Merge pull request #141 from DSM-PICK/develop

modify :: security
DSM-PICK · Apr 22, 2024 · 4a2a9bc · 4a2a9bc
2 parents 0b93038 + 0660ec6
commit 4a2a9bc
Show file tree

Hide file tree

Showing 2 changed files with 105 additions and 104 deletions.
diff --git a/src/main/kotlin/dsm/pick2024/global/config/security/SecurityConfig.kt b/src/main/kotlin/dsm/pick2024/global/config/security/SecurityConfig.kt
@@ -1,17 +1,19 @@
 package dsm.pick2024.global.config.security
 
 import com.fasterxml.jackson.databind.ObjectMapper
+import dsm.pick2024.domain.user.entity.enums.Role
 import dsm.pick2024.global.config.filter.FilterConfig
 import dsm.pick2024.global.security.jwt.JwtTokenProvider
 import org.springframework.context.annotation.Bean
-import org.springframework.context.annotation.Configuration
+import org.springframework.http.HttpMethod
 import org.springframework.security.config.annotation.web.builders.HttpSecurity
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
 import org.springframework.security.config.http.SessionCreationPolicy
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder
 import org.springframework.security.web.SecurityFilterChain
 import org.springframework.web.cors.CorsUtils
 
-@Configuration
+@EnableWebSecurity
 class SecurityConfig(
     private val objectMapper: ObjectMapper,
     private val jwtTokenProvider: JwtTokenProvider
@@ -21,111 +23,111 @@ class SecurityConfig(
         http
             .csrf()
             .disable()
-            .formLogin()
+            .formLogin().and().cors()
             .disable()
             .sessionManagement()
             .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
 
