Autoflow
/
autoflow-server-mgmt
23
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[ADD] CORS 설정 추가 및 RefreshToken ID 생성 전략 변경

Browse Source
main
bjkim 4 weeks ago
parent fe9e56b119
commit 05f7dc9016
3 changed files with 30 additions and 19 deletions
Show Stats Download Patch File Download Diff File

19
src/main/java/kr/re/etri/autoflow/common/WebConfiguration.java
Unescape View File

@ -1,7 +1,6 @@
package kr.re.etri.autoflow.common; package kr.re.etri.autoflow.common;
import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.web.servlet.config.annotation.CorsRegistry; import org.springframework.web.servlet.config.annotation.CorsRegistry;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry; import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer; import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
@ -10,19 +9,11 @@ import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
public class WebConfiguration implements WebMvcConfigurer { public class WebConfiguration implements WebMvcConfigurer {
@Override @Override
public void addCorsMappings(CorsRegistry registry) { public void addInterceptors(
registry.addMapping("/**") InterceptorRegistry registry) {
.allowedOriginPatterns("http://localhost:3000", "http://10.10.11.144", "http://cuuva.com:2481", "http://210.217.121.58:2481") // 허용할 Origin 지정
.allowedMethods("GET", "POST", "PUT", "DELETE", "OPTIONS")
.allowedHeaders("*") // 필요하면 "cuuva-jwt", "Content-Type", "Authorization" 명시 가능
.exposedHeaders("cuuva-jwt")
//.allowCredentials(true)
.maxAge(3600);
}
@Override registry.addInterceptor(
public void addInterceptors(InterceptorRegistry registry) { new LoggingInterceptor())
registry.addInterceptor(new LoggingInterceptor()) .addPathPatterns("/**");
.addPathPatterns("/**"); // Intercepts all requests
} }
} }

3
src/main/java/kr/re/etri/autoflow/models/RefreshToken.java
Unescape View File

@ -16,7 +16,8 @@ import org.hibernate.annotations.Comment;
public class RefreshToken { public class RefreshToken {
@Id @Id
@GeneratedValue(strategy = GenerationType.AUTO) @SequenceGenerator(name = "refreshtoken_seq", sequenceName = "tb_refreshtoken_seq", allocationSize = 1)
@GeneratedValue(strategy = GenerationType.SEQUENCE, generator = "refreshtoken_seq")
private long id; private long id;
@OneToOne @OneToOne

25
src/main/java/kr/re/etri/autoflow/security/WebSecurityConfig.java
Unescape View File

@ -17,6 +17,9 @@ import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.SecurityFilterChain; import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.CorsConfigurationSource;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
import kr.re.etri.autoflow.security.jwt.AuthEntryPointJwt; import kr.re.etri.autoflow.security.jwt.AuthEntryPointJwt;
import kr.re.etri.autoflow.security.jwt.AuthTokenFilter; import kr.re.etri.autoflow.security.jwt.AuthTokenFilter;
@ -103,15 +106,15 @@ public class WebSecurityConfig { // extends WebSecurityConfigurerAdapter {
// return http.build(); // return http.build();
// } // }
// 임시 설정
@Bean @Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http.csrf(AbstractHttpConfigurer::disable) http.csrf(AbstractHttpConfigurer::disable)
.cors(cors -> cors.configurationSource(corsConfigurationSource())) // CORS 설정 추가
.exceptionHandling(exception -> exception.authenticationEntryPoint(unauthorizedHandler)) .exceptionHandling(exception -> exception.authenticationEntryPoint(unauthorizedHandler))
.sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS)) .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
.authorizeHttpRequests(auth -> .authorizeHttpRequests(auth ->
auth.requestMatchers("/actuator/**").permitAll() // Actuator endpoints auth.requestMatchers("/actuator/**").permitAll()
.anyRequest().permitAll() // 모든 요청 허용 .anyRequest().permitAll()
); );
@ -120,4 +123,20 @@ public class WebSecurityConfig { // extends WebSecurityConfigurerAdapter {
return http.build(); return http.build();
} }
@Bean
public CorsConfigurationSource corsConfigurationSource() {
CorsConfiguration configuration = new CorsConfiguration();
configuration.setAllowCredentials(true);
configuration.addAllowedOrigin("http://localhost:3000");
configuration.addAllowedOrigin("http://10.10.11.144");
configuration.addAllowedOrigin("http://cuuva.com:2481");
configuration.addAllowedOrigin("http://210.217.121.58:2481");
configuration.addAllowedOrigin("http://172.28.248.98:30819");
configuration.addAllowedHeader("*");
configuration.addAllowedMethod("*");
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**", configuration);
return source;
}
} }

Write Preview
Loading…
Cancel
Save