From e5fe09fa692dd0b4e9189bb5d6d13dbd8a93d761 Mon Sep 17 00:00:00 2001
From: youjin09222 <youjin09222@gmail.com>
Date: Fri, 10 Nov 2023 23:27:38 +0900
Subject: [PATCH] feat: Add SecurityConfig (#3)

---
 .../servertoyproject/jwt/SecurityConfig.java  | 41 +++++++++++++++++++
 1 file changed, 41 insertions(+)
 create mode 100644 server-toy-project/src/main/java/com/gdsc_teamb/servertoyproject/jwt/SecurityConfig.java

diff --git a/server-toy-project/src/main/java/com/gdsc_teamb/servertoyproject/jwt/SecurityConfig.java b/server-toy-project/src/main/java/com/gdsc_teamb/servertoyproject/jwt/SecurityConfig.java
new file mode 100644
index 0000000..bddde9e
--- /dev/null
+++ b/server-toy-project/src/main/java/com/gdsc_teamb/servertoyproject/jwt/SecurityConfig.java
@@ -0,0 +1,41 @@
+package com.gdsc_teamb.servertoyproject.jwt;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
+import org.springframework.security.config.http.SessionCreationPolicy;
+import org.springframework.security.crypto.factory.PasswordEncoderFactories;
+import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
+
+@Configuration
+@EnableWebSecurity    // 웹 보안 활성화 (CSRF 공격 방지)
+@EnableMethodSecurity // 메서드 레벨의 보안 설정 활성화
+public class SecurityConfig {
+    private JwtTokenProvider jwtTokenProvider;
+
+    @Bean
+    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception{
+        http
+                .httpBasic(AbstractHttpConfigurer::disable) // rest api 이므로 basic auth 및 csrf 보안을 사용 X
+                .csrf(AbstractHttpConfigurer::disable)
+                .sessionManagement(config -> config.sessionCreationPolicy(SessionCreationPolicy.STATELESS)) // 세션 사용 X
+                .authorizeRequests()
+                .requestMatchers(new AntPathRequestMatcher("/members/login")).permitAll()    // 모든 요청 허가
+                .requestMatchers(new AntPathRequestMatcher("/members/test")).hasRole("USER") // USER 권한 확인
+                .anyRequest().authenticated() // 이 밖에 모든 요청에 대해 인증 필요
+                .and()
+                .addFilterBefore(new JwtAuthenticationFilter(jwtTokenProvider), UsernamePasswordAuthenticationFilter.class);
+        return http.build();
+    }
+
+    @Bean
+    public PasswordEncoder passwordEncoder() {
+        return PasswordEncoderFactories.createDelegatingPasswordEncoder();
+    }
+}