[CICD] securityConfig 수정

Author: simhyunmin

src/main/java/fitfit/domain/token/filter/JwtAuthenticationFilter.java

@@ -23,11 +23,7 @@
 @Component
 @RequiredArgsConstructor
 public class JwtAuthenticationFilter extends OncePerRequestFilter {
-
-    private final JwtProvider jwtProvider;
-    private final UserDetailsService userDetailsService;
-    private final AntPathMatcher antPathMatcher = new AntPathMatcher();
-
+    // 토큰 없이도 가능하게
     private static final List<String> WHITE_LIST = List.of(
             "/swagger-ui/**",
             "/v3/api-docs/**",
@@ -38,46 +34,35 @@ public class JwtAuthenticationFilter extends OncePerRequestFilter {
             "/auth/refresh"
     );
 
-    @Override
-    protected boolean shouldNotFilter(HttpServletRequest request) {
-        if (request.getMethod().equalsIgnoreCase(HttpMethod.OPTIONS.name())) {
-            return true;
-        }
-        return WHITE_LIST.stream().anyMatch(white -> antPathMatcher.match(white, request.getRequestURI()));
-    }
+    private final JwtProvider jwtProvider;
+    private final UserDetailsService userDetailsService;
+    private final AntPathMatcher antPathMatcher = new AntPathMatcher();
 
     @Override
-    protected void doFilterInternal(
-            @NonNull HttpServletRequest request,
-            @NonNull HttpServletResponse response,
-            @NonNull FilterChain filterChain
-    ) throws ServletException, IOException {
-
-        final String authHeader = request.getHeader("Authorization");
-
-        if (authHeader == null || !authHeader.startsWith("Bearer ")) {
-            filterChain.doFilter(request, response);
-            return;
-        }
-
+    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
         try {
-            Long memberId = jwtProvider.getMemberIdAndValidateToken(authHeader);
-            if (SecurityContextHolder.getContext().getAuthentication() == null) {
-                UserDetails userDetails = this.userDetailsService.loadUserByUsername(memberId.toString());
-                UsernamePasswordAuthenticationToken authToken = new UsernamePasswordAuthenticationToken(
-                        userDetails,
-                        null,
-                        userDetails.getAuthorities()
-                );
-                authToken.setDetails(
-                        new WebAuthenticationDetailsSource().buildDetails(request)
-                );
-                SecurityContextHolder.getContext().setAuthentication(authToken);
-            }
+            Long memberId = jwtProvider.getMemberIdAndValidateToken(request.getHeader("Authorization"));
+
+            UserDetails userDetails = userDetailsService.loadUserByUsername(memberId.toString());
+            UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(
+                    userDetails,
+                    null,
+                    userDetails.getAuthorities()
+            );
+            authentication.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
+            SecurityContextHolder.getContext().setAuthentication(authentication);
         } catch (Exception e) {
-            SecurityContextHolder.clearContext();
+            response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
+            response.getWriter().write("{\"error\": \"" + e.getMessage() + "\"}");
+            return;
         }
 
         filterChain.doFilter(request, response);
     }
+
+    @Override
+    protected boolean shouldNotFilter(HttpServletRequest request) throws ServletException {
+        // 더 안정적인 AntPathMatcher.match() 로 수정
+        return WHITE_LIST.stream().anyMatch(white -> antPathMatcher.match(white, request.getRequestURI()));
+    }
 }

src/main/java/fitfit/global/config/WebConfig.java

@@ -40,10 +40,8 @@ public SecurityFilterChain filterChain (HttpSecurity http) throws Exception {
                                 "/swagger-ui/**",
                                 "/v3/api-docs/**",
                                 "/swagger-resources/**",
-                                "/webjars/**",
-                                "/auth/**",
                                 "/api/members/auth/kko",
-                                "/auth/refresh"
+                                "/api/members/auth/refresh"
                         ).permitAll()
                         .anyRequest().authenticated()
                 )
@@ -52,15 +50,15 @@ public SecurityFilterChain filterChain (HttpSecurity http) throws Exception {
     }
 
     /**
-     * Cors 설정 - IOS 앱에서 API 호출 허용
+     * Cors 설정 - API 호출 허용
      */
     @Bean
     public CorsConfigurationSource corsConfigurationSource() {
         CorsConfiguration config = new CorsConfiguration();
-        config.setAllowedOrigins(List.of("https://d3trbid3w75opm.cloudfront.net", "http://localhost:3000", "https://fitfit.site", "http://localhost:5173"));
+        config.setAllowedOrigins(List.of("*"));
         config.setAllowedMethods(List.of("GET", "POST", "PUT", "DELETE", "PATCH", "OPTIONS"));
         config.setAllowedHeaders(List.of("*"));
-        config.setAllowCredentials(true);
+        config.setAllowCredentials(false);
         config.setExposedHeaders(List.of("Authorization"));
 
         UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();