import org.springframework.context.annotation.Bean
import org.springframework.context.annotation.Configuration
import org.springframework.security.config.annotation.web.builders.HttpSecurity
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository
import org.springframework.security.oauth2.client.registration.InMemoryClientRegistrationRepository
import org.springframework.security.oauth2.client.registration.ClientRegistration
import org.springframework.security.oauth2.client.web.DefaultOAuth2AuthorizationRequestResolver
import org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestResolver
import org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter
import org.springframework.security.oauth2.client.web.OAuth2LoginConfigurer
import org.springframework.security.oauth2.client.web.OAuth2LoginConfigurer.OAuth2LoginSpec
@Configuration
@EnableWebSecurity
class SecurityConfig(
private val jwtAuthenticationFilter: JwtAuthenticationFilter,
private val authenticationEntryPoint: AuthenticationEntryPoint,
private val accessDeniedHandler: AccessDeniedHandler,
private val oAuth2UserService: OAuth2UserService,
private val oAuth2LoginSuccessHandler: OAuth2LoginSuccessHandler
) {
@Bean
fun filterChain(http: HttpSecurity): SecurityFilterChain {
return http
.httpBasic { it.disable() }
.formLogin { it.disable() }
.csrf { it.disable() }
.headers { it.frameOptions { options -> options.sameOrigin() } }
.authorizeHttpRequests {
it.requestMatchers(
"/login", "/signup", "/swagger-ui/**", "/v3/api-docs/**", "/oauth2/login",
"/oauth2/callback/**"
).permitAll()
.anyRequest().authenticated()
}
.addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter::class.java)
.exceptionHandling {
it.authenticationEntryPoint(authenticationEntryPoint)
it.accessDeniedHandler(accessDeniedHandler)
}
.oauth2Login { oauthConfig ->
oauthConfig.authorizationEndpoint {
it.baseUri("/oauth2/login")
}.redirectionEndpoint {
it.baseUri("/oauth2/callback/*")
}.userInfoEndpoint {
it.userService(oAuth2UserService)
}.successHandler(oAuth2LoginSuccessHandler)
}
.sessionManagement {
it.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
}
.build()
}
@Bean
fun clientRegistrationRepository(): ClientRegistrationRepository {
return InMemoryClientRegistrationRepository(
googleClientRegistration(),
naverClientRegistration(),
kakaoClientRegistration()
)
}
private fun googleClientRegistration(): ClientRegistration {
return ClientRegistration.withRegistrationId("google")
.clientId("your-google-client-id")
.clientSecret("your-google-client-secret")
.redirectUriTemplate("{baseUrl}/oauth2/callback/{registrationId}")
.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
.scope("openid", "profile", "email")
.authorizationUri("https://accounts.google.com/o/oauth2/auth")
.tokenUri("https://oauth2.googleapis.com/token")
.userInfoUri("https://www.googleapis.com/oauth2/v3/userinfo")
.userNameAttributeName(IdTokenClaimNames.SUB)
.clientName("Google")
.build()
}
private fun naverClientRegistration(): ClientRegistration {
return ClientRegistration.withRegistrationId("naver")
.clientId("your-naver-client-id")
.clientSecret("your-naver-client-secret")
.redirectUriTemplate("{baseUrl}/oauth2/callback/{registrationId}")
.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
.scope("profile")
.authorizationUri("https://nid.naver.com/oauth2.0/authorize")
.tokenUri("https://nid.naver.com/oauth2.0/token")
.userInfoUri("https://openapi.naver.com/v1/nid/me")
.userNameAttributeName("response")
.clientName("Naver")
.build()
}
private fun kakaoClientRegistration(): ClientRegistration {
return ClientRegistration.withRegistrationId("kakao")
.clientId("your-kakao-client-id")
.clientSecret("your-kakao-client-secret")
.redirectUriTemplate("{baseUrl}/oauth2/callback/{registrationId}")
.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
.scope("profile_nickname", "account_email")
.authorizationUri("https://kauth.kakao.com/oauth/authorize")
.tokenUri("https://kauth.kakao.com/oauth/token")
.userInfoUri("https://kapi.kakao.com/v2/user/me")
.userNameAttributeName("id")
.clientName("Kakao")
.build()
}
}카테고리 없음