SecurityFilterChain을 거치는 POST 요청을 처리하기 위한 CORS 설정 추가.

Step3-kakao-tech-campus · Nov 3, 2023 · 710fb56 · 710fb56
2 parents 9232cc5 + 7706441
commit 710fb56
Show file tree

Hide file tree

Showing 2 changed files with 36 additions and 37 deletions.
diff --git a/animory/src/main/java/com/daggle/animory/common/config/CorsConfiguration.java b/animory/src/main/java/com/daggle/animory/common/config/CorsConfiguration.java
diff --git a/animory/src/main/java/com/daggle/animory/common/security/SecurityConfig.java b/animory/src/main/java/com/daggle/animory/common/security/SecurityConfig.java
@@ -16,6 +16,9 @@
 import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.web.cors.CorsConfiguration;
+import org.springframework.web.cors.CorsConfigurationSource;
+import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
 import org.springframework.web.servlet.HandlerExceptionResolver;
 
 import javax.servlet.http.HttpServletResponse;
@@ -27,27 +30,31 @@
 public class SecurityConfig {
     private final TokenProvider tokenProvider;
 
-    // Custom SecurityFilterManagerImpl 클래스를 통해 JWT 필터를 추가
-    public class SecurityFilterManagerImpl extends AbstractHttpConfigurer<SecurityFilterManagerImpl, HttpSecurity> {
-        @Override
-        public void configure(final HttpSecurity builder) throws Exception {
-            final AuthenticationManager authenticationManager = builder.getSharedObject(AuthenticationManager.class);
-            builder.addFilter(new JwtAuthenticationFilter(authenticationManager, tokenProvider))
-                    .addFilterBefore(new JwtExceptionFilter(), JwtAuthenticationFilter.class);
-            super.configure(builder);
-        }
-    }
-
     @Bean
     public BCryptPasswordEncoder registerPasswordEncoder() {
         return new BCryptPasswordEncoder();
     }
 
+    @Bean
+    public CorsConfigurationSource configureCors() {
+        final CorsConfiguration configuration = new CorsConfiguration();
+        configuration.addAllowedHeader("*");
+        configuration.addAllowedMethod("*");
+        configuration.addAllowedOriginPattern("*");
+        configuration.setAllowCredentials(true);
+        configuration.addExposedHeader("Authorization");
+
+        final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
+        source.registerCorsConfiguration("/**", configuration);
+        return source;
+    }
+
     @Bean
     public SecurityFilterChain securityFilterChain(final HttpSecurity http,
-                                                   @Autowired @Qualifier("handlerExceptionResolver")
-                                                   final HandlerExceptionResolver resolver) throws Exception {
+                                                   @Autowired @Qualifier("handlerExceptionResolver") final HandlerExceptionResolver resolver) throws Exception {
+        http.cors().configurationSource(configureCors());
         http.csrf().disable();
+
         http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
 
         http.formLogin().disable();
@@ -67,13 +74,24 @@ public SecurityFilterChain securityFilterChain(final HttpSecurity http,
         });
 
         http.authorizeRequests(
-                authorize -> authorize
-                        .antMatchers(HttpMethod.POST, "/pet/**").hasAuthority("SHELTER")
-                        .antMatchers(HttpMethod.PATCH).hasAuthority("SHELTER")
-                        .antMatchers(HttpMethod.PUT).hasAuthority("SHELTER")
-                        .anyRequest().permitAll()
+            authorize -> authorize
+                .antMatchers(HttpMethod.POST, "/pet/**").hasAuthority("SHELTER")
+                .antMatchers(HttpMethod.PATCH).hasAuthority("SHELTER")
+                .antMatchers(HttpMethod.PUT).hasAuthority("SHELTER")
+                .anyRequest().permitAll()
         );
 
         return http.build();
     }
+
+    // Custom SecurityFilterManagerImpl 클래스를 통해 JWT 필터를 추가
+    public class SecurityFilterManagerImpl extends AbstractHttpConfigurer<SecurityFilterManagerImpl, HttpSecurity> {
+        @Override
+        public void configure(final HttpSecurity builder) throws Exception {
+            final AuthenticationManager authenticationManager = builder.getSharedObject(AuthenticationManager.class);
+            builder.addFilter(new JwtAuthenticationFilter(authenticationManager, tokenProvider))
+                .addFilterBefore(new JwtExceptionFilter(), JwtAuthenticationFilter.class);
+            super.configure(builder);
+        }
+    }
 }