Feature: (BRD-74) 스프링 시큐리티 필터체인 기본 설정

board-system-external/external-security/build.gradle.kts

@@ -1,6 +1,6 @@
 dependencies {
-    implementation(Dependencies.SPRING_BOOT_STARTER.fullName)
-    implementation(Dependencies.SPRING_SECURITY_CRYPTO.fullName)
+    implementation(Dependencies.SPRING_BOOT_SECURITY.fullName)
+    implementation(Dependencies.SPRING_BOOT_WEB.fullName)
     implementation(Dependencies.SPRING_SECURITY_JOSE.fullName)
     implementation(project(":board-system-domain:domain-core"))
     implementation(project(":board-system-domain:domain-member"))

board-system-external/external-security/src/main/kotlin/com/ttasjwi/board/system/core/config/FilterChainConfig.kt

@@ -0,0 +1,60 @@
+package com.ttasjwi.board.system.core.config
+
+import org.springframework.context.annotation.Bean
+import org.springframework.context.annotation.Configuration
+import org.springframework.core.annotation.Order
+import org.springframework.http.HttpMethod
+import org.springframework.security.config.annotation.web.builders.HttpSecurity
+import org.springframework.security.web.SecurityFilterChain
+import org.springframework.security.config.annotation.web.invoke
+import org.springframework.security.config.http.SessionCreationPolicy
+import org.springframework.security.web.savedrequest.NullRequestCache
+
+@Configuration
+class FilterChainConfig {
+
+    @Bean
+    @Order(0)
+    fun apiSecurityFilterChain(http: HttpSecurity): SecurityFilterChain {
+        http {
+            securityMatcher("/api/**")
+            authorizeHttpRequests {
+                authorize(HttpMethod.GET, "/api/v1/deploy/health-check", permitAll)
+
+                authorize(HttpMethod.GET, "/api/v1/members/email-available", permitAll)
+                authorize(HttpMethod.GET, "/api/v1/members/username-available", permitAll)
+                authorize(HttpMethod.GET, "/api/v1/members/nickname-available", permitAll)
+
+                authorize(HttpMethod.POST, "/api/v1/members/email-verification/start", permitAll)
+                authorize(HttpMethod.POST, "/api/v1/members/email-verification", permitAll)
+                authorize(HttpMethod.POST, "/api/v1/members", permitAll)
+
+                authorize(HttpMethod.POST, "/api/v1/auth/login", permitAll)
+
+                authorize(anyRequest, authenticated)
+            }
+
+            csrf { disable() }
+
+            sessionManagement {
+                sessionCreationPolicy = SessionCreationPolicy.STATELESS
+            }
+
+            requestCache {
+                requestCache = NullRequestCache()
+            }
+        }
+        return http.build()
+    }
+
+    @Bean
+    @Order(1)
+    fun staticResourceSecurityFilterChain(http: HttpSecurity): SecurityFilterChain {
+        http {
+            authorizeHttpRequests {
+                authorize(anyRequest, permitAll)
+            }
+        }
+        return http.build()
+    }
+}

buildSrc/src/main/kotlin/Dependencies.kt

@@ -15,9 +15,9 @@ enum class Dependencies(
     SPRING_BOOT_WEB(groupId = "org.springframework.boot", artifactId = "spring-boot-starter-web"),
     SPRING_BOOT_DATA_JPA(groupId = "org.springframework.boot", artifactId = "spring-boot-starter-data-jpa"),
     SPRING_BOOT_DATA_REDIS(groupId = "org.springframework.boot", artifactId = "spring-boot-starter-data-redis"),
+    SPRING_BOOT_SECURITY(groupId = "org.springframework.boot", artifactId = "spring-boot-starter-security"),
     SPRING_BOOT_MAIL(groupId = "org.springframework.boot", artifactId = "spring-boot-starter-mail"),
     SPRING_BOOT_TEST(groupId = "org.springframework.boot", artifactId = "spring-boot-starter-test"),
-    SPRING_SECURITY_CRYPTO(groupId = "org.springframework.security", artifactId = "spring-security-crypto"),
     SPRING_SECURITY_JOSE(groupId = "org.springframework.security", artifactId = "spring-security-oauth2-jose"),
 
     // jackson date time