Merge branch 'main' of https://demo.stam.kr/leejisun9/bio_backend

2025-09-17 08:39:30 +09:00
parent 4be71e53ec 2b01629d12
commit e62d7a3f1c
2 changed files with 45 additions and 4 deletions
--- a/src/main/java/com/bio/bio_backend/global/config/CorsConfig.java
+++ b/src/main/java/com/bio/bio_backend/global/config/CorsConfig.java
@@ -1,24 +1,55 @@
 package com.bio.bio_backend.global.config;

+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.web.cors.CorsConfiguration;
 import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
 import org.springframework.web.filter.CorsFilter;

+import java.util.Arrays;
+import java.util.List;
+
@Configuration
 public class CorsConfig {
+    
+    @Value("${cors.allowed-origins:http://localhost:3000,http://localhost:8080}")
+    private String allowedOrigins;
+    
    @Bean
    public CorsFilter corsFilter() {
        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
        CorsConfiguration config = new CorsConfiguration();
-        config.addAllowedOriginPattern("*");
-        config.addAllowedHeader("*");
-        config.addAllowedMethod("*");
+        
+        // 허용할 Origin 설정
+        List<String> origins = Arrays.asList(allowedOrigins.split(","));
+        config.setAllowedOrigins(origins);
+        
+        // 허용할 헤더 설정
+        config.setAllowedHeaders(Arrays.asList(
+            "Authorization",
+            "Content-Type",
+            "X-Requested-With",
+            "Accept",
+            "Origin",
+            "Access-Control-Request-Method",
+            "Access-Control-Request-Headers"
+        ));
+        
+        // 허용할 HTTP 메서드 설정
+        config.setAllowedMethods(Arrays.asList(
+            "GET", "POST", "PUT", "DELETE", "OPTIONS", "PATCH"
+        ));
+        
+        // 인증 정보 포함 허용 (JWT 토큰 등)
        config.setAllowCredentials(true);
+        
+        // Preflight 요청 캐시 시간 (초)
+        config.setMaxAge(3600L);
+        
+        // 모든 경로에 적용
        source.registerCorsConfiguration("/**", config);

        return new CorsFilter(source);
-
    }
 }
--- a/src/main/java/com/bio/bio_backend/global/security/WebSecurity.java
+++ b/src/main/java/com/bio/bio_backend/global/security/WebSecurity.java
@@ -2,6 +2,7 @@ package com.bio.bio_backend.global.security;

 import com.bio.bio_backend.global.filter.JwtTokenIssuanceFilter;
 import com.bio.bio_backend.global.filter.JwtTokenValidationFilter;
+import com.bio.bio_backend.global.config.CorsConfig;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.core.annotation.Order;
@@ -15,6 +16,7 @@ import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+import org.springframework.web.filter.CorsFilter;

 import com.fasterxml.jackson.databind.ObjectMapper;

@@ -37,6 +39,12 @@ public class WebSecurity {
    private final ObjectMapper objectMapper;
    private final HttpUtils httpUtils;
    private final MemberMapper memberMapper;
+    private final CorsConfig corsConfig; // CorsConfig 주입
+
+    // CORS 필터 빈 가져오기
+    private CorsFilter getCorsFilter() {
+        return corsConfig.corsFilter();
+    }

    private JwtTokenIssuanceFilter getJwtTokenIssuanceFilter(AuthenticationManager authenticationManager) {
        JwtTokenIssuanceFilter filter = new JwtTokenIssuanceFilter(authenticationManager, jwtUtils, objectMapper, memberService, httpUtils, memberMapper);
@@ -86,6 +94,7 @@ public class WebSecurity {
            .sessionManagement(session -> 
                session.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
            );
+            //.addFilterBefore(getCorsFilter(), UsernamePasswordAuthenticationFilter.class);    // cors를 nginx 통해 처리 중
        return http.build();
    }

@@ -117,6 +126,7 @@ public class WebSecurity {
                session.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
            )
            .logout(AbstractHttpConfigurer::disable)
+            //.addFilterBefore(getCorsFilter(), UsernamePasswordAuthenticationFilter.class)     // cors를 nginx 통해 처리 중
            .addFilterBefore(getJwtTokenIssuanceFilter(authenticationManager), UsernamePasswordAuthenticationFilter.class)  // 토큰 발급
            .addFilterBefore(getJwtTokenValidationFilter(), UsernamePasswordAuthenticationFilter.class);  // 토큰 검증