02.27 Mini_Project 서버 및 로그인, 회원가입 기능 구현(CORS 문제 해결)
2023. 2. 27. 13:44ㆍ개발일지
package com.sparta.schedule.config;
import com.sparta.schedule.jwt.JwtAuthFilter;
import com.sparta.schedule.jwt.JwtUtil;
import lombok.RequiredArgsConstructor;
import org.springframework.boot.autoconfigure.security.servlet.PathRequest;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.web.cors.CorsConfiguration;
import java.util.Arrays;
import java.util.List;
@Configuration
@EnableWebSecurity
@RequiredArgsConstructor
@EnableGlobalMethodSecurity(securedEnabled = true)
public class WebSecurityConfig {
private final JwtUtil jwtUtil;
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Bean
public WebSecurityCustomizer webSecurityCustomizer() {
// h2-console 사용 및 resources 접근 허용 설정
return (web) -> web.ignoring()
.requestMatchers(PathRequest.toH2Console())
.requestMatchers(PathRequest.toStaticResources().atCommonLocations());
}
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
http.csrf().disable();
// 기본 설정인 Session 방식 사용하지 않고 JWT 방식 사용
http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
http.authorizeRequests().antMatchers("/user/**").permitAll()
.antMatchers("/schedule/**").permitAll()
.anyRequest().authenticated()
.and().addFilterBefore(new JwtAuthFilter(jwtUtil), UsernamePasswordAuthenticationFilter.class);
http.formLogin().permitAll();
// http.exceptionHandling().accessDeniedPage("/api/user/forbidden");
return http.build();
}
}
CORS 문제로 webconfig 썻는데 오류가 나서 자료들을 찾아보니
package com.sparta.schedule.config;
import com.sparta.schedule.jwt.JwtAuthFilter;
import com.sparta.schedule.jwt.JwtUtil;
import lombok.RequiredArgsConstructor;
import org.springframework.boot.autoconfigure.security.servlet.PathRequest;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.web.cors.CorsConfiguration;
import java.util.Arrays;
import java.util.List;
@Configuration
@EnableWebSecurity
@RequiredArgsConstructor
@EnableGlobalMethodSecurity(securedEnabled = true)
public class WebSecurityConfig {
private final JwtUtil jwtUtil;
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Bean
public WebSecurityCustomizer webSecurityCustomizer() {
// h2-console 사용 및 resources 접근 허용 설정
return (web) -> web.ignoring()
.requestMatchers(PathRequest.toH2Console())
.requestMatchers(PathRequest.toStaticResources().atCommonLocations());
}
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
http.cors().configurationSource(request -> {
CorsConfiguration cors = new CorsConfiguration();
cors.setAllowedOriginPatterns(List.of("*")); // 주소값 (*로 하면 전부다 허용이 됍니다.)
cors.setAllowedMethods(Arrays.asList("GET","POST", "PUT", "DELETE", "OPTIONS"));
cors.setAllowedHeaders(List.of("*"));
cors.addExposedHeader("Authorization"); // 인증값 토큰
// cors.addExposedHeader("Refresh_Token"); // Refresh 구현하면 쓰고 아니면 필요없음.
cors.setAllowCredentials(true);
return cors;
});
http.csrf().disable();
// 기본 설정인 Session 방식 사용하지 않고 JWT 방식 사용
http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
http.authorizeRequests().antMatchers("/user/**").permitAll()
.antMatchers("/schedule/**").permitAll()
.anyRequest().authenticated()
.and().addFilterBefore(new JwtAuthFilter(jwtUtil), UsernamePasswordAuthenticationFilter.class);
http.formLogin().permitAll();
// http.exceptionHandling().accessDeniedPage("/api/user/forbidden");
return http.build();
}
}
빈에다가 CorsConfiguration을 담아주니
http.cors().configurationSource(request -> {
CorsConfiguration cors = new CorsConfiguration();
cors.setAllowedOriginPatterns(List.of("*")); // 주소값 (*로 하면 전부다 허용이 됍니다.)
cors.setAllowedMethods(Arrays.asList("GET","POST", "PUT", "DELETE", "OPTIONS"));
cors.setAllowedHeaders(List.of("*"));
cors.addExposedHeader("Authorization"); // 인증값 토큰
// cors.addExposedHeader("Refresh_Token"); // Refresh 구현하면 쓰고 아니면 필요없음.
cors.setAllowCredentials(true);
return cors;
});
CORS 해결이 됐습니다
'개발일지' 카테고리의 다른 글
03.02 Mini_Project 서버 및 로그인, 회원가입 (추가적으로 스케줄 완료, 취소) 기능 구현 (0) | 2023.03.02 |
---|---|
02.28 TIL (0) | 2023.02.28 |
02.25 CORS (0) | 2023.02.25 |
02.19 ORM / SQL / MVC (0) | 2023.02.20 |
02.18 Transaction (0) | 2023.02.18 |