refactor: 리뷰, 구인 api 경로 추가

larama-C · larama-C · commit 08173cdbc98a · 2025-12-30T10:47:04.000+09:00
diff --git a/src/main/java/com/back/web7_9_codecrete_be/global/security/SecurityConfig.java b/src/main/java/com/back/web7_9_codecrete_be/global/security/SecurityConfig.java
@@ -1,7 +1,7 @@
 package com.back.web7_9_codecrete_be.global.security;
 
-import java.util.List;
-
+import com.back.web7_9_codecrete_be.domain.auth.service.TokenService;
+import lombok.RequiredArgsConstructor;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.authentication.AuthenticationManager;
@@ -14,91 +14,93 @@
 import org.springframework.web.cors.CorsConfiguration;
 import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
 
-import com.back.web7_9_codecrete_be.domain.auth.service.TokenService;
-
-import lombok.RequiredArgsConstructor;
+import java.util.List;
 
 @Configuration
 @RequiredArgsConstructor
 public class SecurityConfig {
 
-	private final JwtTokenProvider jwtTokenProvider;
-	private final JwtProperties jwtProperties;
-	private final CustomUserDetailService customUserDetailService;
-	private final TokenService tokenService;
-
-	@Bean
-	public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
-
-		http
-			.csrf(csrf -> csrf.disable())
-			.cors(Customizer.withDefaults())
-
-			// 기본 로그인 폼 비활성화
-			.formLogin(form -> form.disable())
-
-			// HTTP Basic 인증 비활성화
-			.httpBasic(basic -> basic.disable())
-
-			// H2 Console 설정
-			.headers(headers -> headers.frameOptions(frame -> frame.disable()))
-
-			// 세션 관리 설정 - Stateless
-			.sessionManagement((session) -> session
-				.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
-
-			// Authorization 설정
-			.authorizeHttpRequests(auth -> auth
-				.requestMatchers(
-					"/ws-chat/**",
-					"/actuator/**",
-					"/api/v1/auth/**",      // 로그인/회원가입은 허용
-					"/v3/api-docs/**",       // Swagger
-					"/swagger-ui/**",         // Swagger UI
-					"/h2-console/**",       // H2 Console
-					"/api/v1/location/**",      //location 정보 조회 도메인(임시)
-					"/api/v1/concerts/**",     // concert 정보 조회 도메인
-					"/api/v1/artists/**",    // artist 정보 저장 도메인(임시)
-          			"/api/v1/users/**",
-					"/api/v1/chats/**"
-				).permitAll()
-
-				// ADMIN 전용
-				.requestMatchers("/api/v1/admin/**").hasRole("ADMIN")
-
-				.anyRequest().authenticated()
-			)
-
-			.addFilterBefore(
-				new JwtAuthenticationFilter(jwtTokenProvider, jwtProperties, tokenService),
-				UsernamePasswordAuthenticationFilter.class
-			);
-
-		return http.build();
-	}
-
-	@Bean
-	public AuthenticationManager authenticationManager(AuthenticationConfiguration configuration) throws Exception {
-		return configuration.getAuthenticationManager();
-	}
-
-	// CORS 설정(로컬 프론트 통신 허용)
-	@Bean
-	public UrlBasedCorsConfigurationSource corsConfigurationSource() {
-		CorsConfiguration configuration = new CorsConfiguration();
-
-		configuration.setAllowedOrigins(List.of("http://localhost:3000", "https://www.naeconcertbutakhae.shop"));
-		configuration.setAllowedMethods(List.of("GET", "POST", "PUT", "DELETE", "PATCH", "OPTIONS"));
-
-		configuration.setAllowedHeaders(List.of("*"));
+    private final JwtTokenProvider jwtTokenProvider;
+    private final JwtProperties jwtProperties;
+    private final CustomUserDetailService customUserDetailService;
+    private final TokenService tokenService;
+
+    @Bean
+    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
+
+        http
+                .csrf(csrf -> csrf.disable())
+                .cors(Customizer.withDefaults())
+
+                // 기본 로그인 폼 비활성화
+                .formLogin(form -> form.disable())
+
+                // HTTP Basic 인증 비활성화
+                .httpBasic(basic -> basic.disable())
+
+                // H2 Console 설정
+                .headers(headers -> headers.frameOptions(frame -> frame.disable()))
+
+                // 세션 관리 설정 - Stateless
+                .sessionManagement((session) -> session
+                        .sessionCreationPolicy(SessionCreationPolicy.STATELESS))
+
+                // Authorization 설정
+
+                .authorizeHttpRequests(auth -> auth
+                        .requestMatchers(org.springframework.http.HttpMethod.OPTIONS, "/**").permitAll()
+                        .requestMatchers(
+                                "/ws-chat/**",
+                                "/actuator/**",
+                                "/api/v1/auth/**",      // 로그인/회원가입은 허용
+                                "/v3/api-docs/**",       // Swagger
+                                "/swagger-ui/**",         // Swagger UI
+                                "/h2-console/**",       // H2 Console
+                                "/api/v1/location/**",      //location 정보 조회 도메인(임시)
+                                "/api/v1/concerts/**",     // concert 정보 조회 도메인
+                                "/api/v1/artists/**",    // artist 정보 저장 도메인(임시)
+                                "/api/v1/users/**",
+                                "/api/v1/chats/**",
+                                "/api/v1/reviews/**",
+                                "api/v1/join/**"
+                        ).permitAll()
+
+                        // ADMIN 전용
+                        .requestMatchers("/api/v1/admin/**").hasRole("ADMIN")
+
+                        .anyRequest().authenticated()
+                )
+
+                .addFilterBefore(
+                        new JwtAuthenticationFilter(jwtTokenProvider, jwtProperties, tokenService),
+                        UsernamePasswordAuthenticationFilter.class
+                );
+
+        return http.build();
+    }
+
+    @Bean
+    public AuthenticationManager authenticationManager(AuthenticationConfiguration configuration) throws Exception {
+        return configuration.getAuthenticationManager();
+    }
+
+    // CORS 설정(로컬 프론트 통신 허용)
+    @Bean
+    public UrlBasedCorsConfigurationSource corsConfigurationSource() {
+        CorsConfiguration configuration = new CorsConfiguration();
+
+        configuration.setAllowedOrigins(List.of("http://localhost:3000", "http://localhost:8080", "https://www.naeconcertbutakhae.shop"));
+        configuration.setAllowedMethods(List.of("GET", "POST", "PUT", "DELETE", "PATCH", "OPTIONS"));
+
+        configuration.setAllowedHeaders(List.of("*"));
         configuration.setExposedHeaders(List.of("Set-Cookie"));
 
-		//쿠키 자동으로 넘어가게 설정
-		configuration.setAllowCredentials(true);
+        //쿠키 자동으로 넘어가게 설정
+        configuration.setAllowCredentials(true);
 
-		UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
-		source.registerCorsConfiguration("/**", configuration);
+        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
+        source.registerCorsConfiguration("/**", configuration);
 
-		return source;
-	}
+        return source;
+    }
 }
