CORS설정변경

2026-06-13 04:19:14 +00:00 · 2025-10-30 23:10:20 +09:00
parent 6280ff8ce1 c66decce42
commit 2c4f2b0516
4 changed files with 37 additions and 26 deletions
@@ -1,43 +1,47 @@
 package com.kt.event.analytics.config;

-import com.kt.event.common.security.JwtAuthenticationFilter;
-import com.kt.event.common.security.JwtTokenProvider;
-import lombok.RequiredArgsConstructor;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
 import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
 import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.web.SecurityFilterChain;
-import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

 /**
 * Spring Security 설정
- * JWT 기반 인증 및 API 보안 설정
- *
- * ⚠️ CORS 설정은 WebConfig에서 관리합니다.
+ * API 테스트를 위해 일단 모든 요청 허용
 */
@Configuration
@EnableWebSecurity
-@RequiredArgsConstructor
 public class SecurityConfig {

-    private final JwtTokenProvider jwtTokenProvider;
-
    @Bean
-    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
-        return http
-            .csrf(AbstractHttpConfigurer::disable)
-            .cors(AbstractHttpConfigurer::disable)  // CORS는 WebConfig에서 관리
-            .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
-            .authorizeHttpRequests(auth -> auth
-                .anyRequest().permitAll()
-            )
-            .addFilterBefore(new JwtAuthenticationFilter(jwtTokenProvider),
-                UsernamePasswordAuthenticationFilter.class)
-            .build();
+    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
+        http
+                // CSRF 비활성화 (REST API는 CSRF 불필요)
+                .csrf(AbstractHttpConfigurer::disable)
+
+                // 세션 사용 안 함 (JWT 기반 인증)
+                .sessionManagement(session ->
+                        session.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
+                )
+
+                // 모든 요청 허용 (테스트용)
+                .authorizeHttpRequests(auth -> auth
+                        .anyRequest().permitAll()
+                );
+
+        return http.build();
    }

-    // CORS 설정은 WebConfig에서 관리 (모든 origin 허용)
+    /**
+     * Chrome DevTools 요청 등 정적 리소스 요청을 Spring Security에서 제외
+     */
+    @Bean
+    public WebSecurityCustomizer webSecurityCustomizer() {
+        return (web) -> web.ignoring()
+                .requestMatchers("/.well-known/**");
+    }
 }