         http.authorizeRequests()
             .requestMatchers(CorsUtils::isCorsRequest)
             .permitAll()
-            .antMatchers("/dsm-pick/admin/login", "/dsm-pick/user/login").permitAll()
-
-//            .antMatchers(
-//                HttpMethod.POST,
-//                "/after/**",
-//                "/meal",
-//                "/notice",
-//                "/schedule/create",
-//                "/self-study/register",
-//                "/timetable",
-//                "/weekend-meal/saveAll",
-//                "/status/saveAll",
-//                "/schedule/**",
-//            ).hasRole("SCH")
-//            .antMatchers(
-//                HttpMethod.GET,
-//                "/admin/**",
-//                "/after/**",
-//                "/application/reason/all",
-//                "/application/status",
-//                "/application/floor",
-//                "/application/grade",
-//                "/application/all",
-//                "/story/**",
-//                "/class-room/floor",
-//                "/class-room/grade",
-//                "/early-return/grade",
-//                "/early-return/floor",
-//                "/early-return/reason/ok-all",
-//                "/early-return/ok",
-//                "/early-return/all",
-//                "/self-study/month",
-//                "/self-study/date",
-//                "/self-study/admin",
-//                "/weekend-meal/all",
-//                "/weekend-meal/quit",
-//                "/weekend-meal/hey",
-//                "/status/**",
-//                "/user/all",
-//                "/status/grade",
-//            ).hasRole(Role.SCH.name)
-//            .antMatchers(
-//                HttpMethod.PATCH,
-//                "/application/**",
-//                "/early-return/**",
-//                "/notice/modify",
-//                "/status/change",
-//                "/weekend-meal/status",
-//                "/schedule/modify",
-//                "/after/change",
-//                "/class-room/status",
-//                "/class",
-//            ).hasRole("SCH")
-//            .antMatchers(
-//                HttpMethod.DELETE,
-//                "/after/**",
-//                "/notice/delete/**",
-//                "/schedule/delete/**",
-//                "/after/delete",
-//            )
-//            .hasRole("SCH")
-//            .antMatchers(
-//                HttpMethod.POST,
-//                "/application",
-//                "/class-room/move",
-//                "/early-return/create",
-//            ).hasRole("STU")
-//            .antMatchers(
-//                HttpMethod.PATCH,
-//                "/application/status",
-//                "/weekend-meal/my-status",
-//            ).hasRole("STU")
-//            .antMatchers(
-//                HttpMethod.GET,
-//                "/user/simple",
-//                "/user/details",
-//                "/application/my",
-//                "/application/simple",
-//                "/class-room/move",
-//                "/early-return/my",
-//                "meal/date",
-//                "/timetable/**",
-//                "/weekend-meal/my",
-//                "/main",
-//            ).hasRole("STU")
-//            .antMatchers(
-//                HttpMethod.DELETE,
-//                "/class-room/return",
-//            ).hasRole("STU")
-//            .antMatchers(
-//                HttpMethod.GET,
-//                "/application/non-return",
-//            ).hasRole("SCH")
-//            .antMatchers(
-//                HttpMethod.GET,
-//                "/weekend-meal/excel",
-//            ).hasRole("SCH")
+            .antMatchers("/admin/login", "/user/login").permitAll()
+            .antMatchers(
+                HttpMethod.POST,
+                "/after/**",
+                "/meal",
+                "/notice",
+                "/schedule/create",
+                "/self-study/register",
+                "/timetable",
+                "/weekend-meal/saveAll",
+                "/status/saveAll",
+                "/schedule/**"
+            ).hasRole(Role.SCH.name)
+            .antMatchers(
+                HttpMethod.GET,
+                "/admin/**",
+                "/after/**",
+                "/application/reason/all",
+                "/application/status",
+                "/application/floor",
+                "/application/grade",
+                "/application/all",
+                "/story/**",
+                "/class-room/floor",
+                "/class-room/grade",
+                "/early-return/grade",
+                "/early-return/floor",
+                "/early-return/reason/ok-all",
+                "/early-return/ok",
+                "/early-return/all",
+                "/self-study/month",
+                "/self-study/date",
+                "/self-study/admin",
+                "/weekend-meal/all",
+                "/weekend-meal/quit",
+                "/weekend-meal/hey",
+                "/status/**",
+                "/user/all",
+                "/status/grade"
+            ).hasRole(Role.SCH.name)
+            .antMatchers(
+                HttpMethod.PATCH,
+                "/application/**",
+                "/early-return/**",
+                "/notice/modify",
+                "/status/change",
+                "/weekend-meal/status",
+                "/schedule/modify",
+                "/after/change",
+                "/class-room/status",
+                "/class"
+            ).hasRole(Role.SCH.name)
+            .antMatchers(
+                HttpMethod.DELETE,
+                "/after/**",
+                "/notice/delete/**",
+                "/schedule/delete/**",
+                "/after/delete"
+            )
+            .hasRole(Role.SCH.name)
+            .antMatchers(
+                HttpMethod.POST,
+                "/application",
+                "/class-room/move",
+                "/early-return/create"
+            ).hasRole(Role.STU.name)
+            .antMatchers(
+                HttpMethod.PATCH,
+                "/application/status",
+                "/weekend-meal/my-status"
+            ).hasRole(Role.STU.name)
+            .antMatchers(
+                HttpMethod.GET,
+                "/user/simple",
+                "/user/details",
+                "/application/my",
+                "/application/simple",
+                "/class-room/move",
+                "/early-return/my",
+                "meal/date",
+                "/timetable/**",
+                "/weekend-meal/my",
+                "/main"
+            ).hasRole(Role.STU.name)
+            .antMatchers(
+                HttpMethod.DELETE,
+                "/class-room/return"
+            ).hasRole(Role.STU.name)
+            .antMatchers(
+                HttpMethod.GET,
+                "/application/non-return"
+            ).hasRole(Role.SCH.name)
+            .antMatchers(
+                HttpMethod.GET,
+                "/weekend-meal/excel"
+            ).hasRole(Role.SCH.name)
+            .anyRequest().authenticated()
 
         http
             .apply(FilterConfig(objectMapper, jwtTokenProvider))

diff --git a/src/main/kotlin/dsm/pick2024/global/security/auth/AuthDetails.kt b/src/main/kotlin/dsm/pick2024/global/security/auth/AuthDetails.kt
@@ -10,10 +10,9 @@ class AuthDetails(
     private val role: Role
 ) : UserDetails {
 
-    override fun getAuthorities(): MutableCollection<out GrantedAuthority> =
-        role.name.map {
-            SimpleGrantedAuthority(it.toString())
-        }.toMutableList()
+    override fun getAuthorities(): Collection<GrantedAuthority?> {
+        return listOf<SimpleGrantedAuthority>(SimpleGrantedAuthority("ROLE_" + role.name))
+    }
 
     override fun getPassword(): String? {
         return null