaultSuccessUrl("/board/list")
)
.logout(logout -> logout
.logoutUrl("/member/logout")
.logoutSuccessUrl("/")
)
.userDetailsService(userDetailsService);
return http.build();
}
}
requestMatchers 로 permitAll()하면
로 접속하면
http://localhost:8080/m15/member/login
로 이동하면서 에러가 발생합니다.
스프링 부트 버전은 3.2.1입니다.
답변 1
0
.formLogin(login ->
login .loginPage("/member/login")
.defaultSuccessUrl("/board/list")
)
이 부분을
.formLogin(login ->
login .loginPage("/member/login")
.defaultSuccessUrl("/board/list")
.permitAll()
)
이렇게, permitAll()을 추가하면 될 것 같습니다
답변 감사합니다. 스프링시큐리티 6부터는 forward에도 기본으로 인증이 걸리게 되어서
.dispatcherTypeMatchers(DispatcherType.FORWARD).permitAll()를 추가해야한다고 하네요.