feat: Controller 에 대한 권한 제어 재작성

Kernel360 · Aug 23, 2024 · 51dcc7a · 51dcc7a
1 parent ddce1e4
commit 51dcc7a
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 3 deletions.
diff --git a/server/src/main/java/com/talkka/server/config/SecurityConfig.java b/server/src/main/java/com/talkka/server/config/SecurityConfig.java
@@ -46,9 +46,11 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Excepti
 			.cors(cors -> cors.configurationSource(corsConfigurationSource()))
 			.authorizeHttpRequests(authorize -> authorize
 				.requestMatchers("/api/auth/login/**").permitAll()
-				.requestMatchers("/dev-login").permitAll()    // 개발용 경로
-				.requestMatchers(HttpMethod.POST, "/api/auth/register").hasAuthority(AuthRole.UNREGISTERED.getName())
-				.anyRequest().authenticated()//.hasAuthority(AuthRole.USER.getName())
+				.requestMatchers("/dev-login").permitAll()    // 개발용 경로, 이후에 삭제
+				.requestMatchers(HttpMethod.GET, "/api/bus/**").permitAll()
+				.requestMatchers(HttpMethod.GET, "/api/subway/**").permitAll()
+				.requestMatchers(HttpMethod.GET, "/api/bus-review/**").permitAll()
+				.anyRequest().authenticated() //.hasAuthority(AuthRole.USER.getName())
 			)
 			.addFilterAfter(new UnregisteredUserFilter(), BasicAuthenticationFilter.class)
 			.oauth2Login(oauth -> oauth

diff --git a/server/src/main/java/com/talkka/server/oauth/controller/AuthController.java b/server/src/main/java/com/talkka/server/oauth/controller/AuthController.java
@@ -1,6 +1,7 @@
 package com.talkka.server.oauth.controller;
 
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.access.annotation.Secured;
 import org.springframework.security.core.annotation.AuthenticationPrincipal;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
@@ -29,6 +30,7 @@ public class AuthController {
 	private final UserService userService;
 
 	@PostMapping("/register")
+	@Secured("UNREGISTERED")
 	public ResponseEntity<?> register(
 		@AuthenticationPrincipal OAuth2UserInfo userInfo,
 		@RequestBody @Valid UserCreateReqDto userCreateReqDto,

diff --git a/server/src/main/java/com/talkka/server/user/controller/UserController.java b/server/src/main/java/com/talkka/server/user/controller/UserController.java
@@ -2,6 +2,7 @@
 
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.access.annotation.Secured;
 import org.springframework.security.core.annotation.AuthenticationPrincipal;
 import org.springframework.web.bind.annotation.DeleteMapping;
 import org.springframework.web.bind.annotation.GetMapping;
@@ -31,6 +32,7 @@ public class UserController {
 	private final UserService userService;
 
 	@GetMapping("/{user_id}")
+	@Secured("ADMIN")
 	public ResponseEntity<?> getUser(
 		@PathVariable("user_id") Long userId
 	) {
@@ -45,6 +47,7 @@ public ResponseEntity<?> getUser(
 	}
 
 	@PutMapping("/{user_id}")
+	@Secured("ADMIN")
 	public ResponseEntity<?> updateUser(@PathVariable("user_id") Long userId,
 		@RequestBody @Valid UserUpdateReqDto userUpdateReqDto) {
 		ResponseEntity<?> response;
@@ -61,6 +64,7 @@ public ResponseEntity<?> updateUser(@PathVariable("user_id") Long userId,
 	}
 
 	@DeleteMapping("/{user_id}")
+	@Secured("ADMIN")
 	public ResponseEntity<?> deleteUser(@PathVariable("user_id") Long userId) {
 		ResponseEntity<?> response;
 		try {
@@ -73,6 +77,7 @@ public ResponseEntity<?> deleteUser(@PathVariable("user_id") Long userId) {
 	}
 
 	@GetMapping("/me")
+	@Secured({"USER"})
 	public ResponseEntity<?> getMe(@AuthenticationPrincipal OAuth2UserInfo userInfo) {
 		ResponseEntity<?> response;
 		try {
@@ -85,6 +90,7 @@ public ResponseEntity<?> getMe(@AuthenticationPrincipal OAuth2UserInfo userInfo)
 	}
 
 	@PutMapping("/me")
+	@Secured({"USER"})
 	public ResponseEntity<?> updateMe(@AuthenticationPrincipal OAuth2UserInfo userInfo,
 		@RequestBody @Valid UserUpdateReqDto userUpdateReqDto) {
 		ResponseEntity<?> response;