@Bean

public SecurityFilterChain filterChain(HttpSecurity http) throws Exception{

http

.csrf(AbstractHttpConfigurer::disable)

.authorizeHttpRequests(authorizeRequests ->

authorizeRequests

.requestMatchers("/user/**").authenticated()

.requestMatchers("/manager/**").hasAnyRole("ADMIN", "MANAGER") // 자동으로 ROLE_이 붙는다

.requestMatchers("/admin/**").hasRole("ADMIN")

.anyRequest().permitAll()

)

.formLogin(formLogin ->

formLogin

// .usernameParameter("username")

// .passwordParameter("password")

.loginPage("/loginForm")

.usernameParameter("username")

// .failureUrl("/authentication/login?failed")

.loginProcessingUrl("/login") // /login이라는 주소가 호출이 되며 시큐리티가 대신 진행.

.defaultSuccessUrl("/")