Skip to content

Commit

Permalink
BE: [feature] CORS 및 보안 설정 추가
Browse files Browse the repository at this point in the history
  • Loading branch information
HOJEONGKIMM committed Nov 3, 2024
1 parent ea262bd commit 55884a2
Showing 1 changed file with 21 additions and 2 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -6,14 +6,20 @@
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.CorsConfigurationSource;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;

import java.util.List;

@Configuration
public class SecurityConfig {

@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
http
.csrf(csrf -> csrf.disable()) // CSRF 비활성화 (필요시 활성화 가능)
.cors(cors -> cors.configurationSource(corsConfigurationSource())) // CORS 설정 추가
.csrf(csrf -> csrf.disable()) // CSRF 비활성화 (필요시 활성화 가능)
.authorizeHttpRequests(auth -> auth
.requestMatchers("/api/admin/signup", "/api/admin/login").permitAll() // 회원가입, 로그인은 인증 필요 없음
.anyRequest().permitAll() // 나머지 요청도 인증 필요 없음
Expand All @@ -23,8 +29,21 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Excepti
return http.build();
}

@Bean
public CorsConfigurationSource corsConfigurationSource() {
CorsConfiguration configuration = new CorsConfiguration();
configuration.setAllowedOrigins(List.of("http://example.com", "http://localhost:3000")); // 허용할 도메인 설정
configuration.setAllowedMethods(List.of("GET", "POST", "PUT", "DELETE", "OPTIONS")); // 허용할 HTTP 메서드
configuration.setAllowedHeaders(List.of("*")); // 모든 헤더 허용
configuration.setAllowCredentials(true); // 인증 정보 포함 여부

UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**", configuration);
return source;
}

@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
}
}

0 comments on commit 55884a2

Please sign in to comment.