MVPTeam/test
6
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

cors 설정 추가

Browse Source
This commit is contained in:
teddy
2025-12-10 14:10:19 +09:00
parent c9094f04c2
commit 3ac008883b
1 changed files with 30 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

55
src/main/java/com/kamco/cd/kamcoback/config/SecurityConfig.java
View File

@@ -6,6 +6,7 @@ import java.util.List;
import lombok.RequiredArgsConstructor; import lombok.RequiredArgsConstructor;
import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration; import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity;
@@ -28,30 +29,34 @@ public class SecurityConfig {
@Bean @Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
http.csrf(csrf -> csrf.disable()) // CSRF 보안 기능 비활성화 http
.sessionManagement( .cors(cors -> cors.configurationSource(corsConfigurationSource()))
sm -> .csrf(csrf -> csrf.disable()) // CSRF 보안 기능 비활성화
sm.sessionCreationPolicy( .sessionManagement(
SessionCreationPolicy.STATELESS)) // 서버 세션 만들지 않음, 요청은 JWT 인증 sm ->
.formLogin(form -> form.disable()) // react에서 로그인 요청 관리 sm.sessionCreationPolicy(
.httpBasic(basic -> basic.disable()) // 기본 basic 인증 비활성화 JWT 인증사용 SessionCreationPolicy.STATELESS)) // 서버 세션 만들지 않음, 요청은 JWT 인증
.logout(logout -> logout.disable()) // 기본 로그아웃 비활성화 JWT는 서버 상태가 없으므로 로그아웃 처리 필요 없음 .formLogin(form -> form.disable()) // react에서 로그인 요청 관리
.authenticationProvider( .httpBasic(basic -> basic.disable()) // 기본 basic 인증 비활성화 JWT 인증사용
customAuthenticationProvider) // 로그인 패스워드 비교방식 스프링 기본 Provider 사용안함 커스텀 사용 .logout(logout -> logout.disable()) // 기본 로그아웃 비활성화 JWT는 서버 상태가 없으므로 로그아웃 처리 필요 없음
.authorizeHttpRequests( .authenticationProvider(
auth -> customAuthenticationProvider) // 로그인 패스워드 비교방식 스프링 기본 Provider 사용안함 커스텀 사용
auth.requestMatchers( .authorizeHttpRequests(
"/api/auth/signin", auth ->
"/api/auth/refresh", auth
"/swagger-ui/**", .requestMatchers(HttpMethod.OPTIONS, "/**").permitAll() // preflight 허용
"/v3/api-docs/**") .requestMatchers(
.permitAll() "/api/auth/signin",
.anyRequest() "/api/auth/refresh",
.authenticated()) "/swagger-ui/**",
.addFilterBefore( "/v3/api-docs/**")
jwtAuthenticationFilter, .permitAll()
UsernamePasswordAuthenticationFilter .anyRequest()
.class) // 요청 들어오면 먼저 JWT 토큰 검사 후 security context 에 사용자 정보 저장. .authenticated())
.addFilterBefore(
jwtAuthenticationFilter,
UsernamePasswordAuthenticationFilter
.class) // 요청 들어오면 먼저 JWT 토큰 검사 후 security context 에 사용자 정보 저장.
; ;
return http.build(); return http.build();
@@ -59,7 +64,7 @@ public class SecurityConfig {
@Bean @Bean
public AuthenticationManager authenticationManager(AuthenticationConfiguration configuration) public AuthenticationManager authenticationManager(AuthenticationConfiguration configuration)
throws Exception { throws Exception {
return configuration.getAuthenticationManager(); return configuration.getAuthenticationManager();
} }