[PC-625] feat: 메서드 시큐리티 설정 추가

YAPP-Github · Feb 16, 2025 · fe52345 · fe52345
1 parent e2f4ea5
commit fe52345
Showing 1 changed file with 41 additions and 39 deletions.
diff --git a/api/src/main/java/org/yapp/global/config/SecurityConfig.java b/api/src/main/java/org/yapp/global/config/SecurityConfig.java
@@ -6,6 +6,7 @@
 import lombok.RequiredArgsConstructor;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
@@ -20,51 +21,52 @@
 
 @Configuration
 @EnableWebSecurity
+@EnableMethodSecurity(securedEnabled = true, prePostEnabled = true)
 @RequiredArgsConstructor
 public class SecurityConfig {
 
-    private final JwtFilter jwtFilter;
+  private final JwtFilter jwtFilter;
 
-    @Bean
-    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
-        return http.csrf(AbstractHttpConfigurer::disable)
-            .cors(corsConfigurer -> corsConfigurer.configurationSource(corsConfigurationSource()))
-            .httpBasic(AbstractHttpConfigurer::disable)
-            .sessionManagement(
-                configurer -> configurer.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
-            .authorizeHttpRequests(registry -> registry
-                .requestMatchers(getMatcherForUserAndAdmin())
-                .hasAnyRole("USER", "ADMIN")
-                .requestMatchers(getMatcherForAnyone())
-                .permitAll()
-                .anyRequest()
-                .authenticated())
-            .addFilterBefore(jwtFilter, UsernamePasswordAuthenticationFilter.class)
-            .build();
-    }
+  @Bean
+  public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
+    return http.csrf(AbstractHttpConfigurer::disable)
+        .cors(corsConfigurer -> corsConfigurer.configurationSource(corsConfigurationSource()))
+        .httpBasic(AbstractHttpConfigurer::disable)
+        .sessionManagement(
+            configurer -> configurer.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
+        .authorizeHttpRequests(registry -> registry
+            .requestMatchers(getMatcherForUserAndAdmin())
+            .hasAnyRole("USER", "ADMIN")
+            .requestMatchers(getMatcherForAnyone())
+            .permitAll()
+            .anyRequest()
+            .authenticated())
+        .addFilterBefore(jwtFilter, UsernamePasswordAuthenticationFilter.class)
+        .build();
+  }
 
-    private CorsConfigurationSource corsConfigurationSource() {
-        return request -> {
-            CorsConfiguration config = new CorsConfiguration();
-            config.setAllowedHeaders(Collections.singletonList("*"));
-            config.setAllowedMethods(Collections.singletonList("*"));
-            config.setAllowedOriginPatterns(Collections.singletonList("*"));
-            return config;
-        };
-    }
+  private CorsConfigurationSource corsConfigurationSource() {
+    return request -> {
+      CorsConfiguration config = new CorsConfiguration();
+      config.setAllowedHeaders(Collections.singletonList("*"));
+      config.setAllowedMethods(Collections.singletonList("*"));
+      config.setAllowedOriginPatterns(Collections.singletonList("*"));
+      return config;
+    };
+  }
 
-    private RequestMatcher getMatcherForAnyone() {
-        return RequestMatchers.anyOf(antMatcher("/api/login/**"), antMatcher("/api/**"),
-            antMatcher("/swagger-ui/**"),
-            antMatcher("/v3/api-docs/**"), antMatcher("/swagger-ui.html"));
-    }
+  private RequestMatcher getMatcherForAnyone() {
+    return RequestMatchers.anyOf(antMatcher("/api/login/**"), antMatcher("/api/**"),
+        antMatcher("/swagger-ui/**"),
+        antMatcher("/v3/api-docs/**"), antMatcher("/swagger-ui.html"));
+  }
 
-    private RequestMatcher getMatcherForRegister() {
-        return RequestMatchers.anyOf(antMatcher("/api/profiles/init"));
-    }
+  private RequestMatcher getMatcherForRegister() {
+    return RequestMatchers.anyOf(antMatcher("/api/profiles/init"));
+  }
 
-    private RequestMatcher getMatcherForUserAndAdmin() {
-        return RequestMatchers.anyOf(antMatcher("/user") //TODO: 임시이며 추후 url에 따라 수정해야.
-        );
-    }
+  private RequestMatcher getMatcherForUserAndAdmin() {
+    return RequestMatchers.anyOf(antMatcher("/user") //TODO: 임시이며 추후 url에 따라 수정해야.
+    );
+  }
 }