From 8414f03a4b245ab3a62ecb9054bbed51cd781b3b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=EB=8F=84=EA=B2=BD?= <dokyungkim2926@gmail.com>
Date: Mon, 22 Apr 2024 09:28:07 +0900
Subject: [PATCH 1/4] modify :: url

---
 .../global/config/security/SecurityConfig.kt  | 198 +++++++++---------
 .../security/auth/AdminDetailsService.kt      |   2 +-
 .../global/security/auth/AuthDetails.kt       |  10 +-
 .../security/auth/AuthDetailsService.kt       |   2 +-
 4 files changed, 106 insertions(+), 106 deletions(-)

diff --git a/src/main/kotlin/dsm/pick2024/global/config/security/SecurityConfig.kt b/src/main/kotlin/dsm/pick2024/global/config/security/SecurityConfig.kt
index 08ac3eca..c09555ac 100644
--- a/src/main/kotlin/dsm/pick2024/global/config/security/SecurityConfig.kt
+++ b/src/main/kotlin/dsm/pick2024/global/config/security/SecurityConfig.kt
@@ -1,17 +1,19 @@
 package dsm.pick2024.global.config.security
 
 import com.fasterxml.jackson.databind.ObjectMapper
+import dsm.pick2024.domain.user.entity.enums.Role
 import dsm.pick2024.global.config.filter.FilterConfig
 import dsm.pick2024.global.security.jwt.JwtTokenProvider
 import org.springframework.context.annotation.Bean
-import org.springframework.context.annotation.Configuration
+import org.springframework.http.HttpMethod
 import org.springframework.security.config.annotation.web.builders.HttpSecurity
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
 import org.springframework.security.config.http.SessionCreationPolicy
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder
 import org.springframework.security.web.SecurityFilterChain
 import org.springframework.web.cors.CorsUtils
 
