토큰 response 수정

2025-12-10 15:53:25 +09:00
parent 0fb715c3ed
commit 9fbefda9d5
1 changed files with 17 additions and 16 deletions
--- a/src/main/java/com/kamco/cd/kamcoback/config/SecurityConfig.java
+++ b/src/main/java/com/kamco/cd/kamcoback/config/SecurityConfig.java
@@ -6,12 +6,14 @@ import java.util.List;
 import lombok.RequiredArgsConstructor;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.http.HttpMethod;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
 import org.springframework.web.cors.CorsConfiguration;
 import org.springframework.web.cors.CorsConfigurationSource;
 import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
@@ -39,22 +41,21 @@ public class SecurityConfig {
        .authenticationProvider(
            customAuthenticationProvider) // 로그인 패스워드 비교방식 스프링 기본 Provider 사용안함 커스텀 사용
        .authorizeHttpRequests(
-            auth -> auth.anyRequest().permitAll()
-            //            .requestMatchers(HttpMethod.OPTIONS, "/**")
-            //            .permitAll() // preflight 허용
-            //            .requestMatchers(
-            //              "/api/auth/signin",
-            //              "/api/auth/refresh",
-            //              "/swagger-ui/**",
-            //              "/v3/api-docs/**")
-            //            .permitAll()
-            //            .anyRequest()
-            //            .authenticated()
-            )
-    //      .addFilterBefore(
-    //        jwtAuthenticationFilter,
-    //        UsernamePasswordAuthenticationFilter
-    //          .class) // 요청 들어오면 먼저 JWT 토큰 검사 후 security context 에 사용자 정보 저장.
+            auth ->
+                auth.requestMatchers(HttpMethod.OPTIONS, "/**")
+                    .permitAll() // preflight 허용
+                    .requestMatchers(
+                        "/api/auth/signin",
+                        "/api/auth/refresh",
+                        "/swagger-ui/**",
+                        "/v3/api-docs/**")
+                    .permitAll()
+                    .anyRequest()
+                    .authenticated())
+        .addFilterBefore(
+            jwtAuthenticationFilter,
+            UsernamePasswordAuthenticationFilter
+                .class) // 요청 들어오면 먼저 JWT 토큰 검사 후 security context 에 사용자 정보 저장.
    ;

    return http.build();