뭐라도 끄적이는 BLOG

Multiple SecurityChain 본문

SpringFramework/Spring Security

Multiple SecurityChain

Drawhale 2023. 7. 9. 14:06

Multiple SecurityChain

이전에 하나로 작성한 SecurityFilterChain을 연달아서 정의할 수도 있다. 각각의 filter의 이름은 달라야하며 @Order라는 Annotation으로 Filter등록 순서를 정할 수 있다. 낮은 순서가 우선시 된다.

@Configuration
@EnableWebSecurity
public class SecurityConfiguration {
    @Bean
    @Order(100)
    SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
        http
                .securityMatcher("/user")
                .authorizeHttpRequests(authorize -> {
                    authorize.requestMatchers(HttpMethod.GET, "/").permitAll();
                    authorize.requestMatchers(HttpMethod.GET, "/user/**").hasAnyAuthority("ROLE_ADMIN", "ROLE_USER", "OIDC_USER");
                    authorize.anyRequest().authenticated();
                })
                .formLogin(withDefaults());
        return http.build();
    }

    @Bean
    @Order(101)
    SecurityFilterChain securityFilterChainAdmin(HttpSecurity http) throws Exception {
        http
                .securityMatcher("/admin")
                .authorizeHttpRequests(authorize -> {
                    authorize.requestMatchers("/admin/**").hasAnyAuthority("ROLE_ADMIN");
                    authorize.anyRequest().authenticated();
                })
                .formLogin(withDefaults());
        return http.build();
    }

    @Bean
    @Order(102)
    SecurityFilterChain securityFilterChainHome(HttpSecurity http) throws Exception {
        http
                .securityMatcher("/")
                .authorizeHttpRequests(authorize -> {
                    authorize.anyRequest().permitAll();
                })
                .formLogin(withDefaults());
        return http.build();
    }

    @Bean
    @Order(103)
    SecurityFilterChain securityFilterChainOther(HttpSecurity http) throws Exception {
        http
                .authorizeHttpRequests(authorize -> {
                    authorize.anyRequest().denyAll();
                })
                .formLogin(withDefaults());
        return http.build();
    }
    @Bean
    JdbcUserDetailsManager jdbcUserDetailsManager(DataSource dataSource) {
        return new JdbcUserDetailsManager(dataSource);
    }

    @Bean
    DataSource dataSource() {
        return DataSourceBuilder.create()
                .driverClassName("org.h2.Driver")
                .url("jdbc:h2:mem:testdb")
                .username("sa")
                .password("")
                .build();
    }
}

@Order는 Bean생성 순서에 영향을 미치므로 주의해서 사용해야 한다.

반응형
저작자표시 비영리 변경금지

'SpringFramework > Spring Security' 카테고리의 다른 글

Spring Security Architecture  (0) 2023.07.18
Custom UserDetailsService & Custom User  (0) 2023.07.10
Spring Security OAuth(Google)  (0) 2023.07.09
Spring Security Embedded H2 Database 사용 방법  (0) 2023.07.08
Security Configuration  (0) 2023.07.07
'SpringFramework/Spring Security' Related Articles more