백엔드 서비스 설정 및 배포 구성 개선

- CORS 설정 업데이트 (모든 서비스) - Swagger UI 경로 및 설정 수정 - Kubernetes 배포 설정 개선 (Ingress, Deployment) - distribution-service SecurityConfig 및 Controller 개선 - IntelliJ 실행 프로파일 업데이트 - 컨테이너 이미지 빌드 문서화 (deployment/container/build-image.md) 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-10-29 15:55:30 +09:00
parent 3075a5d49f
commit 3da9303091
16 changed files with 235 additions and 292 deletions
@@ -1,11 +1,17 @@
 package com.kt.event.participation.infrastructure.config;

+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.web.cors.CorsConfiguration;
+import org.springframework.web.cors.CorsConfigurationSource;
+import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
+
+import java.util.Arrays;

 /**
 * Security Configuration for Participation Service
@@ -18,10 +24,14 @@ import org.springframework.security.web.SecurityFilterChain;
@EnableWebSecurity
 public class SecurityConfig {

+    @Value("${cors.allowed-origins:http://localhost:*}")
+    private String allowedOrigins;
+
    @Bean
    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
        http
            .csrf(csrf -> csrf.disable())
+            .cors(cors -> cors.configurationSource(corsConfigurationSource()))
            .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
            .authorizeHttpRequests(auth -> auth
                // Actuator endpoints
@@ -31,4 +41,26 @@ public class SecurityConfig {

        return http.build();
    }
+
+    @Bean
+    public CorsConfigurationSource corsConfigurationSource() {
+        CorsConfiguration configuration = new CorsConfiguration();
+
+        String[] origins = allowedOrigins.split(",");
+        configuration.setAllowedOriginPatterns(Arrays.asList(origins));
+
+        configuration.setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "DELETE", "PATCH", "OPTIONS"));
+
+        configuration.setAllowedHeaders(Arrays.asList(
+            "Authorization", "Content-Type", "X-Requested-With", "Accept",
+            "Origin", "Access-Control-Request-Method", "Access-Control-Request-Headers"
+        ));
+
+        configuration.setAllowCredentials(true);
+        configuration.setMaxAge(3600L);
+
+        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
+        source.registerCorsConfiguration("/**", configuration);
+        return source;
+    }
 }
@@ -54,6 +54,14 @@ jwt:
  secret: ${JWT_SECRET:dev-jwt-secret-key-for-development-only}
  expiration: ${JWT_EXPIRATION:86400000}

+# CORS 설정
+cors:
+  allowed-origins: ${CORS_ALLOWED_ORIGINS:http://localhost:8081,http://localhost:8082,http://localhost:8083,http://localhost:8084,http://kt-event-marketing.20.214.196.128.nip.io}
+  allowed-methods: ${CORS_ALLOWED_METHODS:GET,POST,PUT,DELETE,OPTIONS,PATCH}
+  allowed-headers: ${CORS_ALLOWED_HEADERS:*}
+  allow-credentials: ${CORS_ALLOW_CREDENTIALS:true}
+  max-age: ${CORS_MAX_AGE:3600}
+
 # 서버 설정
 server:
  port: ${SERVER_PORT:8084}