Fix: hasAuthority 임시 삭제

neulpeum · Apr 2, 2024 · 5c77c62 · 5c77c62
2 parents 86052dc + 1d36c42
commit 5c77c62
Showing 1 changed file with 5 additions and 10 deletions.
diff --git a/src/main/java/com/medicare/neulpeum/config/SecurityConfig.java b/src/main/java/com/medicare/neulpeum/config/SecurityConfig.java
@@ -5,7 +5,6 @@
 import lombok.RequiredArgsConstructor;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
-import org.springframework.http.HttpStatus;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.authentication.ProviderManager;
 import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
@@ -16,15 +15,13 @@
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.web.SecurityFilterChain;
-import org.springframework.security.web.authentication.HttpStatusEntryPoint;
 
 @Configuration
 @EnableWebSecurity
 @RequiredArgsConstructor
 public class SecurityConfig {
 
     private final CustomUserDetailService userDetailsService;
-
     @Bean
     public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
         http
@@ -35,14 +32,8 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
                 .authorizeHttpRequests((authorizeRequest) ->
                         authorizeRequest
                                 .requestMatchers("/api/login").permitAll()
-                                .requestMatchers("/accountSettings", "/drugs").hasAuthority("ADMIN")
-                                .requestMatchers("/api/admin/**", "/api/drug").hasAuthority("ADMIN")
                                 .anyRequest().authenticated()
                 )
-                .exceptionHandling(e -> e
-                        .authenticationEntryPoint(new CustomAuthenticationEntryPoint())//인증예외
-                        .accessDeniedHandler(new CustomAccessDenyHandler())//인가예외
-                )
 
                 // Rest 방식으로 로그인을 할 것이므로 form 로그인 사용 안함
                 .formLogin(AbstractHttpConfigurer::disable)
@@ -57,7 +48,11 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
                 //인증되지 않은 자원에 접근했을 때
                 .exceptionHandling((configurer) ->
                         configurer
-                                .authenticationEntryPoint(new HttpStatusEntryPoint(HttpStatus.FORBIDDEN)))
+//                                .authenticationEntryPoint(new HttpStatusEntryPoint(HttpStatus.FORBIDDEN)))
+                                .authenticationEntryPoint(new CustomAuthenticationEntryPoint())//인증예외
+                                .accessDeniedHandler(new CustomAccessDenyHandler())//인가예외
+                )
+
                 .sessionManagement((sessionManagement) ->
                         sessionManagement
                                 .sessionCreationPolicy(SessionCreationPolicy.ALWAYS)//스프링 시큐리티가 항상 세션 생성