diff --git a/src/main/java/inha/gdgoc/global/security/SecurityConfig.java b/src/main/java/inha/gdgoc/global/security/SecurityConfig.java index e38bac4..6b31964 100644 --- a/src/main/java/inha/gdgoc/global/security/SecurityConfig.java +++ b/src/main/java/inha/gdgoc/global/security/SecurityConfig.java @@ -7,6 +7,7 @@ import lombok.RequiredArgsConstructor; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; +import org.springframework.http.HttpMethod; import org.springframework.http.HttpStatus; import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity; @@ -32,54 +33,54 @@ public class SecurityConfig { @Bean public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { http - .csrf(AbstractHttpConfigurer::disable) - .cors(cors -> cors.configurationSource(corsConfigurationSource())) - .formLogin(AbstractHttpConfigurer::disable) - .httpBasic(AbstractHttpConfigurer::disable) - .authorizeHttpRequests(auth -> auth - .requestMatchers( - "/swagger-ui/**", - "/v3/api-docs/**", - "/swagger-ui.html", - "/api/v1/auth/**", - "/api/v1/game/**", - "/api/v1/apply/**", - "/api/v1/check/**", - "/api/v1/password-reset/**") - .permitAll() - .anyRequest() - .authenticated() - ) - .sessionManagement( - sess -> sess.sessionCreationPolicy(SessionCreationPolicy.STATELESS)) - .addFilterBefore(tokenAuthenticationFilter, - UsernamePasswordAuthenticationFilter.class) - .exceptionHandling(ex -> ex - .authenticationEntryPoint((request, response, authException) -> { - response.setStatus(HttpStatus.UNAUTHORIZED.value()); - response.setContentType("application/json; charset=UTF-8"); + .csrf(AbstractHttpConfigurer::disable) + .cors(cors -> cors.configurationSource(corsConfigurationSource())) + .formLogin(AbstractHttpConfigurer::disable) + .httpBasic(AbstractHttpConfigurer::disable) + .authorizeHttpRequests(auth -> auth + .requestMatchers(HttpMethod.OPTIONS, "/**").permitAll() + .requestMatchers( + "/swagger-ui/**", + "/v3/api-docs/**", + "/swagger-ui.html", + "/api/v1/auth/**", + "/api/v1/game/**", + "/api/v1/apply/**", + "/api/v1/check/**") + .permitAll() + .anyRequest() + .authenticated() + ) + .sessionManagement( + sess -> sess.sessionCreationPolicy(SessionCreationPolicy.STATELESS)) + .addFilterBefore(tokenAuthenticationFilter, + UsernamePasswordAuthenticationFilter.class) + .exceptionHandling(ex -> ex + .authenticationEntryPoint((request, response, authException) -> { + response.setStatus(HttpStatus.UNAUTHORIZED.value()); + response.setContentType("application/json; charset=UTF-8"); - ErrorResponse errorResponse = new ErrorResponse( - GlobalErrorCode.UNAUTHORIZED_USER - ); + ErrorResponse errorResponse = new ErrorResponse( + GlobalErrorCode.UNAUTHORIZED_USER + ); - ObjectMapper objectMapper = new ObjectMapper(); - response.getWriter().write(objectMapper.writeValueAsString(errorResponse)); - response.getWriter().flush(); - }) - .accessDeniedHandler((request, response, accessDeniedException) -> { - response.setStatus(HttpStatus.FORBIDDEN.value()); - response.setContentType("application/json; charset=UTF-8"); + ObjectMapper objectMapper = new ObjectMapper(); + response.getWriter().write(objectMapper.writeValueAsString(errorResponse)); + response.getWriter().flush(); + }) + .accessDeniedHandler((request, response, accessDeniedException) -> { + response.setStatus(HttpStatus.FORBIDDEN.value()); + response.setContentType("application/json; charset=UTF-8"); - ErrorResponse errorResponse = new ErrorResponse( - GlobalErrorCode.FORBIDDEN_USER - ); + ErrorResponse errorResponse = new ErrorResponse( + GlobalErrorCode.FORBIDDEN_USER + ); - ObjectMapper objectMapper = new ObjectMapper(); - response.getWriter().write(objectMapper.writeValueAsString(errorResponse)); - response.getWriter().flush(); - }) - ); + ObjectMapper objectMapper = new ObjectMapper(); + response.getWriter().write(objectMapper.writeValueAsString(errorResponse)); + response.getWriter().flush(); + }) + ); return http.build(); } @@ -88,14 +89,14 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { public CorsConfigurationSource corsConfigurationSource() { CorsConfiguration config = new CorsConfiguration(); config.setAllowedOrigins(List.of( - "http://localhost:3000", - "https://gdgocinha.com", - "https://www.gdgocinha.com", - "https://typing-game-alpha-umber.vercel.app" + "http://localhost:3000", + "https://gdgocinha.com", + "https://www.gdgocinha.com", + "https://typing-game-alpha-umber.vercel.app" )); - config.setAllowedMethods(List.of("GET", "POST", "PUT", "DELETE", "OPTIONS")); + config.setAllowedMethods(List.of("GET", "POST", "PUT", "DELETE", "OPTIONS", "PATCH")); config.setAllowedHeaders( - List.of("Origin", "X-Requested-With", "Content-Type", "Accept", "Authorization")); + List.of("Origin", "X-Requested-With", "Content-Type", "Accept", "Authorization")); config.setAllowCredentials(true); UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); diff --git a/src/main/java/inha/gdgoc/global/security/TokenAuthenticationFilter.java b/src/main/java/inha/gdgoc/global/security/TokenAuthenticationFilter.java index e7d87d9..4e47ff1 100644 --- a/src/main/java/inha/gdgoc/global/security/TokenAuthenticationFilter.java +++ b/src/main/java/inha/gdgoc/global/security/TokenAuthenticationFilter.java @@ -6,7 +6,6 @@ import jakarta.servlet.http.HttpServletRequest; import jakarta.servlet.http.HttpServletResponse; import java.io.IOException; -import java.util.List; import lombok.RequiredArgsConstructor; import lombok.extern.slf4j.Slf4j; import org.jetbrains.annotations.NotNull; @@ -41,20 +40,12 @@ protected boolean shouldNotFilter(HttpServletRequest request) { @Override protected void doFilterInternal( - @NotNull HttpServletRequest request, - @NotNull HttpServletResponse response, - @NotNull FilterChain filterChain) throws ServletException, IOException { - String uri = request.getRequestURI(); - List skipPaths = List.of("/auth/refresh", "/auth/login", "/auth/oauth2/google/callback", - "/auth/signup", "/auth/findId", "/auth/password-reset/request", "/auth/password-reset/verify", - "/auth/password-reset/confirm"); - if (skipPaths.contains(uri)) { - filterChain.doFilter(request, response); - return; - } - + @NotNull HttpServletRequest request, + @NotNull HttpServletResponse response, + @NotNull FilterChain filterChain + ) throws ServletException, IOException { String token = getAccessToken(request); - log.info("요청 URI: {}, 추출된 access token: {}", request.getRequestURI(), token); + log.info("요청 URI: {}, access token 존재 여부: {}", request.getRequestURI(), token != null); if (token != null) { try {