[MOD] jwt cors 수정

src/main/java/kr/re/etri/autoflow/common/WebConfiguration.java

@@ -12,20 +12,20 @@ public class WebConfiguration implements WebMvcConfigurer {
     @Override
     public void addCorsMappings(CorsRegistry registry) {
         registry.addMapping("/**")
-                .allowedOrigins("*")
+                .allowedOriginPatterns("*") // allowedOrigins 대신 사용
                 .allowedMethods(
                         HttpMethod.GET.name(),
                         HttpMethod.HEAD.name(),
                         HttpMethod.POST.name(),
                         HttpMethod.PUT.name(),
-                        HttpMethod.DELETE.name())
+                        HttpMethod.DELETE.name()
+                )
                 .allowedHeaders("cuuva-jwt", "Content-Type", "Authorization")
-                .exposedHeaders("cuuva-jwt") // 응답에서 노출 필요 시
+                .exposedHeaders("cuuva-jwt") // 응답 헤더 노출
                 .allowCredentials(true)
                 .maxAge(3600);
     }
 
-
     @Override
     public void addInterceptors(InterceptorRegistry registry) {
         registry.addInterceptor(new LoggingInterceptor())

src/main/java/kr/re/etri/autoflow/security/WebSecurityConfig.java

@@ -17,16 +17,11 @@ import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
-import org.springframework.web.cors.CorsConfiguration;
-import org.springframework.web.cors.CorsConfigurationSource;
-import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
 
 import kr.re.etri.autoflow.security.jwt.AuthEntryPointJwt;
 import kr.re.etri.autoflow.security.jwt.AuthTokenFilter;
 import kr.re.etri.autoflow.security.services.UserDetailsServiceImpl;
 
-import java.util.Arrays;
-
 @Configuration
 //@EnableWebSecurity
 @EnableMethodSecurity
@@ -88,50 +83,38 @@ public class WebSecurityConfig { // extends WebSecurityConfigurerAdapter {
 //    http.addFilterBefore(authenticationJwtTokenFilter(), UsernamePasswordAuthenticationFilter.class);
 //  }
 
-//  @Bean
-//  public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
-//    http.csrf(AbstractHttpConfigurer::disable)
-//        .exceptionHandling(exception -> exception.authenticationEntryPoint(unauthorizedHandler))
-//        .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
-//        .authorizeHttpRequests(auth ->
-//          auth.requestMatchers("/api/auth/**").permitAll()
-//                  .requestMatchers("/v3/api-docs/**", "/swagger-ui/**", "/swagger-ui.html").permitAll()
-//                  .requestMatchers("/api/test/**").permitAll()
-//              .anyRequest().authenticated()
-//        );
-//
-//    http.authenticationProvider(authenticationProvider());
-//
-//    http.addFilterBefore(authenticationJwtTokenFilter(), UsernamePasswordAuthenticationFilter.class);
-//
-//    return http.build();
-//  }
-
-    //임시 설정
   @Bean
   public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
-        http.cors(cors -> cors.configurationSource(corsConfigurationSource()))
+    http.csrf(AbstractHttpConfigurer::disable)
-                .csrf(AbstractHttpConfigurer::disable)
         .exceptionHandling(exception -> exception.authenticationEntryPoint(unauthorizedHandler))
         .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
         .authorizeHttpRequests(auth ->
-                        auth.anyRequest().permitAll() // 모든 요청 허용
+          auth.requestMatchers("/api/auth/**").permitAll()
+                  .requestMatchers("/v3/api-docs/**", "/swagger-ui/**", "/swagger-ui.html").permitAll()
+                  .requestMatchers("/api/test/**").permitAll()
+              .anyRequest().authenticated()
         );
 
     http.authenticationProvider(authenticationProvider());
+
     http.addFilterBefore(authenticationJwtTokenFilter(), UsernamePasswordAuthenticationFilter.class);
 
     return http.build();
   }
 
-    @Bean
+  // 임시 설정
-    CorsConfigurationSource corsConfigurationSource() {
+//  @Bean
-        CorsConfiguration configuration = new CorsConfiguration();
+//  public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
-        configuration.setAllowedOrigins(Arrays.asList("*"));
+//    http.csrf(AbstractHttpConfigurer::disable)
-        configuration.setAllowedMethods(Arrays.asList("*"));
+//            .exceptionHandling(exception -> exception.authenticationEntryPoint(unauthorizedHandler))
-        configuration.setAllowedHeaders(Arrays.asList("*"));
+//            .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
-        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
+//            .authorizeHttpRequests(auth ->
-        source.registerCorsConfiguration("/**", configuration);
+//                    auth.anyRequest().permitAll() // 모든 요청 허용
-        return source;
+//            );
-    }
+//
+//    http.authenticationProvider(authenticationProvider());
+//    http.addFilterBefore(authenticationJwtTokenFilter(), UsernamePasswordAuthenticationFilter.class);
+//
+//    return http.build();
+//  }
 }