인프런 커뮤니티 질문&답변
작성한 질문수
회원 권한이 있어도 deinied로 가는데 이유가 뭘까요? ㅠㅠ
작성
·
104
0
package io.security.springsecuritymaster.security.config;
import io.security.springsecuritymaster.security.filter.RestAuthenticationFilter;
import io.security.springsecuritymaster.security.handler.FormAuthenticationSuccessHandler;
import io.security.springsecuritymaster.security.handler.FromAuthenticationFailureHandler;
import io.security.springsecuritymaster.security.handler.FromAccessDeniedHandler;
import io.security.springsecuritymaster.security.handler.RestAuthenticationFailureHandler;
import io.security.springsecuritymaster.security.handler.RestAuthenticationSuccessHandler;
import io.security.springsecuritymaster.security.provider.RestAuthenticationProvider;
import io.security.springsecuritymaster.security.token.RestAuthenticationToken;
import jakarta.servlet.http.HttpServletRequest;
import lombok.RequiredArgsConstructor;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.authentication.AuthenticationDetailsSource;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.factory.PasswordEncoderFactories;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.authentication.WebAuthenticationDetails;
@EnableWebSecurity
@Configuration
@RequiredArgsConstructor
public class SecurityConfig {
// private final UserDetailsService userDetailsService;
private final AuthenticationProvider authenticationProvider;
private final RestAuthenticationProvider restAuthenticationProvider;
private final FormAuthenticationSuccessHandler formAuthenticationSuccessHandler;
private final FromAuthenticationFailureHandler fromAuthenticationFailureHandler;
private final RestAuthenticationSuccessHandler restAuthenticationSuccessHandler;
private final RestAuthenticationFailureHandler restAuthenticationFailureHandler;
private final AuthenticationDetailsSource<HttpServletRequest, WebAuthenticationDetails> authenticationDetailsSource;
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
http
.authorizeHttpRequests(auth -> auth
.requestMatchers("/css/**", "/images/**", "/js/**", "/favicon.*", "/*/icon-*").permitAll() // 정적 자원 설정
.requestMatchers("/", "/signup", "/login*").permitAll()
.requestMatchers("/user").hasAuthority("ROLE_USER")
.requestMatchers("/manager").hasAuthority("ROLE_MANAGER")
.requestMatchers("/admin").hasAuthority("ROLE_ADMIN")
.anyRequest().authenticated()
)
.formLogin(form -> form
.loginPage("/login").permitAll()
.authenticationDetailsSource(authenticationDetailsSource)
.successHandler(formAuthenticationSuccessHandler)
.failureHandler(fromAuthenticationFailureHandler)
)
// .userDetailsService(userDetailsService)
.authenticationProvider(authenticationProvider)
.exceptionHandling(exception -> exception.accessDeniedHandler(new FromAccessDeniedHandler("/denied")))
;
return http.build();
}
@Bean
@Order(1)
public SecurityFilterChain restSecurityFilterChain(HttpSecurity http) throws Exception {
AuthenticationManagerBuilder authenticationManagerBuilder = http.getSharedObject(AuthenticationManagerBuilder.class);
authenticationManagerBuilder.authenticationProvider(restAuthenticationProvider);
AuthenticationManager authenticationManager = authenticationManagerBuilder .build();
http
.securityMatcher("/api/login")
.authorizeHttpRequests(auth -> auth
.requestMatchers("/css/**", "/images/**", "/js/**", "/favicon.*", "/*/icon-*").permitAll() // 정적 자원 설정
.anyRequest().permitAll()
)
.csrf(AbstractHttpConfigurer::disable)
.addFilterBefore(restAuthenticationFilter(http, authenticationManager), UsernamePasswordAuthenticationFilter.class)
.authenticationManager(authenticationManager)
;
return http.build();
}
private RestAuthenticationFilter restAuthenticationFilter(HttpSecurity http, AuthenticationManager authenticationManager) {
RestAuthenticationFilter restAuthenticationFilter = new RestAuthenticationFilter(http);
restAuthenticationFilter.setAuthenticationManager(authenticationManager);
restAuthenticationFilter.setAuthenticationSuccessHandler(restAuthenticationSuccessHandler);
restAuthenticationFilter.setAuthenticationFailureHandler(restAuthenticationFailureHandler);
return restAuthenticationFilter;
}
// @Bean
// public UserDetailsService userDetailsService() {
// UserDetails user = User.withUsername("user").password("{noop}1111").roles("USER").build();
// return new InMemoryUserDetailsManager(user);
// }
}
답변 1
0
김철준
질문자
return new RestAuthenticationToken(accountContext.getAuthorities(), accountContext.getAccountDto(), null);
으로 되어 있는게 문제였습니다!
return new RestAuthenticationToken(accountContext.getAuthorities(), accountContext.getAccountDto(), null);
으로 수정했습니다