[MOD] jwt cors 수정

10 months ago · 667a4c5f57
parent f8e2ca913f
commit 667a4c5f57
2 changed files with 52 additions and 69 deletions
--- a/src/main/java/kr/re/etri/autoflow/common/WebConfiguration.java
+++ b/src/main/java/kr/re/etri/autoflow/common/WebConfiguration.java
@ -12,20 +12,20 @@ public class WebConfiguration implements WebMvcConfigurer {
    @Override
    public void addCorsMappings(CorsRegistry registry) {
        registry.addMapping("/**")
-                .allowedOrigins("*")
+                .allowedOriginPatterns("*") // allowedOrigins 대신 사용
                .allowedMethods(
                        HttpMethod.GET.name(),
                        HttpMethod.HEAD.name(),
                        HttpMethod.POST.name(),
                        HttpMethod.PUT.name(),
-                        HttpMethod.DELETE.name())
+                        HttpMethod.DELETE.name()
+                )
                .allowedHeaders("cuuva-jwt", "Content-Type", "Authorization")
-                .exposedHeaders("cuuva-jwt") // 응답에서 노출 필요 시
+                .exposedHeaders("cuuva-jwt") // 응답 헤더 노출
                .allowCredentials(true)
                .maxAge(3600);
    }

-
    @Override
    public void addInterceptors(InterceptorRegistry registry) {
        registry.addInterceptor(new LoggingInterceptor())
--- a/src/main/java/kr/re/etri/autoflow/security/WebSecurityConfig.java
+++ b/src/main/java/kr/re/etri/autoflow/security/WebSecurityConfig.java
@ -17,16 +17,11 @@ import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
-import org.springframework.web.cors.CorsConfiguration;
-import org.springframework.web.cors.CorsConfigurationSource;
-import org.springframework.web.cors.UrlBasedCorsConfigurationSource;

 import kr.re.etri.autoflow.security.jwt.AuthEntryPointJwt;
 import kr.re.etri.autoflow.security.jwt.AuthTokenFilter;
 import kr.re.etri.autoflow.security.services.UserDetailsServiceImpl;

-import java.util.Arrays;
-
@Configuration
 //@EnableWebSecurity
@EnableMethodSecurity
@ -88,50 +83,38 @@ public class WebSecurityConfig { // extends WebSecurityConfigurerAdapter {
 //    http.addFilterBefore(authenticationJwtTokenFilter(), UsernamePasswordAuthenticationFilter.class);
 //  }

-//  @Bean
-//  public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
-//    http.csrf(AbstractHttpConfigurer::disable)
-//        .exceptionHandling(exception -> exception.authenticationEntryPoint(unauthorizedHandler))
-//        .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
-//        .authorizeHttpRequests(auth ->
-//          auth.requestMatchers("/api/auth/**").permitAll()
-//                  .requestMatchers("/v3/api-docs/**", "/swagger-ui/**", "/swagger-ui.html").permitAll()
-//                  .requestMatchers("/api/test/**").permitAll()
-//              .anyRequest().authenticated()
-//        );
-//
-//    http.authenticationProvider(authenticationProvider());
-//
-//    http.addFilterBefore(authenticationJwtTokenFilter(), UsernamePasswordAuthenticationFilter.class);
-//
-//    return http.build();
-//  }
-
-    //임시 설정
  @Bean
  public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
-        http.cors(cors -> cors.configurationSource(corsConfigurationSource()))
-                .csrf(AbstractHttpConfigurer::disable)
+    http.csrf(AbstractHttpConfigurer::disable)
        .exceptionHandling(exception -> exception.authenticationEntryPoint(unauthorizedHandler))
        .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
        .authorizeHttpRequests(auth ->
-                        auth.anyRequest().permitAll() // 모든 요청 허용
+          auth.requestMatchers("/api/auth/**").permitAll()
+                  .requestMatchers("/v3/api-docs/**", "/swagger-ui/**", "/swagger-ui.html").permitAll()
+                  .requestMatchers("/api/test/**").permitAll()
+              .anyRequest().authenticated()
        );

    http.authenticationProvider(authenticationProvider());
+
    http.addFilterBefore(authenticationJwtTokenFilter(), UsernamePasswordAuthenticationFilter.class);

    return http.build();
  }

-    @Bean
-    CorsConfigurationSource corsConfigurationSource() {
-        CorsConfiguration configuration = new CorsConfiguration();
-        configuration.setAllowedOrigins(Arrays.asList("*"));
-        configuration.setAllowedMethods(Arrays.asList("*"));
-        configuration.setAllowedHeaders(Arrays.asList("*"));
-        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
-        source.registerCorsConfiguration("/**", configuration);
-        return source;
-    }
+  // 임시 설정
+//  @Bean
+//  public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
+//    http.csrf(AbstractHttpConfigurer::disable)
+//            .exceptionHandling(exception -> exception.authenticationEntryPoint(unauthorizedHandler))
+//            .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
+//            .authorizeHttpRequests(auth ->
+//                    auth.anyRequest().permitAll() // 모든 요청 허용
+//            );
+//
+//    http.authenticationProvider(authenticationProvider());
+//    http.addFilterBefore(authenticationJwtTokenFilter(), UsernamePasswordAuthenticationFilter.class);
+//
+//    return http.build();
+//  }
 }