Merge pull request #82 from Central-MakeUs/feature/testUser

[Bug] Spring Security가 401, 403 오류에 대해서도 CORS 설정하도록 수정
Central-MakeUs · Feb 9, 2025 · 2b34919 · 2b34919
2 parents 11e4730 + 404eb02
commit 2b34919
Showing 1 changed file with 25 additions and 2 deletions.
diff --git a/src/main/java/com/cmc/mercury/global/config/SecurityConfig.java b/src/main/java/com/cmc/mercury/global/config/SecurityConfig.java
@@ -14,6 +14,12 @@
 import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+import org.springframework.web.cors.CorsConfiguration;
+import org.springframework.web.cors.CorsConfigurationSource;
+import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
+
+import java.util.Arrays;
+import java.util.Collections;
 
 @Configuration
 @EnableWebSecurity
@@ -29,6 +35,7 @@ public class SecurityConfig {
     @Bean
     public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
         http
+                .cors(cors -> cors.configurationSource(corsConfigurationSource()))  // 401, 403에러에 대해서도 CORS 설정 추가
                 .csrf(csrf -> csrf.disable())
                 .formLogin(formLogin -> formLogin.disable())
                 .httpBasic(httpBasic -> httpBasic.disable())
@@ -39,7 +46,7 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Excepti
                         .requestMatchers("/swagger-ui/**", "/swagger-ui.html", "/api-docs/**", "/swagger-resources/**").permitAll()
                         // OAuth2 관련 경로 허용
                         .requestMatchers("/login/**", "/oauth2/**").permitAll()
-                         // 도서 검색
+                        // 도서 검색
                         .requestMatchers("/books/search", "/users/**").permitAll()
                         .anyRequest().authenticated()
                 )
@@ -50,8 +57,24 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Excepti
                         .failureHandler(oAuth2FailureHandler)
                 )
                 .addFilterBefore(new JwtAuthenticationFilter(jwtProvider, userRepository),
-                    UsernamePasswordAuthenticationFilter.class);
+                        UsernamePasswordAuthenticationFilter.class);
 
         return http.build();
     }
+
+    @Bean
+    public CorsConfigurationSource corsConfigurationSource() {
+        CorsConfiguration configuration = new CorsConfiguration();
+        configuration.setAllowedOriginPatterns(Collections.singletonList("*"));
+        configuration.setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS"));
+        configuration.setAllowedHeaders(Collections.singletonList("*"));
+        configuration.setExposedHeaders(Collections.singletonList("Authorization"));
+        configuration.setAllowCredentials(true);
+        configuration.setMaxAge(3600L);
+
+        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
+        source.registerCorsConfiguration("/**", configuration);
+
+        return source;
+    }
 }