From 173aa84f1a87452cadca13978c8c27a7cc218b54 Mon Sep 17 00:00:00 2001 From: kchaeeun Date: Tue, 20 Aug 2024 02:45:14 +0900 Subject: [PATCH] =?UTF-8?q?=20=F0=9F=9A=91=20[HOTFIX]=20CORS=20=EC=97=90?= =?UTF-8?q?=EB=9F=AC=EB=A1=9C=20=EC=9D=B8=ED=95=B4=20=EA=B6=8C=ED=95=9C=20?= =?UTF-8?q?=EC=88=98=EC=A0=955?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../global/config/SecurityConfig.java | 48 +++++++++++++------ 1 file changed, 34 insertions(+), 14 deletions(-) diff --git a/majorLink/src/main/java/com/example/majorLink/global/config/SecurityConfig.java b/majorLink/src/main/java/com/example/majorLink/global/config/SecurityConfig.java index c77221a..026060b 100644 --- a/majorLink/src/main/java/com/example/majorLink/global/config/SecurityConfig.java +++ b/majorLink/src/main/java/com/example/majorLink/global/config/SecurityConfig.java @@ -13,35 +13,55 @@ import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer; import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; +import org.springframework.web.cors.CorsConfiguration; +import org.springframework.web.cors.CorsConfigurationSource; +import org.springframework.web.cors.UrlBasedCorsConfigurationSource; + +import java.util.Arrays; +import java.util.List; + +import static org.springframework.security.config.Customizer.withDefaults; @Configuration @EnableWebSecurity @RequiredArgsConstructor public class SecurityConfig { + private final OAuth2AuthenticationSuccessHandler oAuth2AuthenticationSuccessHandler; - private final OAuth2AuthenticationFailureHandler OAuth2AuthenticationFailureHandler; + private final OAuth2AuthenticationFailureHandler oAuth2AuthenticationFailureHandler; private final OAuthLoginService oAuthLoginService; private final JwtService jwtService; @Bean public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { http - .httpBasic(AbstractHttpConfigurer::disable) // http form login 비활성화 - .csrf(AbstractHttpConfigurer::disable) // csrf 필터 비활성화 -> cookies 사용하지 않으므로 위험 없음 - .cors(AbstractHttpConfigurer::disable) - .formLogin(AbstractHttpConfigurer::disable) // basic login 비활성화 - .sessionManagement(sessionManagement -> sessionManagement.sessionCreationPolicy(SessionCreationPolicy.STATELESS)) // session 사용 X + .httpBasic(AbstractHttpConfigurer::disable) + .csrf(AbstractHttpConfigurer::disable) + .cors(cors -> cors.configurationSource(corsConfigurationSource())) + .formLogin(AbstractHttpConfigurer::disable) + .sessionManagement(sessionManagement -> sessionManagement.sessionCreationPolicy(SessionCreationPolicy.STATELESS)) .addFilterBefore(new JwtAuthenticationFilter(jwtService), UsernamePasswordAuthenticationFilter.class) - .oauth2Login(configure -> - configure - .userInfoEndpoint(userInfoEndpointConfig -> userInfoEndpointConfig - .userService(oAuthLoginService)) - .authorizationEndpoint(authorizationEndpointConfig -> authorizationEndpointConfig // auth 로그인 페이지 return - .baseUri("/oauth/authorize")) - .successHandler(oAuth2AuthenticationSuccessHandler) - .failureHandler(OAuth2AuthenticationFailureHandler) + .oauth2Login(configure -> configure + .userInfoEndpoint(userInfoEndpointConfig -> userInfoEndpointConfig.userService(oAuthLoginService)) + .authorizationEndpoint(authorizationEndpointConfig -> authorizationEndpointConfig.baseUri("/oauth/authorize")) + .successHandler(oAuth2AuthenticationSuccessHandler) + .failureHandler(oAuth2AuthenticationFailureHandler) ); return http.build(); } + + @Bean + public CorsConfigurationSource corsConfigurationSource() { + CorsConfiguration config = new CorsConfiguration(); + config.setAllowCredentials(true); + config.setAllowedOrigins(List.of("http://localhost:3000")); // 배포 환경에 맞게 도메인 수정 필요 + config.setAllowedMethods(Arrays.asList("HEAD", "POST", "GET", "DELETE", "PUT", "PATCH")); + config.setAllowedHeaders(List.of("*")); + + UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); + source.registerCorsConfiguration("/**", config); + return source; + } } +