search

JinhwanB / dividendpj

스프링 부트와 java를 사용한 배당금 프로젝트
0 stars 0 forks source link

시큐리티 적용 후 h2 console 접근 불가 #1

Closed JinhwanB closed 6 months ago

JinhwanB commented 6 months ago

프로젝트에 시큐리티 적용 후 h2 에 시큐리티에서 접근을 허용하지 않는 현상 발생 (h2-console경로에 permitAll을 해놓은 상태였음)

@Slf4j
@Configuration
@EnableWebSecurity
@EnableMethodSecurity
@RequiredArgsConstructor
public class SecurityConfiguration {
    private final JwtAuthenticationFilter authenticationFilter;

    @Bean
    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
        http
                .csrf(csrf -> AbstractHttpConfigurer::disable)
                .httpBasic(AbstractHttpConfigurer::disable)
                .sessionManagement(sessionManagement ->
                        sessionManagement.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
                .authorizeHttpRequests(authorizeRequest ->
                {
                    authorizeRequest
                            .requestMatchers(
                                    new AntPathRequestMatcher("/**/signin"),
                                    new AntPathRequestMatcher("/**/signup"),
                                    new AntPathRequestMatcher("/h2-console/**")
                            ).permitAll();
                })
                .addFilterBefore(authenticationFilter, UsernamePasswordAuthenticationFilter.class);
        return http.build();
    }
}
JinhwanB commented 6 months ago

아래 코드 추가 후 정상 접근 가능

@Slf4j
@Configuration
@EnableWebSecurity
@EnableMethodSecurity
@RequiredArgsConstructor
public class SecurityConfiguration {

    private final JwtAuthenticationFilter authenticationFilter;

    @Bean
    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
        http
                .csrf(csrf -> csrf.ignoringRequestMatchers("/h2-console/**")
                        .disable()) // 변경
                .httpBasic(AbstractHttpConfigurer::disable)
                .sessionManagement(sessionManagement ->
                        sessionManagement.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
                .authorizeHttpRequests(authorizeRequest ->
                {
                    authorizeRequest
                            .requestMatchers(
                                    new AntPathRequestMatcher("/**/signin"),
                                    new AntPathRequestMatcher("/**/signup"),
                                    new AntPathRequestMatcher("/h2-console/**")
                            ).permitAll();
                })
                .addFilterBefore(authenticationFilter, UsernamePasswordAuthenticationFilter.class)
                .headers(
                        headersConfigurer ->
                                headersConfigurer.frameOptions(
                                        HeadersConfigurer.FrameOptionsConfig::disable
                                )
                ); // 추가
        return http.build();
    }
}