-@Configuration
+@EnableWebSecurity
 class SecurityConfig(
     private val objectMapper: ObjectMapper,
     private val jwtTokenProvider: JwtTokenProvider
@@ -32,102 +34,102 @@ class SecurityConfig(
             .requestMatchers(CorsUtils::isCorsRequest)
             .permitAll()
             .antMatchers("/admin/login", "/user/login").permitAll()
-            .anyRequest().permitAll()
-//            .antMatchers(
-//                HttpMethod.POST,
-//                "/after/**",
-//                "/meal",
-//                "/notice",
-//                "/schedule/create",
-//                "/self-study/register",
-//                "/timetable",
-//                "/weekend-meal/saveAll",
-//                "/status/saveAll",
-//                "/schedule/**",
-//            ).hasRole("SCH")
-//            .antMatchers(
-//                HttpMethod.GET,
-//                "/admin/**",
-//                "/after/**",
-//                "/application/reason/all",
-//                "/application/status",
-//                "/application/floor",
-//                "/application/grade",
-//                "/application/all",
-//                "/story/**",
-//                "/class-room/floor",
-//                "/class-room/grade",
-//                "/early-return/grade",
-//                "/early-return/floor",
-//                "/early-return/reason/ok-all",
-//                "/early-return/ok",
-//                "/early-return/all",
-//                "/self-study/month",
-//                "/self-study/date",
-//                "/self-study/admin",
-//                "/weekend-meal/all",
-//                "/weekend-meal/quit",
-//                "/weekend-meal/hey",
-//                "/status/**",
-//                "/user/all",
-//                "/status/grade",
-//            ).hasRole(Role.SCH.name)
-//            .antMatchers(
-//                HttpMethod.PATCH,
-//                "/application/**",
-//                "/early-return/**",
-//                "/notice/modify",
-//                "/status/change",
-//                "/weekend-meal/status",
-//                "/schedule/modify",
-//                "/after/change",
-//                "/class-room/status",
-//                "/class",
-//            ).hasRole("SCH")
-//            .antMatchers(
-//                HttpMethod.DELETE,
-//                "/after/**",
-//                "/notice/delete/**",
-//                "/schedule/delete/**",
-//                "/after/delete",
-//            )
-//            .hasRole("SCH")
-//            .antMatchers(
-//                HttpMethod.POST,
-//                "/application",
-//                "/class-room/move",
-//                "/early-return/create",
-//            ).hasRole("STU")
-//            .antMatchers(
-//                HttpMethod.PATCH,
-//                "/application/status",
-//                "/weekend-meal/my-status",
-//            ).hasRole("STU")
-//            .antMatchers(
-//                HttpMethod.GET,
-//                "/user/simple",
-//                "/user/details",
-//                "/application/my",
-//                "/application/simple",
-//                "/class-room/move",
-//                "/early-return/my",
-//                "meal/date",
-//                "/timetable/**",
-//                "/weekend-meal/my",
-//                "/main",
-//            ).hasRole("STU")
-//            .antMatchers(
-//                HttpMethod.DELETE,
-//                "/class-room/return",
-//            ).hasRole("STU")
-//            .antMatchers(
-//                HttpMethod.GET,
-//                "/application/non-return",
-//            ).hasRole("SCH")
-//            .antMatchers(
-//                HttpMethod.GET,
-//                "/weekend-meal/excel",
-//            ).hasRole("SCH")
+            .antMatchers(
+                HttpMethod.POST,
+                "/after/**",
+                "/meal",
+                "/notice",
+                "/schedule/create",
+                "/self-study/register",
+                "/timetable",
+                "/weekend-meal/saveAll",
+                "/status/saveAll",
+                "/schedule/**",
+            ).hasRole("SCH")
+            .antMatchers(
+                HttpMethod.GET,
+                "/admin/**",
+                "/after/**",
+                "/application/reason/all",
+                "/application/status",
+                "/application/floor",
+                "/application/grade",
+                "/application/all",
+                "/story/**",
+                "/class-room/floor",
+                "/class-room/grade",
+                "/early-return/grade",
+                "/early-return/floor",
+                "/early-return/reason/ok-all",
+                "/early-return/ok",
+                "/early-return/all",
+                "/self-study/month",
+                "/self-study/date",
+                "/self-study/admin",
+                "/weekend-meal/all",
+                "/weekend-meal/quit",
+                "/weekend-meal/hey",
+                "/status/**",
+                "/user/all",
+                "/status/grade",
+            ).hasRole(Role.SCH.name)
+            .antMatchers(
+                HttpMethod.PATCH,
+                "/application/**",
+                "/early-return/**",
+                "/notice/modify",
+                "/status/change",
+                "/weekend-meal/status",
+                "/schedule/modify",
+                "/after/change",
+                "/class-room/status",
+                "/class",
+            ).hasRole(Role.SCH.name)
+            .antMatchers(
+                HttpMethod.DELETE,
+                "/after/**",
+                "/notice/delete/**",
+                "/schedule/delete/**",
+                "/after/delete",
+            )
+            .hasRole(Role.SCH.name)
+            .antMatchers(
+                HttpMethod.POST,
+                "/application",
+                "/class-room/move",
+                "/early-return/create",
+            ).hasRole(Role.STU.name)
+            .antMatchers(
+                HttpMethod.PATCH,
+                "/application/status",
+                "/weekend-meal/my-status",
+            ).hasRole(Role.STU.name)
+            .antMatchers(
+                HttpMethod.GET,
+                "/user/simple",
+                "/user/details",
+                "/application/my",
+                "/application/simple",
+                "/class-room/move",
+                "/early-return/my",
+                "meal/date",
+                "/timetable/**",
+                "/weekend-meal/my",
+                "/main",
+            ).hasRole(Role.STU.name)
+            .antMatchers(
+                HttpMethod.DELETE,
+                "/class-room/return",
+            ).hasRole(Role.STU.name)
+            .antMatchers(
+                HttpMethod.GET,
+                "/application/non-return",
+            ).hasRole(Role.SCH.name)
+            .antMatchers(
+                HttpMethod.GET,
+                "/weekend-meal/excel",
+            ).hasRole(Role.SCH.name)
+            .anyRequest().authenticated()
 
