[Tnote] security 버전 변경에 따른 설정 변경

기존 spring security 3.0.2 일때 코드 [ 기존 코드 ]

private final JwtTokenProvider jwtTokenProvider;
private final JwtAuthenticationEntryPoint jwtAuthenticationEntryPoint;
private final JwtAccessDeniedHandler jwtAccessDeniedHandler;
private final JwtExceptionFilter jwtExceptionFilter;

@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
    http
            .csrf().disable()
            .exceptionHandling()
            .authenticationEntryPoint(jwtAuthenticationEntryPoint)
            .accessDeniedHandler(jwtAccessDeniedHandler)

            .and()
            .headers().frameOptions().disable()

            .and()
            .cors()

            .and()
            .sessionManagement()
            .sessionCreationPolicy(SessionCreationPolicy.STATELESS)

            .and()
            .authorizeHttpRequests()
            .requestMatchers("/**").permitAll()
            .anyRequest().authenticated()

            .and()
            .oauth2Login()
            .redirectionEndpoint()
            .baseUri("/oauth2/code/*")
        ;

    http
            .addFilterBefore(new JwtAuthenticationFilter(jwtTokenProvider), UsernamePasswordAuthenticationFilter.class)
            .addFilterBefore(jwtExceptionFilter, JwtAuthenticationFilter.class);

    return http.build();
}

 

현재 spring security 3.1.0 인 코드

@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
    http
              .csrf(
                    AbstractHttpConfigurer::disable
              )
              .headers(headerConfig ->
                      headerConfig.frameOptions(
                              HeadersConfigurer.FrameOptionsConfig::disable
                      )
              )
              .exceptionHandling(exceptionConfig ->
                      exceptionConfig
                              .authenticationEntryPoint(jwtAuthenticationEntryPoint)
                              .accessDeniedHandler(jwtAccessDeniedHandler)
              )
              .authorizeHttpRequests(authorizeRequests ->
                      authorizeRequests
                              .requestMatchers("/**").permitAll()
                              .anyRequest().authenticated()
              )
              .cors(
                      Customizer.withDefaults()
              )
              //세션 정책 설정
              .sessionManagement(configurer ->
                      configurer.sessionCreationPolicy(
                              SessionCreationPolicy.STATELESS
                      )

              )
              .addFilterBefore(
                      new JwtAuthenticationFilter(jwtTokenProvider)
                          , UsernamePasswordAuthenticationFilter.class
              )
              .addFilterBefore(
                      jwtExceptionFilter, JwtAuthenticationFilter.class
              )
              .logout(logout ->
                      logout.logoutSuccessUrl("/")
              )
              .oauth2Login(oauth2 ->
                      oauth2.redirectionEndpoint( info ->
                              info.baseUri("/oauth2/code/*")

                      )
              )

      ;
      return http.build();
    }
}

 

버전이 변경이 되면서 조금 변경이 되었다.

메서드 체이닝으로 해결X ->  앞으로는 람다식을 사용하여서 해결O

 

기존 설정은 () 안에 Customizer.withDefaults() 를 사용하면 된다 ( cors() 부분 참고 )

 

버전 변경에 따른 문법 변화는 docs를 잘 참고해보자!