cors

SB - React 연동시 cors 보안 오류 처리

package com.mysite.demo;

import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.CorsRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;

@Configuration
public class WebMvcConfig implements WebMvcConfigurer{
    private final long MAX_AGE_SECS = 3600;

    @Override
    public void addCorsMappings(CorsRegistry registry) {
        // TODO Auto-generated method stub
        registry.addMapping("/**")
        .allowedOrigins("http://localhost:3000")
        .allowedMethods("GET","POST")
        .allowedHeaders("*")
        .allowCredentials(false)
        .maxAge(MAX_AGE_SECS);
    }
}

SB - H2 DB

• Spiring Securiey 설정 후 접속 불가 오류 처리

package com.mysite.demo;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.header.writers.frameoptions.XFrameOptionsHeaderWriter;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;


@Configuration
@EnableWebSecurity
@EnableMethodSecurity(prePostEnabled = true)
public class SecurityConfig{

   @Bean
   public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
       http
       .authorizeHttpRequests(
               authorize -> authorize
                   .requestMatchers("/**").permitAll()
           )  
       .csrf(cors -> cors
               .disable()
        )
       .headers(h -> h
               .addHeaderWriter(new XFrameOptionsHeaderWriter(
               XFrameOptionsHeaderWriter.XFrameOptionsMode.SAMEORIGIN))
        )
       .formLogin(fLogin -> fLogin
               .loginPage("/user/login")
               .defaultSuccessUrl("/")         
        )
       .logout(lo -> lo
               .logoutRequestMatcher(new AntPathRequestMatcher("/user/logout"))
               .logoutSuccessUrl("/")
               .invalidateHttpSession(true)
        );


       return http.build();
   }

   @Bean
   PasswordEncoder passwordEncoder() {
       return new BCryptPasswordEncoder();
   }

   @Bean
   AuthenticationManager authenticationManager(AuthenticationConfiguration authenticationConfiguration) throws Exception {
       return authenticationConfiguration.getAuthenticationManager();
   }
}

SB - Form Login

• @PreAuthorize("isAuthenticated()") : 로그인 필요한 곳에 설정
• 참고 : https://velog.io/@seongwon97/Spring-Security-Form-Login

package com.mysite.sbb;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.header.writers.frameoptions.XFrameOptionsHeaderWriter;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;

import groovy.transform.Undefined.EXCEPTION;


@Configuration
@EnableWebSecurity
@EnableMethodSecurity(prePostEnabled = true)
public class SecurityConfig{

   @Bean
   public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
       http
       .authorizeHttpRequests(
               authorize -> authorize
                   .requestMatchers("/**").permitAll()
        )  
       .csrf(cors -> cors
               .disable()
        )
       .headers(h -> h
               .addHeaderWriter(new XFrameOptionsHeaderWriter(
               XFrameOptionsHeaderWriter.XFrameOptionsMode.SAMEORIGIN))
        )
       .formLogin(fLogin -> fLogin
               .loginPage("/user/login")        // 사용자 정의 로그인 페이지
               .defaultSuccessUrl("/")          // 로그인 성공 후 이동 페이지         
               .usernameParameter("username")   // form html 아이디 파라미터명 설정
               .passwordParameter("password")   // form html 패스워드 파라미터명 설정
               //.loginProcessingUrl(null)      // 별도 로그인 프로세스 처리시
               //.successHandler(null)          // 로그인 성공 후 핸들러
               //.failureHandler(null)          // 로그인 실패 후 핸들러
        )
       .logout(lo -> lo
               .logoutRequestMatcher(new AntPathRequestMatcher("/user/logout"))
               .logoutSuccessUrl("/")
               .invalidateHttpSession(true)
        );


       return http.build();
   }

   @Bean
   PasswordEncoder passwordEncoder() {
       return new BCryptPasswordEncoder();
   }

   @Bean
   AuthenticationManager authenticationManager(AuthenticationConfiguration authenticationConfiguration) throws Exception {
       return authenticationConfiguration.getAuthenticationManager();
   }
}