         http
             .apply(FilterConfig(objectMapper, jwtTokenProvider))
diff --git a/src/main/kotlin/dsm/pick2024/global/security/auth/AdminDetailsService.kt b/src/main/kotlin/dsm/pick2024/global/security/auth/AdminDetailsService.kt
index d74e6b80..ab3842c1 100644
--- a/src/main/kotlin/dsm/pick2024/global/security/auth/AdminDetailsService.kt
+++ b/src/main/kotlin/dsm/pick2024/global/security/auth/AdminDetailsService.kt
@@ -11,6 +11,6 @@ class AdminDetailsService(
 ) : UserDetailsService {
     override fun loadUserByUsername(username: String): UserDetails {
         val admin = adminFacadeUseCase.getAdminByAdminId(username)
-        return AuthDetails(admin!!.adminId)
+        return AuthDetails(admin!!.adminId, admin.role)
     }
 }
diff --git a/src/main/kotlin/dsm/pick2024/global/security/auth/AuthDetails.kt b/src/main/kotlin/dsm/pick2024/global/security/auth/AuthDetails.kt
index b1793493..bf057cac 100644
--- a/src/main/kotlin/dsm/pick2024/global/security/auth/AuthDetails.kt
+++ b/src/main/kotlin/dsm/pick2024/global/security/auth/AuthDetails.kt
@@ -1,19 +1,17 @@
 package dsm.pick2024.global.security.auth
 
+import dsm.pick2024.domain.user.entity.enums.Role
 import org.springframework.security.core.GrantedAuthority
 import org.springframework.security.core.authority.SimpleGrantedAuthority
 import org.springframework.security.core.userdetails.UserDetails
 
 class AuthDetails(
-    private val name: String
+    private val name: String,
+    private val role: Role
 ) : UserDetails {
 
-    companion object {
-        private val ROLE_STU = "ROLE_STU"
-    }
-
     override fun getAuthorities(): Collection<GrantedAuthority?> {
-        return listOf<SimpleGrantedAuthority>(SimpleGrantedAuthority(ROLE_STU))
+        return listOf<SimpleGrantedAuthority>(SimpleGrantedAuthority("ROLE_"+role.name))
     }
 
     override fun getPassword(): String? {
diff --git a/src/main/kotlin/dsm/pick2024/global/security/auth/AuthDetailsService.kt b/src/main/kotlin/dsm/pick2024/global/security/auth/AuthDetailsService.kt
index c2a60497..b11338ec 100644
--- a/src/main/kotlin/dsm/pick2024/global/security/auth/AuthDetailsService.kt
+++ b/src/main/kotlin/dsm/pick2024/global/security/auth/AuthDetailsService.kt
@@ -11,6 +11,6 @@ class AuthDetailsService(
 ) : UserDetailsService {
     override fun loadUserByUsername(username: String): UserDetails {
         val user = userFacadeUseCase.getUserByAccountId(username)
-        return AuthDetails(user.accountId)
+        return AuthDetails(user.accountId, user.role)
     }
 }

From bdf3acf2cff41159400d81b8502a12206fd3634b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=EB=8F=84=EA=B2=BD?= <dokyungkim2926@gmail.com>
Date: Mon, 22 Apr 2024 09:28:29 +0900
Subject: [PATCH 2/4] url

---
 .../global/config/security/SecurityConfig.kt  | 20 +++++++++----------
 .../global/security/auth/AuthDetails.kt       |  2 +-
 2 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/src/main/kotlin/dsm/pick2024/global/config/security/SecurityConfig.kt b/src/main/kotlin/dsm/pick2024/global/config/security/SecurityConfig.kt
index c09555ac..e37e74ef 100644
--- a/src/main/kotlin/dsm/pick2024/global/config/security/SecurityConfig.kt
+++ b/src/main/kotlin/dsm/pick2024/global/config/security/SecurityConfig.kt
@@ -44,7 +44,7 @@ class SecurityConfig(
                 "/timetable",
                 "/weekend-meal/saveAll",
                 "/status/saveAll",
-                "/schedule/**",
+                "/schedule/**"
             ).hasRole("SCH")
             .antMatchers(
                 HttpMethod.GET,
@@ -71,7 +71,7 @@ class SecurityConfig(
                 "/weekend-meal/hey",
                 "/status/**",
                 "/user/all",
-                "/status/grade",
+                "/status/grade"
             ).hasRole(Role.SCH.name)
             .antMatchers(
                 HttpMethod.PATCH,
@@ -83,26 +83,26 @@ class SecurityConfig(
                 "/schedule/modify",
                 "/after/change",
                 "/class-room/status",
-                "/class",
+                "/class"
             ).hasRole(Role.SCH.name)
             .antMatchers(
                 HttpMethod.DELETE,
                 "/after/**",
                 "/notice/delete/**",
                 "/schedule/delete/**",
-                "/after/delete",
+                "/after/delete"
             )
             .hasRole(Role.SCH.name)
             .antMatchers(
                 HttpMethod.POST,
                 "/application",
                 "/class-room/move",
-                "/early-return/create",
+                "/early-return/create"
             ).hasRole(Role.STU.name)
             .antMatchers(
                 HttpMethod.PATCH,
                 "/application/status",
-                "/weekend-meal/my-status",
+                "/weekend-meal/my-status"
             ).hasRole(Role.STU.name)
             .antMatchers(
                 HttpMethod.GET,
@@ -115,19 +115,19 @@ class SecurityConfig(
                 "meal/date",
                 "/timetable/**",
                 "/weekend-meal/my",
-                "/main",
+                "/main"
             ).hasRole(Role.STU.name)
             .antMatchers(
                 HttpMethod.DELETE,
-                "/class-room/return",
+                "/class-room/return"
             ).hasRole(Role.STU.name)
             .antMatchers(
                 HttpMethod.GET,
-                "/application/non-return",
+                "/application/non-return"
             ).hasRole(Role.SCH.name)
             .antMatchers(
                 HttpMethod.GET,
-                "/weekend-meal/excel",
+                "/weekend-meal/excel"
             ).hasRole(Role.SCH.name)
             .anyRequest().authenticated()
 
