Merge pull request #76 from PlanIt-Project/BE

Be
PlanIt-Project · Mar 18, 2024 · 10b9034 · 10b9034
2 parents a5ff68c + bf689f9
commit 10b9034
Show file tree

Hide file tree

Showing 2 changed files with 31 additions and 3 deletions.
diff --git a/src/main/java/com/sideProject/PlanIT/config/SecurityConfig.java b/src/main/java/com/sideProject/PlanIT/config/SecurityConfig.java
@@ -2,6 +2,7 @@
 
 import com.sideProject.PlanIT.common.security.JwtAuthenticationEntryPoint;
 import com.sideProject.PlanIT.common.security.JwtTokenFilter;
+import jakarta.servlet.http.HttpServletRequest;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
@@ -13,6 +14,15 @@
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+import org.springframework.web.cors.CorsConfiguration;
+import org.springframework.web.cors.CorsConfigurationSource;
+import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
+
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.List;
+
+import static org.springframework.security.config.Customizer.withDefaults;
 
 @EnableWebSecurity
 @Configuration
@@ -33,20 +43,34 @@ public BCryptPasswordEncoder passwordEncoder() {
     @Bean
     public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
         return http
+                .httpBasic(AbstractHttpConfigurer::disable)
+                .cors(corsCustomizer -> corsCustomizer.configurationSource(new CorsConfigurationSource() {
+                    @Override
+                    public CorsConfiguration getCorsConfiguration(HttpServletRequest request) {
+                        CorsConfiguration config = new CorsConfiguration();
+                        config.setAllowedOrigins(Collections.singletonList("http://localhost:3000"));
+                        config.setAllowedMethods(List.of("GET", "POST", "DELETE", "PUT"));
+                        config.setAllowCredentials(true);
+                        config.setAllowedHeaders(Collections.singletonList("*"));
+                        config.setMaxAge(3600L); //1시간
+                        return config;
+                    }
+                }))
                 .csrf(AbstractHttpConfigurer::disable)
                 .sessionManagement((sessionManagement) ->
                         sessionManagement.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
                 .exceptionHandling((exceptionHandling) ->
                         exceptionHandling.authenticationEntryPoint(jwtAuthenticationEntryPoint))
                 .authorizeHttpRequests((authorizeRequests) -> authorizeRequests
                         .requestMatchers("/member/signin", "/member/signup", "/refresh").permitAll()
-//                        .requestMatchers("/admin/**").hasAnyAuthority("ADMIN")
-//                        .anyRequest().authenticated()
-                                .anyRequest().permitAll()
+                        .requestMatchers("/admin/**").hasAnyAuthority("ADMIN")
+                        .anyRequest().authenticated()
+//                                .anyRequest().permitAll()
                 )
                 .addFilterBefore(jwtTokenFilter, UsernamePasswordAuthenticationFilter.class)
                 .build();
     }
 
 
+
 }
diff --git a/src/main/resources/application.yml b/src/main/resources/application.yml
@@ -26,6 +26,10 @@ spring:
       host: ${REDIS_HOST}
       port: ${REDIS_PORT}
 
+  mvc:
+    cors:
+      allowed-origins: "*"
+
 # 환경변수 설정
 # - DB USER_NAME, PASSWORD
 # - 파일 저장 디렉토리 경로