Merge pull request #13 from lucki3377/contribution

SecurityConfig에서 WebSecurityConfigurerAdapter 대체 처리

backend/user-service/src/main/java/org/egovframe/cloud/userservice/config/SecurityConfig.java

@@ -2,12 +2,13 @@ package org.egovframe.cloud.userservice.config;
 
 import lombok.RequiredArgsConstructor;
 import org.egovframe.cloud.userservice.service.user.UserService;
-import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.context.annotation.Bean;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.config.http.SessionCreationPolicy;
-import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.web.SecurityFilterChain;
 
 import static org.egovframe.cloud.common.config.GlobalConstant.SECURITY_PERMITALL_ANTPATTERNS;
 
@@ -31,11 +32,15 @@ import static org.egovframe.cloud.common.config.GlobalConstant.SECURITY_PERMITAL
  */
 @RequiredArgsConstructor
 @EnableWebSecurity // Spring Security 설정들을 활성화시켜 준다
-public class SecurityConfig extends WebSecurityConfigurerAdapter {
+public class SecurityConfig {
 
     private final TokenProvider tokenProvider;
     private final UserService userService;
-    private final BCryptPasswordEncoder bCryptPasswordEncoder;
+    
+    @Bean
+	AuthenticationManager authenticationManager(AuthenticationConfiguration authConfiguration) throws Exception {
+		return authConfiguration.getAuthenticationManager();
+	}
     
     /**
      * 스프링 시큐리티 설정
@@ -43,11 +48,21 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
      * @param http
      * @throws Exception
      */
-    @Override
-    protected void configure(HttpSecurity http) throws Exception {
+    @Bean
+	public SecurityFilterChain configure(HttpSecurity http) throws Exception {
+		
+		AuthenticationManager authenticationManager = authenticationManager(http.getSharedObject(AuthenticationConfiguration.class));
+		
+		/**
+	     * 로그인 인증정보를 받아 토큰을 발급할 수 있도록 필터를 등록해준다.
+	     *
+	     * @return
+	     * @throws Exception
+	     */
+		AuthenticationFilter authenticationFilter = new AuthenticationFilter(authenticationManager, tokenProvider, userService);
+		
 		http
-                .csrf().disable()
-                .headers().frameOptions().disable()
+        .csrf().disable().headers().frameOptions().disable()
         .and()
             .sessionManagement()
             .sessionCreationPolicy(SessionCreationPolicy.STATELESS) // 토큰 사용하기 때문에 세션은 비활성화
@@ -56,32 +71,11 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
             .antMatchers(SECURITY_PERMITALL_ANTPATTERNS).permitAll()
             .anyRequest().access("@authorizationService.isAuthorization(request, authentication)") // 호출 시 권한 인가 데이터 확인
         .and()
-                .addFilter(getAuthenticationFilter())
+            .addFilter(authenticationFilter)
             .logout()
             .logoutSuccessUrl("/");
-    }
 		
-    /**
-     * 로그인 인증정보를 받아 토큰을 발급할 수 있도록 필터를 등록해준다.
-     *
-     * @return
-     * @throws Exception
-     */
-    private AuthenticationFilter getAuthenticationFilter() throws Exception {
-        return new AuthenticationFilter(authenticationManager(), tokenProvider, userService);
-    }
-
-    /**
-     * 인증 관련 - 로그인 처리
-     * DB 에서 조회하여 일치하는지 체크한다.
-     *
-     * @param auth
-     * @throws Exception
-     */
-    @Override
-    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
-        // userService.loadUserByUsername 메소드
-        auth.userDetailsService(userService).passwordEncoder(bCryptPasswordEncoder);
+		return http.build();
 	}
 
 }