JAVA&Spring/Settting
SecurityConfig
가끔개발
2023. 6. 27. 14:41
스프링 부트 2.7
@Configuration
public class SecurityConfig {
@Bean
public SecurityFilterChain securityFilterChain(
HttpSecurity http,
OAuth2UserService<OAuth2UserRequest, OAuth2User> oAuth2UserService
) throws Exception {
return http
.authorizeHttpRequests(auth -> auth
.requestMatchers(PathRequest.toStaticResources().atCommonLocations()).permitAll()
.mvcMatchers("/api/**").permitAll()
.mvcMatchers(
HttpMethod.GET,
"/",
"/articles",
"/articles/search-hashtag"
).permitAll()
.anyRequest().authenticated()
)
.formLogin(withDefaults())
.logout(logout -> logout.logoutSuccessUrl("/"))
.oauth2Login(oAuth -> oAuth
.userInfoEndpoint(userInfo -> userInfo
.userService(oAuth2UserService)
)
)
.csrf(csrf -> csrf.ignoringAntMatchers("/api/**"))
.build();
}Advanced Configuration :: Spring Security
By default, the OAuth 2.0 Login Page is auto-generated by the DefaultLoginPageGeneratingFilter. The default login page shows each configured OAuth Client with its ClientRegistration.clientName as a link, which is capable of initiating the Authorization Req
docs.spring.io
https://www.thymeleaf.org/doc/articles/springsecurity.html
Thymeleaf + Spring Security integration basics - Thymeleaf
Have you switched to Thymeleaf but your login and error pages are still using JSP? In this article we will see how to configure your Spring application to use Thymeleaf for login and error pages. All the code seen here comes from a working application. You
www.thymeleaf.org