Skip to content

Commit

Permalink
πŸš‘ [HOTFIX] CORS μ—λŸ¬λ‘œ 인해 κΆŒν•œ μˆ˜μ •5
Browse files Browse the repository at this point in the history
  • Loading branch information
kchaeeun committed Aug 19, 2024
1 parent e7384f5 commit 173aa84
Showing 1 changed file with 34 additions and 14 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -13,35 +13,55 @@
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.CorsConfigurationSource;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;

import java.util.Arrays;
import java.util.List;

import static org.springframework.security.config.Customizer.withDefaults;

@Configuration
@EnableWebSecurity
@RequiredArgsConstructor
public class SecurityConfig {

private final OAuth2AuthenticationSuccessHandler oAuth2AuthenticationSuccessHandler;
private final OAuth2AuthenticationFailureHandler OAuth2AuthenticationFailureHandler;
private final OAuth2AuthenticationFailureHandler oAuth2AuthenticationFailureHandler;
private final OAuthLoginService oAuthLoginService;
private final JwtService jwtService;

@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http
.httpBasic(AbstractHttpConfigurer::disable) // http form login λΉ„ν™œμ„±ν™”
.csrf(AbstractHttpConfigurer::disable) // csrf ν•„ν„° λΉ„ν™œμ„±ν™” -> cookies μ‚¬μš©ν•˜μ§€ μ•ŠμœΌλ―€λ‘œ μœ„ν—˜ μ—†μŒ
.cors(AbstractHttpConfigurer::disable)
.formLogin(AbstractHttpConfigurer::disable) // basic login λΉ„ν™œμ„±ν™”
.sessionManagement(sessionManagement -> sessionManagement.sessionCreationPolicy(SessionCreationPolicy.STATELESS)) // session μ‚¬μš© X
.httpBasic(AbstractHttpConfigurer::disable)
.csrf(AbstractHttpConfigurer::disable)
.cors(cors -> cors.configurationSource(corsConfigurationSource()))
.formLogin(AbstractHttpConfigurer::disable)
.sessionManagement(sessionManagement -> sessionManagement.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
.addFilterBefore(new JwtAuthenticationFilter(jwtService), UsernamePasswordAuthenticationFilter.class)
.oauth2Login(configure ->
configure
.userInfoEndpoint(userInfoEndpointConfig -> userInfoEndpointConfig
.userService(oAuthLoginService))
.authorizationEndpoint(authorizationEndpointConfig -> authorizationEndpointConfig // auth 둜그인 νŽ˜μ΄μ§€ return
.baseUri("/oauth/authorize"))
.successHandler(oAuth2AuthenticationSuccessHandler)
.failureHandler(OAuth2AuthenticationFailureHandler)
.oauth2Login(configure -> configure
.userInfoEndpoint(userInfoEndpointConfig -> userInfoEndpointConfig.userService(oAuthLoginService))
.authorizationEndpoint(authorizationEndpointConfig -> authorizationEndpointConfig.baseUri("/oauth/authorize"))
.successHandler(oAuth2AuthenticationSuccessHandler)
.failureHandler(oAuth2AuthenticationFailureHandler)
);

return http.build();
}

@Bean
public CorsConfigurationSource corsConfigurationSource() {
CorsConfiguration config = new CorsConfiguration();
config.setAllowCredentials(true);
config.setAllowedOrigins(List.of("http://localhost:3000")); // 배포 ν™˜κ²½μ— 맞게 도메인 μˆ˜μ • ν•„μš”
config.setAllowedMethods(Arrays.asList("HEAD", "POST", "GET", "DELETE", "PUT", "PATCH"));
config.setAllowedHeaders(List.of("*"));

UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**", config);
return source;
}
}

0 comments on commit 173aa84

Please sign in to comment.