feat #13 - Security Config 수정

예외 핸들링 커스텀이 가능하도록 설정 변경
capstone-maru · Mar 14, 2024 · c185866 · c185866
1 parent 89e26f0
commit c185866
Showing 1 changed file with 29 additions and 3 deletions.
diff --git a/.../capstone/maru/config/SecurityConfig.java → .../maru/security/config/SecurityConfig.java b/.../capstone/maru/config/SecurityConfig.java → .../maru/security/config/SecurityConfig.java
@@ -1,26 +1,43 @@
-package org.capstone.maru.config;
+package org.capstone.maru.security.config;
 
 
 import lombok.extern.slf4j.Slf4j;
 import org.capstone.maru.security.service.CustomOAuth2UserService;
+import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
 import org.springframework.boot.autoconfigure.security.servlet.PathRequest;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.http.HttpMethod;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
+import org.springframework.security.web.AuthenticationEntryPoint;
 import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.security.web.authentication.AuthenticationFailureHandler;
 
 @Slf4j
 @Configuration
+@EnableWebSecurity
 public class SecurityConfig {
 
+    private final AuthenticationEntryPoint authEntryPoint;
+
+    private final AuthenticationFailureHandler authFailureHandler;
+
+    public SecurityConfig(
+        @Qualifier("customAuthenticationEntryPoint") AuthenticationEntryPoint authEntryPoint,
+        @Qualifier("customAuthenticationFailureHandler") AuthenticationFailureHandler authFailureHandler
+    ) {
+        this.authEntryPoint = authEntryPoint;
+        this.authFailureHandler = authFailureHandler;
+    }
+
     @Bean
     @ConditionalOnProperty(name = "spring.h2.console.enabled", havingValue = "true")
     public WebSecurityCustomizer configureH2ConsoleEnable() {
         return web -> web.ignoring()
-            .requestMatchers(PathRequest.toH2Console());
+                         .requestMatchers(PathRequest.toH2Console());
     }
 
     @Bean
@@ -33,14 +50,23 @@ public SecurityFilterChain securityFilterChain(
                 .requestMatchers(PathRequest.toStaticResources().atCommonLocations()).permitAll()
                 .requestMatchers(
                     HttpMethod.GET,
-                    "/"
+                    "/", "/login", "login-kakao", "login-naver", "/oauth2/**", "/login/oauth2/**",
+                    "/errorTest"
+                ).permitAll()
+                .requestMatchers(
+                    HttpMethod.POST,
+                    "/login"
                 ).permitAll()
                 .anyRequest().authenticated()
             )
             .oauth2Login(oAuth -> oAuth
                 .userInfoEndpoint(userInfo -> userInfo
                     .userService(customOAuth2UserService)
                 )
+                .failureHandler(authFailureHandler)
+            )
+            .exceptionHandling(hc -> hc
+                .authenticationEntryPoint(authEntryPoint)
             )
             .csrf(
                 csrf -> csrf