From 16e467da9e7b8490d4a8ef883e5db0badc182067 Mon Sep 17 00:00:00 2001
From: leedy3838 <leedy3838@naver.com>
Date: Fri, 13 Sep 2024 20:30:15 +0900
Subject: [PATCH] =?UTF-8?q?feat:=20=EB=AA=A8=EB=8B=88=ED=84=B0=EB=A7=81=20?=
 =?UTF-8?q?=EA=B4=80=EB=A0=A8=20=EA=B2=BD=EB=A1=9C=20white=20list=EC=97=90?=
 =?UTF-8?q?=20=EC=B6=94=EA=B0=80=20#19?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../be/global/config/SecurityConfig.java      | 31 +++++++++----------
 1 file changed, 15 insertions(+), 16 deletions(-)

diff --git a/src/main/java/com/shwimping/be/global/config/SecurityConfig.java b/src/main/java/com/shwimping/be/global/config/SecurityConfig.java
index 148fde7..0bdb0cc 100644
--- a/src/main/java/com/shwimping/be/global/config/SecurityConfig.java
+++ b/src/main/java/com/shwimping/be/global/config/SecurityConfig.java
@@ -10,7 +10,6 @@
 import org.springframework.security.config.Customizer;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
 import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
 import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
@@ -28,18 +27,18 @@ public class SecurityConfig {
     private final JwtAuthenticationFilter jwtAuthenticationFilter;
     private final MapAuthenticationFilter mapAuthenticationFilter;
 
-    @Bean
-    public WebSecurityCustomizer webSecurityCustomizer() { // security를 적용하지 않을 리소스
-        return web -> web.ignoring()
-                .requestMatchers(
-                        "/error",
-                        "/swagger-ui/**",
-                        "/v3/api-docs/**",
-                        "/swagger-resources/*",
-                        "/webjars/**",
-                        "/auth/**",
-                        "/global/health-check");
-    }
+    private final String[] WHITE_LIST = {
+            "/error",
+            "/swagger-ui/**",
+            "/v3/api-docs/**",
+            "/swagger-resources/*",
+            "/webjars/**",
+            "/auth/**",
+            "/global/health-check",
+            "/places/**",
+            "/reviews/*",
+            "/actuator/**"
+    };
 
     @Bean
     public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
@@ -48,10 +47,10 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
                 .httpBasic(AbstractHttpConfigurer::disable) // HTTP 기본 인증을 비활성화
                 .cors(Customizer.withDefaults()) // CORS 활성화 - corsConfigurationSource 이름의 빈 사용
                 .csrf(AbstractHttpConfigurer::disable) // CSRF 보호 기능 비활성화
-                .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))   // JWT 사용해서 세션 사용 X
+                .sessionManagement(
+                        session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))   // JWT 사용해서 세션 사용 X
                 .authorizeHttpRequests(auth -> auth // 요청에 대한 인증 설정
-                        .requestMatchers("/places/**").permitAll()
-                        .requestMatchers("/reviews/*").permitAll()
+                        .requestMatchers(WHITE_LIST).permitAll()
                         .anyRequest().authenticated())  //이외의 요청은 전부 인증 필요
                 .exceptionHandling(exceptionHandling -> {
                     exceptionHandling