From 05f7dc901655cfc589f504594d5769b8f3e224f6 Mon Sep 17 00:00:00 2001
From: bjkim <bjkim@cuuva.com>
Date: Tue, 19 May 2026 15:34:02 +0900
Subject: [PATCH] =?UTF-8?q?[ADD]=20CORS=20=EC=84=A4=EC=A0=95=20=EC=B6=94?=
 =?UTF-8?q?=EA=B0=80=20=EB=B0=8F=20RefreshToken=20ID=20=EC=83=9D=EC=84=B1?=
 =?UTF-8?q?=20=EC=A0=84=EB=9E=B5=20=EB=B3=80=EA=B2=BD?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../autoflow/common/WebConfiguration.java     | 21 +++++-----------
 .../re/etri/autoflow/models/RefreshToken.java |  3 ++-
 .../autoflow/security/WebSecurityConfig.java  | 25 ++++++++++++++++---
 3 files changed, 30 insertions(+), 19 deletions(-)

diff --git a/src/main/java/kr/re/etri/autoflow/common/WebConfiguration.java b/src/main/java/kr/re/etri/autoflow/common/WebConfiguration.java
index 6490c2d..ec784b1 100644
--- a/src/main/java/kr/re/etri/autoflow/common/WebConfiguration.java
+++ b/src/main/java/kr/re/etri/autoflow/common/WebConfiguration.java
@@ -1,7 +1,6 @@
 package kr.re.etri.autoflow.common;
 
 import org.springframework.context.annotation.Configuration;
-import org.springframework.http.HttpMethod;
 import org.springframework.web.servlet.config.annotation.CorsRegistry;
 import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
 import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
@@ -10,19 +9,11 @@ import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
 public class WebConfiguration implements WebMvcConfigurer {
 
     @Override
-    public void addCorsMappings(CorsRegistry registry) {
-        registry.addMapping("/**")
-                .allowedOriginPatterns("http://localhost:3000", "http://10.10.11.144", "http://cuuva.com:2481", "http://210.217.121.58:2481") // 허용할 Origin 지정
-                .allowedMethods("GET", "POST", "PUT", "DELETE", "OPTIONS")
-                .allowedHeaders("*") // 필요하면 "cuuva-jwt", "Content-Type", "Authorization" 명시 가능
-                .exposedHeaders("cuuva-jwt")
-                //.allowCredentials(true)
-                .maxAge(3600);
-    }
+    public void addInterceptors(
+            InterceptorRegistry registry) {
 
-    @Override
-    public void addInterceptors(InterceptorRegistry registry) {
-        registry.addInterceptor(new LoggingInterceptor())
-                .addPathPatterns("/**");  // Intercepts all requests
+        registry.addInterceptor(
+                        new LoggingInterceptor())
+                .addPathPatterns("/**");
     }
-}
+}
\ No newline at end of file
diff --git a/src/main/java/kr/re/etri/autoflow/models/RefreshToken.java b/src/main/java/kr/re/etri/autoflow/models/RefreshToken.java
index 68e237f..a78137d 100644
--- a/src/main/java/kr/re/etri/autoflow/models/RefreshToken.java
+++ b/src/main/java/kr/re/etri/autoflow/models/RefreshToken.java
@@ -16,7 +16,8 @@ import org.hibernate.annotations.Comment;
 public class RefreshToken {
 
   @Id
-  @GeneratedValue(strategy = GenerationType.AUTO)
+  @SequenceGenerator(name = "refreshtoken_seq", sequenceName = "tb_refreshtoken_seq", allocationSize = 1)
+  @GeneratedValue(strategy = GenerationType.SEQUENCE, generator = "refreshtoken_seq")
   private long id;
 
   @OneToOne
diff --git a/src/main/java/kr/re/etri/autoflow/security/WebSecurityConfig.java b/src/main/java/kr/re/etri/autoflow/security/WebSecurityConfig.java
index 29492f6..495e7e2 100644
--- a/src/main/java/kr/re/etri/autoflow/security/WebSecurityConfig.java
+++ b/src/main/java/kr/re/etri/autoflow/security/WebSecurityConfig.java
@@ -17,6 +17,9 @@ import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+import org.springframework.web.cors.CorsConfiguration;
+import org.springframework.web.cors.CorsConfigurationSource;
+import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
 
 import kr.re.etri.autoflow.security.jwt.AuthEntryPointJwt;
 import kr.re.etri.autoflow.security.jwt.AuthTokenFilter;
@@ -103,15 +106,15 @@ public class WebSecurityConfig { // extends WebSecurityConfigurerAdapter {
 //        return http.build();
 //    }
 
-  // 임시 설정
   @Bean
   public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
     http.csrf(AbstractHttpConfigurer::disable)
+            .cors(cors -> cors.configurationSource(corsConfigurationSource())) // CORS 설정 추가
             .exceptionHandling(exception -> exception.authenticationEntryPoint(unauthorizedHandler))
             .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
             .authorizeHttpRequests(auth ->
-                    auth.requestMatchers("/actuator/**").permitAll() // Actuator endpoints
-                            .anyRequest().permitAll() // 모든 요청 허용
+                    auth.requestMatchers("/actuator/**").permitAll()
+                            .anyRequest().permitAll()
             );
 
 
@@ -120,4 +123,20 @@ public class WebSecurityConfig { // extends WebSecurityConfigurerAdapter {
 
     return http.build();
   }
+
+  @Bean
+  public CorsConfigurationSource corsConfigurationSource() {
+    CorsConfiguration configuration = new CorsConfiguration();
+    configuration.setAllowCredentials(true);
+    configuration.addAllowedOrigin("http://localhost:3000");
+    configuration.addAllowedOrigin("http://10.10.11.144");
+    configuration.addAllowedOrigin("http://cuuva.com:2481");
+    configuration.addAllowedOrigin("http://210.217.121.58:2481");
+    configuration.addAllowedOrigin("http://172.28.248.98:30819");
+    configuration.addAllowedHeader("*");
+    configuration.addAllowedMethod("*");
+    UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
+    source.registerCorsConfiguration("/**", configuration);
+    return source;
+  }
 }