Merge pull request #78 from csct3434/main

CORS 오류 해결

src/main/java/com/alzzaipo/common/config/CorsConfig.java

@@ -0,0 +1,26 @@
+package com.alzzaipo.common.config;
+
+import java.util.List;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.web.cors.CorsConfiguration;
+import org.springframework.web.cors.CorsConfigurationSource;
+import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
+
+@Configuration
+public class CorsConfig {
+
+    @Bean
+    public CorsConfigurationSource corsConfigurationSource() {
+        CorsConfiguration config = new CorsConfiguration();
+        config.setAllowedOrigins(List.of("https://alzzaipo.com", "http://localhost:3000"));
+        config.addAllowedMethod("*");
+        config.addAllowedHeader("*");
+        config.setAllowCredentials(true);
+        config.addExposedHeader("Authorization");
+
+        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
+        source.registerCorsConfiguration("/**", config);
+        return source;
+    }
+}

src/main/java/com/alzzaipo/common/config/SecurityConfig.java

@@ -7,15 +7,9 @@
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
-import org.springframework.security.config.http.SessionCreationPolicy;
+import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
-import org.springframework.web.cors.CorsConfiguration;
-import org.springframework.web.cors.CorsConfigurationSource;
-import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
-
-import java.util.List;
 
 @RequiredArgsConstructor
 @EnableWebSecurity
@@ -24,62 +18,13 @@ public class SecurityConfig {
 
     private final JwtUtil jwtUtil;
 
-    @Bean
-    public CorsConfigurationSource corsConfigurationSource() {
-        CorsConfiguration config = new CorsConfiguration();
-        config.setAllowedOrigins(List.of("https://alzzaipo.com", "http://localhost:3000"));
-        config.addAllowedMethod("*");
-        config.addAllowedHeader("*");
-        config.setAllowCredentials(true);
-        config.addExposedHeader("Authorization");
-
-        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
-        source.registerCorsConfiguration("/**", config);
-        return source;
-    }
-
     @Bean
     public SecurityFilterChain securityFilterChain(HttpSecurity httpSecurity) throws Exception {
         httpSecurity
-                .httpBasic().disable()
-                .csrf().disable()
-                .cors().and()
-                .authorizeHttpRequests(authorize -> authorize
-                        .requestMatchers(
-                                "/member/verify-account-id",
-                                "/member/verify-email",
-                                "/member/register",
-                                "/member/login",
-                                "/ipo/**",
-                                "/email/**",
-                                "/scraper",
-                                "/oauth/kakao/login"
-                        ).permitAll()
-                        .requestMatchers(
-                                "/portfolio/**",
-                                "/member/**",
-                                "/oauth/kakao/*",
-                                "/notification/**"
-                        ).authenticated()
-                )
-                .sessionManagement(sessionManagement -> sessionManagement
-                        .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
-                )
-                .addFilterBefore(new JwtFilter(jwtUtil), UsernamePasswordAuthenticationFilter.class);
+            .csrf(AbstractHttpConfigurer::disable)
+            .cors().and()
+            .addFilterBefore(new JwtFilter(jwtUtil), UsernamePasswordAuthenticationFilter.class);
 
         return httpSecurity.build();
     }
-
-    @Bean
-    public WebSecurityCustomizer webSecurityCustomizer() {
-        return web -> web.ignoring().requestMatchers(
-                "/member/verify-account-id",
-                "/member/verify-email",
-                "/member/register",
-                "/member/login",
-                "/ipo/**",
-                "/email/**",
-                "/scraper",
-                "/oauth/kakao/login");
-    }
 }

src/main/java/com/alzzaipo/common/jwt/JwtFilter.java

@@ -7,6 +7,9 @@
 import jakarta.servlet.ServletException;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
+import java.io.IOException;
+import java.util.Arrays;
+import java.util.List;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.http.HttpHeaders;
@@ -16,18 +19,16 @@
 import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
 import org.springframework.web.filter.OncePerRequestFilter;
 
-import java.io.IOException;
-import java.util.List;
-
 @Slf4j
 @RequiredArgsConstructor
 public class JwtFilter extends OncePerRequestFilter {
 
     private final JwtUtil jwtUtil;
 
     @Override
-    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
-            throws IOException, ServletException {
+    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response,
+        FilterChain filterChain)
+        throws IOException, ServletException {
 
         String authorization = request.getHeader(HttpHeaders.AUTHORIZATION);
 
@@ -42,11 +43,12 @@ protected void doFilterInternal(HttpServletRequest request, HttpServletResponse
             MemberPrincipal memberPrincipal = createPrincipalFromToken(token);
 
             UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(
-                    memberPrincipal,
-                    null,
-                    List.of(new SimpleGrantedAuthority("USER")));
+                memberPrincipal,
+                null,
+                List.of(new SimpleGrantedAuthority("USER")));
 
-            authenticationToken.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
+            authenticationToken.setDetails(
+                new WebAuthenticationDetailsSource().buildDetails(request));
             SecurityContextHolder.getContext().setAuthentication(authenticationToken);
         } catch (ExpiredJwtException e) {
             response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "토큰 만료");
@@ -65,7 +67,25 @@ protected void doFilterInternal(HttpServletRequest request, HttpServletResponse
 
     private MemberPrincipal createPrincipalFromToken(String token) {
         return new MemberPrincipal(
-                jwtUtil.getMemberUID(token),
-                jwtUtil.getLoginType(token));
+            jwtUtil.getMemberUID(token),
+            jwtUtil.getLoginType(token));
     }
+
+    @Override
+    protected boolean shouldNotFilter(HttpServletRequest request) throws ServletException {
+        List<String> excludePath = Arrays.asList(
+            "/member/verify-account-id",
+            "/member/verify-email",
+            "/member/register",
+            "/member/login",
+            "/ipo",
+            "/email",
+            "/scraper",
+            "/oauth/kakao/login");
+
+        String path = request.getRequestURI();
+
+        return excludePath.stream().anyMatch(path::startsWith);
+    }
+
 }