parent
432155a8bc
commit
026da5fdcf
|
|
@ -1,6 +1,9 @@
|
|||
package com.goi.erp.config;
|
||||
|
||||
import lombok.RequiredArgsConstructor;
|
||||
|
||||
import java.util.Arrays;
|
||||
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
|
||||
|
|
@ -8,6 +11,10 @@ import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
|||
import org.springframework.security.config.http.SessionCreationPolicy;
|
||||
import org.springframework.security.web.SecurityFilterChain;
|
||||
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
|
||||
import org.springframework.web.cors.CorsConfiguration;
|
||||
import org.springframework.web.cors.CorsConfigurationSource;
|
||||
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
|
||||
import org.springframework.web.filter.CorsFilter;
|
||||
|
||||
@Configuration
|
||||
@EnableMethodSecurity // @PreAuthorize 등 사용 가능
|
||||
|
|
@ -19,24 +26,34 @@ public class SecurityConfig {
|
|||
@Bean
|
||||
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
|
||||
http
|
||||
// CSRF 비활성화 (API 서버라면 stateless)
|
||||
.csrf(csrf -> csrf.disable())
|
||||
|
||||
// 세션 사용 안함
|
||||
.sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
|
||||
|
||||
// 요청 권한 설정
|
||||
.csrf(csrf -> csrf.disable()) // CSRF 비활성화 (API 서버라면 stateless)
|
||||
.sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS)) // 세션 사용 안함
|
||||
.authorizeHttpRequests(auth -> auth
|
||||
.requestMatchers(
|
||||
"/swagger-ui/**",
|
||||
"/v3/api-docs/**"
|
||||
).permitAll() // 인증 없이 접근 허용
|
||||
.anyRequest().authenticated() // 나머지는 JWT 인증 필요
|
||||
)
|
||||
|
||||
// JWT 필터 등록
|
||||
.addFilterBefore(jwtAuthFilter, UsernamePasswordAuthenticationFilter.class);
|
||||
.requestMatchers("/swagger-ui/**", "/v3/api-docs/**").permitAll()
|
||||
.anyRequest().authenticated()
|
||||
) // 요청 권한 설정
|
||||
.addFilterBefore(new CorsFilter(corsConfigurationSource()), UsernamePasswordAuthenticationFilter.class) // JWT 필터 전에 CorsFilter 등록
|
||||
.addFilterBefore(jwtAuthFilter, UsernamePasswordAuthenticationFilter.class); // JWT 필터
|
||||
|
||||
return http.build();
|
||||
}
|
||||
|
||||
@Bean
|
||||
public CorsConfigurationSource corsConfigurationSource() {
|
||||
CorsConfiguration configuration = new CorsConfiguration();
|
||||
configuration.setAllowedOrigins(Arrays.asList(
|
||||
"http://192.168.2.172:8000",
|
||||
"http://localhost:8000",
|
||||
"http://127.0.0.1:8000",
|
||||
"https://homotypical-bowen-unlanguid.ngrok-free.dev"
|
||||
));
|
||||
configuration.setAllowedMethods(Arrays.asList("GET","POST","PUT","DELETE","OPTIONS"));
|
||||
configuration.setAllowedHeaders(Arrays.asList("Authorization","Content-Type"));
|
||||
configuration.setAllowCredentials(true);
|
||||
|
||||
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
|
||||
source.registerCorsConfiguration("/**", configuration);
|
||||
return source;
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -99,7 +99,7 @@ public class CustomerController {
|
|||
}
|
||||
|
||||
// UPDATE
|
||||
@PutMapping("/{uuid}")
|
||||
@PatchMapping("/{uuid}")
|
||||
public ResponseEntity<CustomerResponseDto> updateCustomer(
|
||||
@PathVariable UUID uuid,
|
||||
@RequestBody CustomerRequestDto requestDto) {
|
||||
|
|
@ -136,4 +136,44 @@ public class CustomerController {
|
|||
customerService.deleteCustomer(uuid);
|
||||
return ResponseEntity.noContent().build();
|
||||
}
|
||||
|
||||
// from MIS
|
||||
@GetMapping("/{cusNo}")
|
||||
public ResponseEntity<CustomerResponseDto> getCustomer(@PathVariable String cusNo) {
|
||||
// 권한 체크
|
||||
PermissionAuthenticationToken auth = (PermissionAuthenticationToken) SecurityContextHolder.getContext().getAuthentication();
|
||||
|
||||
if (auth == null || auth.getPermissionSet() == null) {
|
||||
throw new AccessDeniedException("Permission information is missing");
|
||||
}
|
||||
|
||||
