user-service CORS 및 경로 매핑 수정
- SecurityConfig: CORS 설정 개선 및 context-path 기반 경로 수정 - UserController: RequestMapping 중복 경로 제거 - SwaggerConfig: Production 서버 URL 추가 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
wonho
parent
e8d0a1d4b4
commit
640e94bf17
@ -38,6 +38,18 @@ public class SecurityConfig {
|
|||||||
@Value("${cors.allowed-origins:http://localhost:*}")
|
@Value("${cors.allowed-origins:http://localhost:*}")
|
||||||
private String allowedOrigins;
|
private String allowedOrigins;
|
||||||
|
|
||||||
|
@Value("${cors.allowed-methods:GET,POST,PUT,DELETE,OPTIONS,PATCH}")
|
||||||
|
private String allowedMethods;
|
||||||
|
|
||||||
|
@Value("${cors.allowed-headers:*}")
|
||||||
|
private String allowedHeaders;
|
||||||
|
|
||||||
|
@Value("${cors.allow-credentials:true}")
|
||||||
|
private boolean allowCredentials;
|
||||||
|
|
||||||
|
@Value("${cors.max-age:3600}")
|
||||||
|
private long maxAge;
|
||||||
|
|
||||||
@Bean
|
@Bean
|
||||||
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
|
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
|
||||||
return http
|
return http
|
||||||
@ -45,8 +57,8 @@ public class SecurityConfig {
|
|||||||
.cors(cors -> cors.configurationSource(corsConfigurationSource()))
|
.cors(cors -> cors.configurationSource(corsConfigurationSource()))
|
||||||
.sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
|
.sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
|
||||||
.authorizeHttpRequests(auth -> auth
|
.authorizeHttpRequests(auth -> auth
|
||||||
// Public endpoints
|
// Public endpoints (context-path가 /api/v1/users이므로 상대 경로 사용)
|
||||||
.requestMatchers("/api/v1/users/register", "/api/v1/users/login").permitAll()
|
.requestMatchers("/register", "/login").permitAll()
|
||||||
// Actuator endpoints
|
// Actuator endpoints
|
||||||
.requestMatchers("/actuator/**").permitAll()
|
.requestMatchers("/actuator/**").permitAll()
|
||||||
// Swagger UI endpoints
|
// Swagger UI endpoints
|
||||||
@ -65,23 +77,23 @@ public class SecurityConfig {
|
|||||||
public CorsConfigurationSource corsConfigurationSource() {
|
public CorsConfigurationSource corsConfigurationSource() {
|
||||||
CorsConfiguration configuration = new CorsConfiguration();
|
CorsConfiguration configuration = new CorsConfiguration();
|
||||||
|
|
||||||
// 모든 Origin 허용
|
// application.yml에서 설정한 Origin 목록 사용
|
||||||
configuration.setAllowedOriginPatterns(Arrays.asList("*"));
|
configuration.setAllowedOrigins(Arrays.asList(allowedOrigins.split(",")));
|
||||||
|
|
||||||
// 허용할 HTTP 메소드
|
// 허용할 HTTP 메소드
|
||||||
configuration.setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "DELETE", "PATCH", "OPTIONS"));
|
configuration.setAllowedMethods(Arrays.asList(allowedMethods.split(",")));
|
||||||
|
|
||||||
// 허용할 헤더
|
// 허용할 헤더
|
||||||
configuration.setAllowedHeaders(Arrays.asList("*"));
|
configuration.setAllowedHeaders(Arrays.asList(allowedHeaders.split(",")));
|
||||||
|
|
||||||
// 자격 증명 허용
|
// 자격 증명 허용
|
||||||
configuration.setAllowCredentials(true);
|
configuration.setAllowCredentials(allowCredentials);
|
||||||
|
|
||||||
// Pre-flight 요청 캐시 시간
|
// Pre-flight 요청 캐시 시간
|
||||||
configuration.setMaxAge(3600L);
|
configuration.setMaxAge(maxAge);
|
||||||
|
|
||||||
// Exposed Headers 추가
|
// Exposed Headers 추가
|
||||||
configuration.setExposedHeaders(Arrays.asList("Authorization", "Content-Type"));
|
configuration.setExposedHeaders(Arrays.asList("Authorization", "Content-Type", "X-Total-Count"));
|
||||||
|
|
||||||
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
|
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
|
||||||
source.registerCorsConfiguration("/**", configuration);
|
source.registerCorsConfiguration("/**", configuration);
|
||||||
|
|||||||
@ -26,10 +26,13 @@ public class SwaggerConfig {
|
|||||||
return new OpenAPI()
|
return new OpenAPI()
|
||||||
.info(apiInfo())
|
.info(apiInfo())
|
||||||
.addServersItem(new Server()
|
.addServersItem(new Server()
|
||||||
.url("http://localhost:8081")
|
.url("http://kt-event-marketing-api.20.214.196.128.nip.io/api/v1/users")
|
||||||
|
.description("Production Server (AKS Ingress)"))
|
||||||
|
.addServersItem(new Server()
|
||||||
|
.url("http://localhost:8081/api/v1/users")
|
||||||
.description("Local Development"))
|
.description("Local Development"))
|
||||||
.addServersItem(new Server()
|
.addServersItem(new Server()
|
||||||
.url("{protocol}://{host}:{port}")
|
.url("{protocol}://{host}:{port}/api/v1/users")
|
||||||
.description("Custom Server")
|
.description("Custom Server")
|
||||||
.variables(new io.swagger.v3.oas.models.servers.ServerVariables()
|
.variables(new io.swagger.v3.oas.models.servers.ServerVariables()
|
||||||
.addServerVariable("protocol", new io.swagger.v3.oas.models.servers.ServerVariable()
|
.addServerVariable("protocol", new io.swagger.v3.oas.models.servers.ServerVariable()
|
||||||
|
|||||||
@ -33,7 +33,7 @@ import java.util.UUID;
|
|||||||
*/
|
*/
|
||||||
@Slf4j
|
@Slf4j
|
||||||
@RestController
|
@RestController
|
||||||
@RequestMapping("/api/v1/users")
|
@RequestMapping("") // context-path가 /api/v1/users이므로 빈 문자열 사용
|
||||||
@RequiredArgsConstructor
|
@RequiredArgsConstructor
|
||||||
@Tag(name = "User", description = "사용자 인증 및 프로필 관리 API")
|
@Tag(name = "User", description = "사용자 인증 및 프로필 관리 API")
|
||||||
public class UserController {
|
public class UserController {
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user