Merge pull request #98 from CSID-DGU/37-feat-BE-login

37 feat be login
CSID-DGU · Dec 4, 2024 · 6906700 · 6906700
2 parents b230232 + 88ca7d3
commit 6906700
Showing 1 changed file with 12 additions and 13 deletions.
diff --git a/server/src/main/java/com/capstone/server/config/SecurityConfig.java b/server/src/main/java/com/capstone/server/config/SecurityConfig.java
@@ -10,6 +10,7 @@
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
 import org.springframework.web.cors.CorsConfiguration;
+import org.springframework.web.cors.CorsConfigurationSource;
 import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
 
 import java.util.List;
@@ -27,34 +28,32 @@ public SecurityConfig(JwtAuthenticationFilter jwtAuthenticationFilter) {
     public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
         http
                 .csrf(csrf -> csrf.disable()) // CSRF 비활성화
-                .cors(cors -> cors.configurationSource(corsConfigurationSource())) // CORS 설정 추가
                 .authorizeHttpRequests(auth -> auth
                         .requestMatchers("/api/auth/**", "/error").permitAll() // 인증 필요 없는 엔드포인트
                         .requestMatchers(HttpMethod.OPTIONS, "/**").permitAll() // OPTIONS 요청 허용
                         .anyRequest().authenticated() // 나머지는 인증 필요
                 )
-                .addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class); // JWT 필터 추가
+                .addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class);
 
         return http.build();
     }
 
     @Bean
-    public UrlBasedCorsConfigurationSource corsConfigurationSource() {
-        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
-        CorsConfiguration config = new CorsConfiguration();
-
-        config.setAllowCredentials(true); // 인증 정보 포함 허용
-        config.setAllowedOriginPatterns(List.of(
+    public CorsConfigurationSource corsConfigurationSource() {
+        CorsConfiguration configuration = new CorsConfiguration();
+        configuration.setAllowedOriginPatterns(List.of(
                 "http://localhost:3000",          // 로컬 개발용
                 "https://tamtam2.shop",          // 배포된 프론트엔드 주소
                 "https://hyunjong00.github.io/tamtam" // 추가된 배포 주소
         ));
-        config.setAllowedMethods(List.of("GET", "POST", "PUT", "DELETE", "OPTIONS")); // 허용 HTTP 메소드
-        config.setAllowedHeaders(List.of("*")); // 모든 헤더 허용
-        config.setExposedHeaders(List.of("Authorization")); // 클라이언트가 접근할 수 있는 헤더
-        config.setMaxAge(36000L); // preflight 요청 캐싱 시간 설정 (초 단위)
+        configuration.setAllowedMethods(List.of("GET", "POST", "PUT", "DELETE", "OPTIONS", "PATCH"));
+        configuration.setAllowedHeaders(List.of("*"));
+        configuration.setExposedHeaders(List.of("Authorization", "RefreshToken"));
+        configuration.setAllowCredentials(true);
+        configuration.setMaxAge(3600L);
 
-        source.registerCorsConfiguration("/**", config);
+        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
+        source.registerCorsConfiguration("/**", configuration);
         return source;
     }