diff --git a/src/main/java/com/example/healthylife/config/CorsConfig.java b/src/main/java/com/example/healthylife/config/CorsConfig.java index 9d92940..0a94b3a 100644 --- a/src/main/java/com/example/healthylife/config/CorsConfig.java +++ b/src/main/java/com/example/healthylife/config/CorsConfig.java @@ -1,24 +1,24 @@ -package com.example.healthylife.config; -import org.springframework.context.annotation.Bean; -import org.springframework.context.annotation.Configuration; -import org.springframework.web.cors.CorsConfiguration; -import org.springframework.web.cors.UrlBasedCorsConfigurationSource; -import org.springframework.web.filter.CorsFilter; - -@Configuration -public class CorsConfig { - - @Bean - public CorsFilter corsFilter() { - UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); - CorsConfiguration config = new CorsConfiguration(); - config.addAllowedOriginPattern("http://localhost:8081/swagger-ui/index.html"); - config.addAllowedOriginPattern("https://trendy-healthy-backend.store/swagger-ui/"); - config.addAllowedOriginPattern("https://trendy-healthy.store/"); - config.addAllowedMethod("*"); // 모든 HTTP 메서드 허용 - config.addAllowedHeader("*"); // 모든 헤더 허용 - config.setAllowCredentials(true); // 자격 증명 허용 - source.registerCorsConfiguration("/**", config); - return new CorsFilter(source); - } -} +//package com.example.healthylife.config; +//import org.springframework.context.annotation.Bean; +//import org.springframework.context.annotation.Configuration; +//import org.springframework.web.cors.CorsConfiguration; +//import org.springframework.web.cors.UrlBasedCorsConfigurationSource; +//import org.springframework.web.filter.CorsFilter; +// +//@Configuration +//public class CorsConfig { +// +// @Bean +// public CorsFilter corsFilter() { +// UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); +// CorsConfiguration config = new CorsConfiguration(); +// config.addAllowedOriginPattern("http://localhost:8081/swagger-ui/index.html"); +// config.addAllowedOriginPattern("https://trendy-healthy-backend.store/swagger-ui/"); +// config.addAllowedOriginPattern("https://trendy-healthy.store/"); +// config.addAllowedMethod("*"); // 모든 HTTP 메서드 허용 +// config.addAllowedHeader("*"); // 모든 헤더 허용 +// config.setAllowCredentials(true); // 자격 증명 허용 +// source.registerCorsConfiguration("/**", config); +// return new CorsFilter(source); +// } +//} diff --git a/src/main/java/com/example/healthylife/config/security/SecurityConfig.java b/src/main/java/com/example/healthylife/config/security/SecurityConfig.java index 524d0c2..bb90415 100644 --- a/src/main/java/com/example/healthylife/config/security/SecurityConfig.java +++ b/src/main/java/com/example/healthylife/config/security/SecurityConfig.java @@ -15,6 +15,8 @@ import org.springframework.web.cors.CorsConfigurationSource; import org.springframework.web.cors.UrlBasedCorsConfigurationSource; +import java.util.Arrays; + @EnableWebSecurity @RequiredArgsConstructor public class SecurityConfig extends WebSecurityConfigurerAdapter { @@ -26,7 +28,7 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws Exception { http.csrf().disable() - .cors() + .cors().configurationSource(corsConfigurationSource()) // CORS 설정 추가 .and() .authorizeRequests() .antMatchers("/community/register", "/community/update", "/community/delete/**","/community/recommend/**","/community/myCommunityContents").authenticated() @@ -36,6 +38,19 @@ protected void configure(HttpSecurity http) throws Exception { .addFilterBefore(new JwtAuthenticationFilter(jwtUtil), UsernamePasswordAuthenticationFilter.class); } + @Bean + public CorsConfigurationSource corsConfigurationSource() { + CorsConfiguration configuration = new CorsConfiguration(); + configuration.setAllowedOriginPatterns(Arrays.asList("http://localhost:8081", "https://trendy-healthy-backend.store", "https://trendy-healthy.store")); // 원본 설정 + configuration.setAllowedMethods(Arrays.asList("*")); // 모든 메서드 허용 + configuration.setAllowedHeaders(Arrays.asList("*")); // 모든 헤더 허용 + configuration.setAllowCredentials(true); // 자격 증명 허용 + + UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); + source.registerCorsConfiguration("/**", configuration); + return source; + } + //AuthenticationManager를 빈으로 등록하게 해서 시큐리티가 인증 매니저를 할수 있게 한다. @Bean @Override @@ -44,7 +59,6 @@ public AuthenticationManager authenticationManagerBean() throws Exception { return super.authenticationManagerBean(); } - @Bean public DaoAuthenticationProvider authenticationProvider() { // DaoAuthenticationProvider를 설정하여 사용자 세부 정보와 비밀번호 암호화 설정을 Spring Security에 통합