diff --git a/be/src/main/java/kr/codesquad/core/config/SecurityConfig.java b/be/src/main/java/kr/codesquad/core/config/SecurityConfig.java index ff95bea7d..1e771c095 100644 --- a/be/src/main/java/kr/codesquad/core/config/SecurityConfig.java +++ b/be/src/main/java/kr/codesquad/core/config/SecurityConfig.java @@ -2,6 +2,7 @@ import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; +import org.springframework.http.HttpHeaders; import org.springframework.http.HttpMethod; import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; @@ -22,6 +23,7 @@ import kr.codesquad.jwt.service.JwtAuthenticationSuccessHandler; import kr.codesquad.jwt.service.JwtProvider; import kr.codesquad.user.service.UserService; +import kr.codesquad.util.Constants; import lombok.RequiredArgsConstructor; @EnableWebSecurity // spring security 설정을 활성화시켜주는 어노테이션 @@ -87,7 +89,8 @@ public CorsConfigurationSource configurationSource() { configuration.addAllowedMethod("*"); // GET, POST, PUT, DELETE (Javascript 요청 허용) configuration.addAllowedOriginPattern("*"); // 모든 IP 주소 허용 (프론트 앤드 IP만 허용 react) configuration.setAllowCredentials(true); // 클라이언트에서 쿠키 요청 허용 - configuration.addExposedHeader("Authorization"); // 옛날에는 디폴트 였다. 지금은 아닙니다. + configuration.addExposedHeader(HttpHeaders.AUTHORIZATION);// 옛날에는 디폴트 였다. 지금은 아닙니다. + configuration.addExposedHeader(Constants.REFRESH_TOKEN); UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); source.registerCorsConfiguration("/**", configuration); return source; diff --git a/be/src/main/java/kr/codesquad/jwt/service/JwtAuthenticationSuccessHandler.java b/be/src/main/java/kr/codesquad/jwt/service/JwtAuthenticationSuccessHandler.java index a3e4c1c11..ce36165a8 100644 --- a/be/src/main/java/kr/codesquad/jwt/service/JwtAuthenticationSuccessHandler.java +++ b/be/src/main/java/kr/codesquad/jwt/service/JwtAuthenticationSuccessHandler.java @@ -46,7 +46,7 @@ public void onAuthenticationSuccess(HttpServletRequest request, HttpServletRespo userData.put("profileImageUrl", user.getProfileImageUrl()); response.setHeader(HttpHeaders.AUTHORIZATION, Constants.TOKEN_PREFIX + jwt.getAccessToken()); - response.setHeader("Refresh-Token", Constants.TOKEN_PREFIX + jwt.getRefreshToken()); + response.setHeader(Constants.REFRESH_TOKEN, Constants.TOKEN_PREFIX + jwt.getRefreshToken()); response.setContentType(MediaType.APPLICATION_JSON_VALUE); response.getWriter().write(new ObjectMapper().writeValueAsString(userData)); } diff --git a/be/src/main/java/kr/codesquad/util/Constants.java b/be/src/main/java/kr/codesquad/util/Constants.java index 09668f0ad..d0f6515b0 100644 --- a/be/src/main/java/kr/codesquad/util/Constants.java +++ b/be/src/main/java/kr/codesquad/util/Constants.java @@ -3,4 +3,6 @@ public final class Constants { public static final String LOGIN_ID = "loginId"; public static final String TOKEN_PREFIX = "Bearer "; + + public static final String REFRESH_TOKEN = "Refresh-Token"; }