11package org .devkor .apu .saerok_server .global .security ;
22
33import lombok .RequiredArgsConstructor ;
4+ import lombok .extern .slf4j .Slf4j ;
45import org .springframework .context .annotation .Bean ;
56import org .springframework .context .annotation .Configuration ;
67import org .springframework .security .config .annotation .method .configuration .EnableMethodSecurity ;
910import org .springframework .security .config .annotation .web .configurers .AbstractHttpConfigurer ;
1011import org .springframework .security .web .SecurityFilterChain ;
1112import org .springframework .security .web .authentication .UsernamePasswordAuthenticationFilter ;
13+ import org .springframework .web .cors .CorsConfiguration ;
14+ import org .springframework .web .cors .CorsConfigurationSource ;
15+ import org .springframework .web .cors .UrlBasedCorsConfigurationSource ;
1216
17+ import java .util .List ;
18+
19+ @ Slf4j
1320@ Configuration
1421@ EnableWebSecurity
1522@ EnableMethodSecurity
@@ -23,6 +30,7 @@ public class SecurityConfig {
2330 private final JwtAuthenticationFilter jwtAuthenticationFilter ;
2431 private final JwtAuthenticationEntryPoint jwtAuthenticationEntryPoint ;
2532 private final JwtAccessDeniedHandler jwtAccessDeniedHandler ;
33+ private final CorsProperties corsProperties ;
2634
2735 @ Bean
2836 public SecurityFilterChain filterChain (HttpSecurity http ) throws Exception {
@@ -39,6 +47,22 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
3947 .anyRequest ().permitAll () // 일단 HTTP 레벨에서는 다 들여보내고, 메서드별 애노테이션으로 권한 설정
4048 )
4149 .addFilterBefore (jwtAuthenticationFilter , UsernamePasswordAuthenticationFilter .class )
50+ .cors (cors -> {})
4251 .build ();
4352 }
53+
54+ @ Bean
55+ public CorsConfigurationSource corsConfigurationSource () {
56+ CorsConfiguration config = new CorsConfiguration ();
57+ config .setAllowedOrigins (corsProperties .getAllowedOrigins ());
58+ config .setAllowedMethods (List .of ("GET" , "POST" , "PUT" , "DELETE" , "PATCH" , "OPTIONS" ));
59+ config .setAllowedHeaders (List .of ("*" ));
60+ config .setAllowCredentials (true );
61+
62+ log .info ("cors allowed origins: {}" , corsProperties .getAllowedOrigins ());
63+
64+ UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource ();
65+ source .registerCorsConfiguration ("/**" , config );
66+ return source ;
67+ }
4468}
0 commit comments