From 8d83505ee76efee25cee4159d4b546942af79eac Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?dean=5B=EB=B0=B1=EB=B3=91=EB=82=A8=5D?= Date: Tue, 10 Mar 2026 15:00:31 +0900 Subject: [PATCH] =?UTF-8?q?=EC=9A=B4=EC=98=81=ED=99=98=EA=B2=BD=EC=B2=98?= =?UTF-8?q?=EB=A6=AC?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../cd/training/config/SecurityConfig.java | 114 +++++++++--------- 1 file changed, 56 insertions(+), 58 deletions(-) diff --git a/src/main/java/com/kamco/cd/training/config/SecurityConfig.java b/src/main/java/com/kamco/cd/training/config/SecurityConfig.java index 5b45732..7595608 100644 --- a/src/main/java/com/kamco/cd/training/config/SecurityConfig.java +++ b/src/main/java/com/kamco/cd/training/config/SecurityConfig.java @@ -26,80 +26,78 @@ import org.springframework.web.cors.UrlBasedCorsConfigurationSource; @EnableWebSecurity public class SecurityConfig { - @Value("${cors.allowed-origins}") - private List allowedOrigins; @Bean public SecurityFilterChain securityFilterChain( - org.springframework.security.config.annotation.web.builders.HttpSecurity http, - JwtAuthenticationFilter jwtAuthenticationFilter, - CustomAuthenticationProvider customAuthenticationProvider) - throws Exception { + org.springframework.security.config.annotation.web.builders.HttpSecurity http, + JwtAuthenticationFilter jwtAuthenticationFilter, + CustomAuthenticationProvider customAuthenticationProvider) + throws Exception { http.cors(cors -> cors.configurationSource(corsConfigurationSource())) - .csrf(csrf -> csrf.disable()) - .sessionManagement(sm -> sm.sessionCreationPolicy(SessionCreationPolicy.STATELESS)) - .formLogin(form -> form.disable()) + .csrf(csrf -> csrf.disable()) + .sessionManagement(sm -> sm.sessionCreationPolicy(SessionCreationPolicy.STATELESS)) + .formLogin(form -> form.disable()) - // /monitor 에서 Basic 인증을 쓰려면 disable 하면 안됨 - .httpBasic(basic -> {}) - .logout(logout -> logout.disable()) - .authenticationProvider(customAuthenticationProvider) - .authorizeHttpRequests( - auth -> - auth + // /monitor 에서 Basic 인증을 쓰려면 disable 하면 안됨 + .httpBasic(basic -> {}) + .logout(logout -> logout.disable()) + .authenticationProvider(customAuthenticationProvider) + .authorizeHttpRequests( + auth -> + auth - // monitor - .requestMatchers("/monitor/health", "/monitor/health/**") - .permitAll() - .requestMatchers("/monitor/**") - .authenticated() // Basic으로 인증되게끔 + // monitor + .requestMatchers("/monitor/health", "/monitor/health/**") + .permitAll() + .requestMatchers("/monitor/**") + .authenticated() // Basic으로 인증되게끔 - // mapsheet - .requestMatchers("/api/mapsheet/**") - .permitAll() - .requestMatchers(HttpMethod.POST, "/api/mapsheet/upload") - .permitAll() + // mapsheet + .requestMatchers("/api/mapsheet/**") + .permitAll() + .requestMatchers(HttpMethod.POST, "/api/mapsheet/upload") + .permitAll() - // test role - .requestMatchers("/api/test/admin") - .hasRole("ADMIN") - .requestMatchers("/api/test/label") - .hasAnyRole("ADMIN", "LABELER") - .requestMatchers("/api/test/review") - .hasAnyRole("ADMIN", "REVIEWER") + // test role + .requestMatchers("/api/test/admin") + .hasRole("ADMIN") + .requestMatchers("/api/test/label") + .hasAnyRole("ADMIN", "LABELER") + .requestMatchers("/api/test/review") + .hasAnyRole("ADMIN", "REVIEWER") - // common permit - .requestMatchers("/error") - .permitAll() - .requestMatchers(HttpMethod.OPTIONS, "/**") - .permitAll() - .requestMatchers( - "/api/auth/signin", - "/api/auth/refresh", - "/api/auth/logout", - "/swagger-ui/**", - "/v3/api-docs/**", - "/api/upload/chunk-upload-dataset", - "/api/upload/chunk-upload-complete", - "/download_progress_test.html", - "/api/models/download/**") - .permitAll() - .requestMatchers("/api/members/*/password") - .authenticated() - // default - .anyRequest() - .authenticated()) + // common permit + .requestMatchers("/error") + .permitAll() + .requestMatchers(HttpMethod.OPTIONS, "/**") + .permitAll() + .requestMatchers( + "/api/auth/signin", + "/api/auth/refresh", + "/api/auth/logout", + "/swagger-ui/**", + "/v3/api-docs/**", + "/api/upload/chunk-upload-dataset", + "/api/upload/chunk-upload-complete", + "/download_progress_test.html", + "/api/models/download/**") + .permitAll() + .requestMatchers("/api/members/*/password") + .authenticated() + // default + .anyRequest() + .authenticated()) - // JWT 필터는 앞단에 - .addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class); + // JWT 필터는 앞단에 + .addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class); return http.build(); } @Bean public AuthenticationManager authenticationManager(AuthenticationConfiguration configuration) - throws Exception { + throws Exception { return configuration.getAuthenticationManager(); } @@ -114,7 +112,7 @@ public class SecurityConfig { CorsConfiguration config = new CorsConfiguration(); // CORS 객체 생성 // application.yml에서 환경별로 설정된 도메인 사용 - config.setAllowedOriginPatterns(allowedOrigins); + config.setAllowedOriginPatterns(List.of("*")); // 도메인 허용 config.setAllowedMethods(List.of("GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS")); config.setAllowedHeaders(List.of("*")); // 헤더요청 Authorization, Content-Type, X-Custom-Header