[ADD] CORS 설정 추가 및 RefreshToken ID 생성 전략 변경

4 weeks ago · 05f7dc9016
parent fe9e56b119
commit 05f7dc9016
3 changed files with 30 additions and 19 deletions
--- a/src/main/java/kr/re/etri/autoflow/common/WebConfiguration.java
+++ b/src/main/java/kr/re/etri/autoflow/common/WebConfiguration.java
@ -1,7 +1,6 @@
 package kr.re.etri.autoflow.common;

 import org.springframework.context.annotation.Configuration;
-import org.springframework.http.HttpMethod;
 import org.springframework.web.servlet.config.annotation.CorsRegistry;
 import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
 import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
@ -10,19 +9,11 @@ import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
 public class WebConfiguration implements WebMvcConfigurer {

    @Override
-    public void addCorsMappings(CorsRegistry registry) {
-        registry.addMapping("/**")
-                .allowedOriginPatterns("http://localhost:3000", "http://10.10.11.144", "http://cuuva.com:2481", "http://210.217.121.58:2481") // 허용할 Origin 지정
-                .allowedMethods("GET", "POST", "PUT", "DELETE", "OPTIONS")
-                .allowedHeaders("*") // 필요하면 "cuuva-jwt", "Content-Type", "Authorization" 명시 가능
-                .exposedHeaders("cuuva-jwt")
-                //.allowCredentials(true)
-                .maxAge(3600);
-    }
+    public void addInterceptors(
+            InterceptorRegistry registry) {

-    @Override
-    public void addInterceptors(InterceptorRegistry registry) {
-        registry.addInterceptor(new LoggingInterceptor())
-                .addPathPatterns("/**");  // Intercepts all requests
+        registry.addInterceptor(
+                        new LoggingInterceptor())
+                .addPathPatterns("/**");
    }
-}
+}
--- a/src/main/java/kr/re/etri/autoflow/models/RefreshToken.java
+++ b/src/main/java/kr/re/etri/autoflow/models/RefreshToken.java
@ -16,7 +16,8 @@ import org.hibernate.annotations.Comment;
 public class RefreshToken {

  @Id
-  @GeneratedValue(strategy = GenerationType.AUTO)
+  @SequenceGenerator(name = "refreshtoken_seq", sequenceName = "tb_refreshtoken_seq", allocationSize = 1)
+  @GeneratedValue(strategy = GenerationType.SEQUENCE, generator = "refreshtoken_seq")
  private long id;

  @OneToOne
--- a/src/main/java/kr/re/etri/autoflow/security/WebSecurityConfig.java
+++ b/src/main/java/kr/re/etri/autoflow/security/WebSecurityConfig.java
@ -17,6 +17,9 @@ import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+import org.springframework.web.cors.CorsConfiguration;
+import org.springframework.web.cors.CorsConfigurationSource;
+import org.springframework.web.cors.UrlBasedCorsConfigurationSource;

 import kr.re.etri.autoflow.security.jwt.AuthEntryPointJwt;
 import kr.re.etri.autoflow.security.jwt.AuthTokenFilter;
@ -103,15 +106,15 @@ public class WebSecurityConfig { // extends WebSecurityConfigurerAdapter {
 //        return http.build();
 //    }

-  // 임시 설정
  @Bean
  public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
    http.csrf(AbstractHttpConfigurer::disable)
+            .cors(cors -> cors.configurationSource(corsConfigurationSource())) // CORS 설정 추가
            .exceptionHandling(exception -> exception.authenticationEntryPoint(unauthorizedHandler))
            .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
            .authorizeHttpRequests(auth ->
-                    auth.requestMatchers("/actuator/**").permitAll() // Actuator endpoints
-                            .anyRequest().permitAll() // 모든 요청 허용
+                    auth.requestMatchers("/actuator/**").permitAll()
+                            .anyRequest().permitAll()
            );


@ -120,4 +123,20 @@ public class WebSecurityConfig { // extends WebSecurityConfigurerAdapter {

    return http.build();
  }
+
+  @Bean
+  public CorsConfigurationSource corsConfigurationSource() {
+    CorsConfiguration configuration = new CorsConfiguration();
+    configuration.setAllowCredentials(true);
+    configuration.addAllowedOrigin("http://localhost:3000");
+    configuration.addAllowedOrigin("http://10.10.11.144");
+    configuration.addAllowedOrigin("http://cuuva.com:2481");
+    configuration.addAllowedOrigin("http://210.217.121.58:2481");
+    configuration.addAllowedOrigin("http://172.28.248.98:30819");
+    configuration.addAllowedHeader("*");
+    configuration.addAllowedMethod("*");
+    UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
+    source.registerCorsConfiguration("/**", configuration);
+    return source;
+  }
 }