🐛 [FIX] CORS 에러 해결

Team-Lecue · Jan 16, 2024 · d9db15f · d9db15f
1 parent b03a4ee
commit d9db15f
Show file tree

Hide file tree

Showing 4 changed files with 31 additions and 36 deletions.
diff --git a/src/main/java/org/sopt/lequuServer/global/auth/security/AuthWhiteList.java b/src/main/java/org/sopt/lequuServer/global/auth/security/AuthWhiteList.java
@@ -13,8 +13,9 @@ public class AuthWhiteList {
 
     public static final List<String> AUTH_WHITELIST_WILDCARD = Arrays.asList(
             "/api/kakao/**", "/api/test/**", "/api/images/**",
+            "/api/common/**", "/api/books/detail/**",
             "/swagger-ui/**", "/swagger-resources/**", "/api-docs/**",
-            "/api/common/**", "/api/books/detail/**"
+            "/v3/api-docs/**", "/webjars/**"
     );
 
     public static final String[] AUTH_WHITELIST = Stream.concat(

diff --git a/src/main/java/org/sopt/lequuServer/global/config/SecurityConfig.java b/src/main/java/org/sopt/lequuServer/global/config/SecurityConfig.java
@@ -7,17 +7,15 @@
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
 import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
 import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
 import org.springframework.web.cors.CorsConfiguration;
 import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
 import org.springframework.web.filter.CorsFilter;
-import org.springframework.web.servlet.config.annotation.CorsRegistry;
-import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
 
-import static io.swagger.v3.oas.models.PathItem.HttpMethod;
 import static org.sopt.lequuServer.global.auth.security.AuthWhiteList.AUTH_WHITELIST;
 
 @Configuration
@@ -29,22 +27,20 @@ public class SecurityConfig {
     private final JwtExceptionFilter jwtExceptionFilter;
 
     @Bean
-    public WebMvcConfigurer corsConfigurer() {
-        return new WebMvcConfigurer() {
-            @Override
-            public void addCorsMappings(CorsRegistry registry) {
-                registry.addMapping("/**")
-                        .allowedOrigins("http://localhost:8080", "http://localhost:5173", "http://localhost:5174", "http://localhost:3000", "http://localhost:3001", "https://lecue-client.vercel.app")
-                        .allowedOriginPatterns("http://localhost:8080", "http://localhost:5173", "http://localhost:5174", "http://localhost:3000", "http://localhost:3001", "https://lecue-client.vercel.app")
-                        .allowedHeaders("*")
-                        .allowedMethods(
-                                HttpMethod.GET.name(),
-                                HttpMethod.POST.name(),
-                                HttpMethod.PUT.name(),
-                                HttpMethod.PATCH.name()
-                        );
-            }
-        };
+    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
+        return http
+                .formLogin(AbstractHttpConfigurer::disable) // Form Login 사용 X
+                .httpBasic(AbstractHttpConfigurer::disable) // HTTP Basic 사용 X
+                .csrf(AbstractHttpConfigurer::disable) // 쿠키 기반이 아닌 JWT 기반이므로 사용 X
+                .sessionManagement(sessionManagementConfigurer ->
+                        sessionManagementConfigurer.sessionCreationPolicy(SessionCreationPolicy.STATELESS)) // Spring Security 세션 정책 : 세션 생성 및 사용하지 않음
+                .authorizeHttpRequests(authorizationManagerRequestMatcherRegistry ->
+                        authorizationManagerRequestMatcherRegistry
+                                .requestMatchers(AUTH_WHITELIST).permitAll()
+                                .anyRequest().authenticated())
+                .addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class)
+                .addFilterBefore(jwtExceptionFilter, JwtAuthenticationFilter.class)
+                .build();
     }
 
     @Bean
@@ -57,24 +53,14 @@ public CorsFilter corsFilter() {
         config.addAllowedHeader("*");
         config.addAllowedMethod("*");
 
-        source.registerCorsConfiguration("/v3/api-docs", config);
+        source.registerCorsConfiguration("/**", config);
         return new CorsFilter(source);
     }
 
     @Bean
-    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
-        return http
-                .formLogin(AbstractHttpConfigurer::disable) // Form Login 사용 X
-                .httpBasic(AbstractHttpConfigurer::disable) // HTTP Basic 사용 X
-                .csrf(AbstractHttpConfigurer::disable) // 쿠키 기반이 아닌 JWT 기반이므로 사용 X
-                .sessionManagement(sessionManagementConfigurer ->
-                        sessionManagementConfigurer.sessionCreationPolicy(SessionCreationPolicy.STATELESS)) // Spring Security 세션 정책 : 세션 생성 및 사용하지 않음
-                .authorizeHttpRequests(authorizationManagerRequestMatcherRegistry ->
-                        authorizationManagerRequestMatcherRegistry
-                                .requestMatchers(AUTH_WHITELIST).permitAll()
-                                .anyRequest().authenticated())
-                .addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class)
-                .addFilterBefore(jwtExceptionFilter, JwtAuthenticationFilter.class)
-                .build();
+    public WebSecurityCustomizer webSecurityCustomizer() {
+        return web -> web.ignoring().requestMatchers(
+                "/swagger-ui/**", "/swagger-resources/**", "/api-docs/**",
+                "/v3/api-docs/**", "/webjars/**");
     }
-}
+}
diff --git a/src/main/resources/logback-dev.xml b/src/main/resources/logback-dev.xml
@@ -27,6 +27,10 @@
         <logger name="org.springframework.context.support.PostProcessorRegistrationDelegate" level="WARN"/>
         <logger name="org.springframework.data.repository.config.RepositoryConfigurationExtensionSupport"
                 level="WARN"/>
+        <logger name="org.springframework.security.config.annotation.web.builders.WebSecurity"
+                level="ERROR"/>
+        <logger name="org.springframework.security.web.DefaultSecurityFilterChain"
+                level="ERROR"/>
     </springProfile>
 
 </configuration>
diff --git a/src/main/resources/logback-local.xml b/src/main/resources/logback-local.xml
@@ -10,5 +10,9 @@
         <logger name="org.springframework.context.support.PostProcessorRegistrationDelegate" level="WARN"/>
         <logger name="org.springframework.data.repository.config.RepositoryConfigurationExtensionSupport"
                 level="WARN"/>
+        <logger name="org.springframework.security.config.annotation.web.builders.WebSecurity"
+                level="ERROR"/>
+        <logger name="org.springframework.security.web.DefaultSecurityFilterChain"
+                level="ERROR"/>
     </springProfile>
 </configuration>