diff --git a/src/main/kotlin/dsm/pick2024/global/security/auth/AuthDetails.kt b/src/main/kotlin/dsm/pick2024/global/security/auth/AuthDetails.kt
index bf057cac..858ddf9c 100644
--- a/src/main/kotlin/dsm/pick2024/global/security/auth/AuthDetails.kt
+++ b/src/main/kotlin/dsm/pick2024/global/security/auth/AuthDetails.kt
@@ -11,7 +11,7 @@ class AuthDetails(
 ) : UserDetails {
 
     override fun getAuthorities(): Collection<GrantedAuthority?> {
-        return listOf<SimpleGrantedAuthority>(SimpleGrantedAuthority("ROLE_"+role.name))
+        return listOf<SimpleGrantedAuthority>(SimpleGrantedAuthority("ROLE_" + role.name))
     }
 
     override fun getPassword(): String? {

From 3a64ca35569327ee4abd3436a4fe1ffc2a70c276 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=EB=8F=84=EA=B2=BD?= <dokyungkim2926@gmail.com>
Date: Mon, 22 Apr 2024 09:40:21 +0900
Subject: [PATCH 3/4] test

---
 .../dsm/pick2024/global/config/security/SecurityConfig.kt      | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/main/kotlin/dsm/pick2024/global/config/security/SecurityConfig.kt b/src/main/kotlin/dsm/pick2024/global/config/security/SecurityConfig.kt
index 89763d80..63b6747b 100644
--- a/src/main/kotlin/dsm/pick2024/global/config/security/SecurityConfig.kt
+++ b/src/main/kotlin/dsm/pick2024/global/config/security/SecurityConfig.kt
@@ -23,13 +23,14 @@ class SecurityConfig(
         http
             .csrf()
             .disable()
-            .formLogin()
+            .formLogin().and().cors()
             .disable()
             .sessionManagement()
             .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
 
         http.authorizeRequests()
             .requestMatchers(CorsUtils::isCorsRequest)
+            .permitAll()
             .antMatchers("/admin/login", "/user/login").permitAll()
             .antMatchers(
                 HttpMethod.POST,

From 0660ec61d3efc83c9fcda0a088483fc4a89b698c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=EB=8F=84=EA=B2=BD?= <dokyungkim2926@gmail.com>
Date: Mon, 22 Apr 2024 09:50:42 +0900
Subject: [PATCH 4/4] lint

---
 src/main/kotlin/dsm/pick2024/global/security/auth/AuthDetails.kt | 1 -
 1 file changed, 1 deletion(-)

diff --git a/src/main/kotlin/dsm/pick2024/global/security/auth/AuthDetails.kt b/src/main/kotlin/dsm/pick2024/global/security/auth/AuthDetails.kt
index 1a19145c..858ddf9c 100644
--- a/src/main/kotlin/dsm/pick2024/global/security/auth/AuthDetails.kt
+++ b/src/main/kotlin/dsm/pick2024/global/security/auth/AuthDetails.kt
@@ -14,7 +14,6 @@ class AuthDetails(
         return listOf<SimpleGrantedAuthority>(SimpleGrantedAuthority("ROLE_" + role.name))
     }
 
-
     override fun getPassword(): String? {
         return null
     }