user-service CORS 및 경로 매핑 수정

- SecurityConfig: CORS 설정 개선 및 context-path 기반 경로 수정 - UserController: RequestMapping 중복 경로 제거 - SwaggerConfig: Production 서버 URL 추가 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-10-29 18:25:09 +09:00 · 2025-10-29 18:25:09 +09:00 · 640e94bf17
commit 640e94bf17
parent e8d0a1d4b4
3 changed files with 27 additions and 12 deletions
--- a/user-service/src/main/java/com/kt/event/user/config/SecurityConfig.java
+++ b/user-service/src/main/java/com/kt/event/user/config/SecurityConfig.java
@ -38,6 +38,18 @@ public class SecurityConfig {
    @Value("${cors.allowed-origins:http://localhost:*}")
    private String allowedOrigins;

+    @Value("${cors.allowed-methods:GET,POST,PUT,DELETE,OPTIONS,PATCH}")
+    private String allowedMethods;
+
+    @Value("${cors.allowed-headers:*}")
+    private String allowedHeaders;
+
+    @Value("${cors.allow-credentials:true}")
+    private boolean allowCredentials;
+
+    @Value("${cors.max-age:3600}")
+    private long maxAge;
+
    @Bean
    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
        return http
@ -45,8 +57,8 @@ public class SecurityConfig {
                .cors(cors -> cors.configurationSource(corsConfigurationSource()))
                .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
                .authorizeHttpRequests(auth -> auth
-                        // Public endpoints
-                        .requestMatchers("/api/v1/users/register", "/api/v1/users/login").permitAll()
+                        // Public endpoints (context-path가 /api/v1/users이므로 상대 경로 사용)
+                        .requestMatchers("/register", "/login").permitAll()
                        // Actuator endpoints
                        .requestMatchers("/actuator/**").permitAll()
                        // Swagger UI endpoints
@ -65,23 +77,23 @@ public class SecurityConfig {
    public CorsConfigurationSource corsConfigurationSource() {
        CorsConfiguration configuration = new CorsConfiguration();

-        // 모든 Origin 허용
-        configuration.setAllowedOriginPatterns(Arrays.asList("*"));
+        // application.yml에서 설정한 Origin 목록 사용
+        configuration.setAllowedOrigins(Arrays.asList(allowedOrigins.split(",")));

        // 허용할 HTTP 메소드
-        configuration.setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "DELETE", "PATCH", "OPTIONS"));
+        configuration.setAllowedMethods(Arrays.asList(allowedMethods.split(",")));

        // 허용할 헤더
-        configuration.setAllowedHeaders(Arrays.asList("*"));
+        configuration.setAllowedHeaders(Arrays.asList(allowedHeaders.split(",")));

        // 자격 증명 허용
-        configuration.setAllowCredentials(true);
+        configuration.setAllowCredentials(allowCredentials);

        // Pre-flight 요청 캐시 시간
-        configuration.setMaxAge(3600L);
+        configuration.setMaxAge(maxAge);

        // Exposed Headers 추가
-        configuration.setExposedHeaders(Arrays.asList("Authorization", "Content-Type"));
+        configuration.setExposedHeaders(Arrays.asList("Authorization", "Content-Type", "X-Total-Count"));

        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
        source.registerCorsConfiguration("/**", configuration);
--- a/user-service/src/main/java/com/kt/event/user/config/SwaggerConfig.java
+++ b/user-service/src/main/java/com/kt/event/user/config/SwaggerConfig.java
@ -26,10 +26,13 @@ public class SwaggerConfig {
        return new OpenAPI()
                .info(apiInfo())
                .addServersItem(new Server()
-                        .url("http://localhost:8081")
+                        .url("http://kt-event-marketing-api.20.214.196.128.nip.io/api/v1/users")
+                        .description("Production Server (AKS Ingress)"))
+                .addServersItem(new Server()
+                        .url("http://localhost:8081/api/v1/users")
                        .description("Local Development"))
                .addServersItem(new Server()
-                        .url("{protocol}://{host}:{port}")
+                        .url("{protocol}://{host}:{port}/api/v1/users")
                        .description("Custom Server")
                        .variables(new io.swagger.v3.oas.models.servers.ServerVariables()
                                .addServerVariable("protocol", new io.swagger.v3.oas.models.servers.ServerVariable()
--- a/user-service/src/main/java/com/kt/event/user/controller/UserController.java
+++ b/user-service/src/main/java/com/kt/event/user/controller/UserController.java
@ -33,7 +33,7 @@ import java.util.UUID;
 */
@Slf4j
@RestController
-@RequestMapping("/api/v1/users")
+@RequestMapping("")  // context-path가 /api/v1/users이므로 빈 문자열 사용
@RequiredArgsConstructor
@Tag(name = "User", description = "사용자 인증 및 프로필 관리 API")
 public class UserController {