From 50d19be98fff90851cfe99308c2e32a52e7e58f1 Mon Sep 17 00:00:00 2001
From: lucki3377 <131318947+lucki3377@users.noreply.github.com>
Date: Wed, 31 May 2023 16:25:35 +0900
Subject: [PATCH] Update SecurityConfig.java
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

spring boot 2.7 버전 업그레이드로 인한 deperated된 소스 처리
---
 .../userservice/config/SecurityConfig.java    | 86 +++++++++----------
 1 file changed, 40 insertions(+), 46 deletions(-)

diff --git a/backend/user-service/src/main/java/org/egovframe/cloud/userservice/config/SecurityConfig.java b/backend/user-service/src/main/java/org/egovframe/cloud/userservice/config/SecurityConfig.java
index 5431f51..7013762 100644
--- a/backend/user-service/src/main/java/org/egovframe/cloud/userservice/config/SecurityConfig.java
+++ b/backend/user-service/src/main/java/org/egovframe/cloud/userservice/config/SecurityConfig.java
@@ -2,12 +2,13 @@ package org.egovframe.cloud.userservice.config;
 
 import lombok.RequiredArgsConstructor;
 import org.egovframe.cloud.userservice.service.user.UserService;
-import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.context.annotation.Bean;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.config.http.SessionCreationPolicy;
-import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.web.SecurityFilterChain;
 
 import static org.egovframe.cloud.common.config.GlobalConstant.SECURITY_PERMITALL_ANTPATTERNS;
 
@@ -31,57 +32,50 @@ import static org.egovframe.cloud.common.config.GlobalConstant.SECURITY_PERMITAL
  */
 @RequiredArgsConstructor
 @EnableWebSecurity // Spring Security 설정들을 활성화시켜 준다
-public class SecurityConfig extends WebSecurityConfigurerAdapter {
+public class SecurityConfig {
 
     private final TokenProvider tokenProvider;
     private final UserService userService;
-    private final BCryptPasswordEncoder bCryptPasswordEncoder;
-
+    
+    @Bean
+	AuthenticationManager authenticationManager(AuthenticationConfiguration authConfiguration) throws Exception {
+		return authConfiguration.getAuthenticationManager();
+	}
+    
     /**
      * 스프링 시큐리티 설정
      *
      * @param http
      * @throws Exception
      */
-    @Override
-    protected void configure(HttpSecurity http) throws Exception {
-        http
-                .csrf().disable()
-                .headers().frameOptions().disable()
-            .and()
-                .sessionManagement()
-                .sessionCreationPolicy(SessionCreationPolicy.STATELESS) // 토큰 사용하기 때문에 세션은 비활성화
-            .and()
-                .authorizeRequests()
-                .antMatchers(SECURITY_PERMITALL_ANTPATTERNS).permitAll()
-                .anyRequest().access("@authorizationService.isAuthorization(request, authentication)") // 호출 시 권한 인가 데이터 확인
-            .and()
-                .addFilter(getAuthenticationFilter())
-                .logout()
-                .logoutSuccessUrl("/");
-    }
-
-    /**
-     * 로그인 인증정보를 받아 토큰을 발급할 수 있도록 필터를 등록해준다.
-     *
-     * @return
-     * @throws Exception
-     */
-    private AuthenticationFilter getAuthenticationFilter() throws Exception {
-        return new AuthenticationFilter(authenticationManager(), tokenProvider, userService);
-    }
-
-    /**
-     * 인증 관련 - 로그인 처리
-     * DB 에서 조회하여 일치하는지 체크한다.
-     *
-     * @param auth
-     * @throws Exception
-     */
-    @Override
-    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
-        // userService.loadUserByUsername 메소드
-        auth.userDetailsService(userService).passwordEncoder(bCryptPasswordEncoder);
-    }
+    @Bean
+	public SecurityFilterChain configure(HttpSecurity http) throws Exception {
+		
+		AuthenticationManager authenticationManager = authenticationManager(http.getSharedObject(AuthenticationConfiguration.class));
+		
+		/**
+	     * 로그인 인증정보를 받아 토큰을 발급할 수 있도록 필터를 등록해준다.
+	     *
+	     * @return
+	     * @throws Exception
+	     */
+		AuthenticationFilter authenticationFilter = new AuthenticationFilter(authenticationManager, tokenProvider, userService);
+		
+		http
+        .csrf().disable().headers().frameOptions().disable()
+        .and()
+            .sessionManagement()
+            .sessionCreationPolicy(SessionCreationPolicy.STATELESS) // 토큰 사용하기 때문에 세션은 비활성화
+        .and()
+            .authorizeRequests()
+            .antMatchers(SECURITY_PERMITALL_ANTPATTERNS).permitAll()
+            .anyRequest().access("@authorizationService.isAuthorization(request, authentication)") // 호출 시 권한 인가 데이터 확인
+        .and()
+            .addFilter(authenticationFilter)
+            .logout()
+            .logoutSuccessUrl("/");
+		
+		return http.build();
+	}
 
 }