PermissionSet permissionSet = auth.getPermissionSet();
|
||||
if (!PermissionChecker.canDeleteCRM(permissionSet)) {
|
||||
throw new AccessDeniedException("You do not have permission to read all CRM data");
|
||||
}
|
||||
|
||||
//
|
||||
CustomerResponseDto customer = customerService.getCustomerByNo(cusNo);
|
||||
return ResponseEntity.ok(customer);
|
||||
}
|
||||
|
||||
@PutMapping("/{cusNo}")
|
||||
public ResponseEntity<CustomerResponseDto> updateCustomer(@PathVariable String cusNo,
|
||||
@RequestBody CustomerRequestDto dto) {
|
||||
// 권한 체크
|
||||
PermissionAuthenticationToken auth = (PermissionAuthenticationToken) SecurityContextHolder.getContext().getAuthentication();
|
||||
|
||||
if (auth == null || auth.getPermissionSet() == null) {
|
||||
throw new AccessDeniedException("Permission information is missing");
|
||||
}
|
||||
|
||||
PermissionSet permissionSet = auth.getPermissionSet();
|
||||
if (!PermissionChecker.canDeleteCRM(permissionSet)) {
|
||||
throw new AccessDeniedException("You do not have permission to read all CRM data");
|
||||
}
|
||||
|
||||
//
|
||||
CustomerResponseDto updated = customerService.updateCustomerByNo(cusNo, dto);
|
||||
return ResponseEntity.ok(updated);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -31,4 +31,8 @@ public interface CustomerRepository extends JpaRepository<Customer, Long> {
|
|||
Page<CustomerResponseDto> findAllCustomerDtos(Pageable pageable);
|
||||
|
||||
Optional<Customer> findByCusUuid(UUID cusUuid);
|
||||
|
||||
// from MIS
|
||||
Optional<Customer> findByCusNo(String cusNo);
|
||||
boolean existsByCusNo(String cusNo);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -48,13 +48,12 @@ public class CustomerService {
|
|||
Customer customer = customerRepository.findByCusUuid(uuid)
|
||||
.orElseThrow(() -> new RuntimeException("Customer not found"));
|
||||
|
||||
customer.setCusName(dto.getCusName());
|
||||
customer.setCusNo(dto.getCusNo());
|
||||
customer.setCusStatus(dto.getCusStatus());
|
||||
customer.setCusAddress1(dto.getCusAddress1());
|
||||
customer.setCusAddress2(dto.getCusAddress2());
|
||||
customer.setCusCity(dto.getCusCity());
|
||||
customer.setCusProvince(dto.getCusProvince());
|
||||
if (dto.getCusName() != null) customer.setCusName(dto.getCusName());
|
||||
if (dto.getCusStatus() != null) customer.setCusStatus(dto.getCusStatus());
|
||||
if (dto.getCusAddress1() != null) customer.setCusAddress1(dto.getCusAddress1());
|
||||
if (dto.getCusAddress2() != null) customer.setCusAddress2(dto.getCusAddress2());
|
||||
if (dto.getCusCity() != null) customer.setCusCity(dto.getCusCity());
|
||||
if (dto.getCusProvince() != null) customer.setCusProvince(dto.getCusProvince());
|
||||
|
||||
customerRepository.save(customer);
|
||||
return mapToDto(customer);
|
||||
|
|
@ -74,4 +73,26 @@ public class CustomerService {
|
|||
.cusStatus(customer.getCusStatus())
|
||||
.build();
|
||||
}
|
||||
|
||||
// from MIS
|
||||
public CustomerResponseDto getCustomerByNo(String cusNo) {
|
||||
Customer customer = customerRepository.findByCusNo(cusNo)
|
||||
.orElseThrow(() -> new RuntimeException("Customer not found"));
|
||||
return mapToDto(customer);
|
||||
}
|
||||
|
||||
public CustomerResponseDto updateCustomerByNo(String cusNo, CustomerRequestDto dto) {
|
||||
Customer customer = customerRepository.findByCusNo(cusNo)
|
||||
.orElseThrow(() -> new RuntimeException("Customer not found"));
|
||||
|
||||
customer.setCusName(dto.getCusName());
|
||||
customer.setCusStatus(dto.getCusStatus());
|
||||
customer.setCusAddress1(dto.getCusAddress1());
|
||||
customer.setCusAddress2(dto.getCusAddress2());
|
||||
customer.setCusCity(dto.getCusCity());
|
||||
customer.setCusProvince(dto.getCusProvince());
|
||||
|
||||
customerRepository.save(customer);
|
||||
return mapToDto(customer);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue