shared-digitalgarage/lifesub
1
0
Fork 0
mirror of https://github.com/cna-bootcamp/lifesub.git synced 2026-06-12 20:49:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

release

Browse Source
This commit is contained in:
ondal
2025-02-13 18:42:46 +09:00
parent ba3405bff3
commit d7ca5994b4
48 changed files with 1071 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files
mysub-infra/build/classes/java/main/com/unicorn/lifesub/mysub/infra/config/SecurityConfig.class
BIN
View File
Binary file not shown.
mysub-infra/build/resources/main/application.yml
+1
View File
@@ -19,6 +19,7 @@ spring:
format_sql: true
dialect: org.hibernate.dialect.PostgreSQLDialect
# Secret key 만들기: openssl rand -base64 32
jwt:
secret-key: ${JWT_SECRET_KEY:8O2HQ13etL2BWZvYOiWsJ5uWFoLi6NBUG8divYVoCgtHVvlk3dqRksMl16toztDUeBTSIuOOPvHIrYq11G2BwQ}
mysub-infra/build/tmp/compileJava/previous-compilation-data.bin
BIN
View File
Binary file not shown.
mysub-infra/src/main/java/com/unicorn/lifesub/mysub/infra/config/SecurityConfig.java
+9
View File
@@ -31,6 +31,15 @@ public class SecurityConfig {
this.jwtTokenProvider = jwtTokenProvider;
}
/*
아래와 같은 수행을 함
- CORS설정: 접근을 허용할 도메인, 메서드, 헤더값 등을 설정함
- csrf : Cross Site Request Forgery(인증된 웹 세션을 사용하여 서버를 공격하는 행위)을 비활성화
JWT 방식을 사용하므로 불필요함. 만약 CSRF까지 활성화하면 클라이언트는 CSRF토큰도 요청 헤더에 보내야 함
- authorizeHttpRequests: 인증이 필요없는 주소를 지정하고, 나머지는 인증이 안되어 있으면 접근을 금지시킴
swagger페이지와 로그인, 회원등록 페이지는 인증 안해도 접근하도록 설정함
- sessionManagement: 세션을 로컬에 저장하지 않도록 함
*/
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
http
mysub-infra/src/main/resources/application.yml
+1
View File
@@ -19,6 +19,7 @@ spring:
format_sql: true
dialect: org.hibernate.dialect.PostgreSQLDialect
# Secret key 만들기: openssl rand -base64 32
jwt:
secret-key: ${JWT_SECRET_KEY:8O2HQ13etL2BWZvYOiWsJ5uWFoLi6NBUG8divYVoCgtHVvlk3dqRksMl16toztDUeBTSIuOOPvHIrYq11G2BwQ}