• 카테고리

    질문 & 답변

  • 세부 분야

    백엔드

  • 해결 여부

    미해결

스프링 시큐리티 질문

24.01.01 20:32 작성 24.01.02 17:06 수정 조회수 551

0

package kr.bit.config;


import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.crypto.factory.PasswordEncoderFactories;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;

@Configuration //스프링 컨테이너 설정파일이라고 메모리에 올림
@EnableWebSecurity
public class SecurityConfiguration {
	
	@Autowired
	private UserDetailsServiceImpl userDetailsService;
	
	//패스워드 인코딩 객체를 스프링 컨테이너에 등록
	@Bean
	public PasswordEncoder PasswordEncoder() {
		return PasswordEncoderFactories.createDelegatingPasswordEncoder();
	}
	
	@Bean
	public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
		
		http.csrf(csrfConfig ->
            csrfConfig.disable()
        )
        .authorizeHttpRequests(authorizeRequests -> authorizeRequests
    		.anyRequest().permitAll()
        )
        .formLogin(login -> login
            .loginPage("/member/login")
            .defaultSuccessUrl("/board/list")
        )
        .logout(logout -> logout
    		.logoutUrl("/member/logout")
    		.logoutSuccessUrl("/")
		)
		.userDetailsService(userDetailsService);
		
		return http.build();
	}
}

모든 접근에 대해 permitAll()을 하면

 

http://localhost:8080/m15/

http://localhost:8080/m15/member/login

둘다 잘 접속 되지만

package kr.bit.config;


import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.crypto.factory.PasswordEncoderFactories;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;

@Configuration //스프링 컨테이너 설정파일이라고 메모리에 올림
@EnableWebSecurity
public class SecurityConfiguration {
	
	@Autowired
	private UserDetailsServiceImpl userDetailsService;
	
	//패스워드 인코딩 객체를 스프링 컨테이너에 등록
	@Bean
	public PasswordEncoder PasswordEncoder() {
		return PasswordEncoderFactories.createDelegatingPasswordEncoder();
	}
	
	@Bean
	public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
		
		http.csrf(csrfConfig ->
            csrfConfig.disable()
        )
        .authorizeHttpRequests(authorizeRequests -> authorizeRequests
    		.requestMatchers("/", "/member/**").permitAll()
    		.requestMatchers("/board/**").authenticated()
        )
        .formLogin(login -> login
            .loginPage("/member/login")
            .defaultSuccessUrl("/board/list")
        )
        .logout(logout -> logout
    		.logoutUrl("/member/logout")
    		.logoutSuccessUrl("/")
		)
		.userDetailsService(userDetailsService);
		
		return http.build();
	}
}

requestMatchers 로 permitAll()하면

http://localhost:8080/m15/

로 접속하면

http://localhost:8080/m15/member/login

로 이동하면서 에러가 발생합니다.

 

 

 

스프링 부트 버전은 3.2.1입니다.

course-thumbnail

스프링 프레임워크는 내 손에 [스프2탄]

56_스프2탄_메인화면 메뉴 만들기

강의실 바로가기

답변 1

답변을 작성해보세요.

0

이동헌님의 프로필

이동헌

2024.01.02

.formLogin(login ->

login .loginPage("/member/login")

.defaultSuccessUrl("/board/list")

)

 

이 부분을

 

.formLogin(login ->

login .loginPage("/member/login")

.defaultSuccessUrl("/board/list")

.permitAll()

)

 

이렇게, permitAll()을 추가하면 될 것 같습니다

휴식중인너구리님의 프로필

휴식중인너구리

질문자

2024.01.02

답변 감사합니다. 스프링시큐리티 6부터는 forward에도 기본으로 인증이 걸리게 되어서

.dispatcherTypeMatchers(DispatcherType.FORWARD).permitAll()를 추가해야한다고 하네요.

package kr.bit.config;


import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.crypto.factory.PasswordEncoderFactories;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;
import jakarta.servlet.DispatcherType;

@Configuration
public class SecurityConfiguration {
	
	@Autowired
	private UserDetailsServiceImpl userDetailsService;
	
	@Bean
	public PasswordEncoder PasswordEncoder() {
		return PasswordEncoderFactories.createDelegatingPasswordEncoder();
	}
	
	@Bean
	public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
	http.csrf(csrfConfig ->
            csrfConfig.disable()
        )
	.authorizeHttpRequests (authorizeRequests -> authorizeRequests
	    .dispatcherTypeMatchers(DispatcherType.FORWARD).permitAll()
	    .requestMatchers("/", "/member/**", "/resources/**").permitAll()
	    .requestMatchers("/board/**").authenticated()
	)	
        .formLogin(login -> login
            .loginPage("/member/login")
            .defaultSuccessUrl("/board/list")
        )
        .logout(logout -> logout
    	    .logoutUrl("/member/logout")
    	    .logoutSuccessUrl("/")
	)
	.userDetailsService(userDetailsService);
		
	return http.build();
	}
}

이 글과 비슷한 Q&A