Merge pull request #82 from prgrms-web-devcourse-final-project/chore/EA3-gcp-deploy

[EA3] refactor : swagger cors 해결을 위한 코드 수정

Author: pia01190

build.gradle

@@ -28,8 +28,6 @@ dependencies {
 	// 데이터 베이스 의존성
 	implementation 'org.springframework.boot:spring-boot-starter-data-jpa'
 	runtimeOnly 'com.mysql:mysql-connector-j:8.4.0'
-	//implementation 'com.h2database:h2:2.3.232'
-	//implementation 'org.springframework.boot:spring-boot-devtools'
 
 	// Sql 쿼리 파라미터 보는 라이브러리
     implementation 'com.github.gavlyukovskiy:p6spy-spring-boot-starter:1.9.0'
@@ -77,27 +75,31 @@ dependencies {
 	// OAuth2 의존성
 	implementation 'org.springframework.boot:spring-boot-starter-oauth2-client'
 
-	// GCP 관련 의존성
+	// swagger
+	implementation 'org.springdoc:springdoc-openapi-starter-webmvc-ui:2.7.0'
+
+	// 배포 관련 의존성
+	// implementation 'com.h2database:h2:2.3.232'
+	// implementation 'org.springframework.boot:spring-boot-devtools'
+
 	// implementation 'com.google.cloud:spring-cloud-gcp-starter-secretmanager:4.9.1'
 	// implementation 'com.google.cloud:google-cloud-storage:2.38.0'
+}
 
-	// swagger
-	implementation 'org.springdoc:springdoc-openapi-starter-webmvc-ui:2.7.0'
+tasks.named('test') {
+	useJUnitPlatform()
 }
 
 dependencyManagement {
 	imports {
 		// Spring Cloud 전반 (Feign, Gateway 등) 의존성 버전 관리
-		// mavenBom "org.springframework.cloud:spring-cloud-dependencies:${springCloudVersion}"
+		mavenBom "org.springframework.cloud:spring-cloud-dependencies:${springCloudVersion}"
+
 		// GCP 관련 스타터(BOM) 관리 - Secret Manager, GCS 등
 		// mavenBom "com.google.cloud:spring-cloud-gcp-dependencies:${springCloudGcpVersion}"
 	}
 }
 
-tasks.named('test') {
-	useJUnitPlatform()
-}
-
 // 환경별 application.properties 포함/제외 설정
 def activeProfile = project.hasProperty("profile") ? project.getProperty("profile") : "local"
 

src/main/java/grep/neogul_coder/global/config/SwaggerConfig.java

@@ -4,6 +4,8 @@
 import io.swagger.v3.oas.models.OpenAPI;
 import io.swagger.v3.oas.models.security.SecurityRequirement;
 import io.swagger.v3.oas.models.security.SecurityScheme;
+import io.swagger.v3.oas.models.servers.Server;
+import java.util.List;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 
@@ -13,6 +15,7 @@ public class SwaggerConfig {
     @Bean
     public OpenAPI openAPI() {
         return new OpenAPI()
+            .servers(List.of(new Server().url("/")))
                 .components(new Components()
                         .addSecuritySchemes("BearerAuth",
                                 new SecurityScheme()

src/main/java/grep/neogul_coder/global/config/WebConfig.java

@@ -25,7 +25,7 @@ public void addResourceHandlers(ResourceHandlerRegistry registry) {
     @Override
     public void addCorsMappings(CorsRegistry registry) {
         registry.addMapping("/**")
-            .allowedOrigins(frontServer)
+            .allowedOriginPatterns(frontServer, "http://localhost:3000", "https://wibby.cedartodo.uk")
             .allowedMethods("GET", "POST", "PUT", "DELETE", "OPTIONS")
             .allowedHeaders("*")
             .allowCredentials(true)

src/main/java/grep/neogul_coder/global/config/security/SecurityConfig.java

@@ -12,6 +12,7 @@
 import lombok.RequiredArgsConstructor;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.Customizer;
 import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
@@ -25,9 +26,6 @@
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
-import org.springframework.web.cors.CorsConfiguration;
-import org.springframework.web.cors.CorsConfigurationSource;
-import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
 
 @Configuration
 @EnableWebSecurity
@@ -70,7 +68,7 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Excepti
             .csrf(AbstractHttpConfigurer::disable)
             .formLogin(AbstractHttpConfigurer::disable)
             .httpBasic(AbstractHttpConfigurer::disable)
-            .cors(cors -> cors.configurationSource(corsConfigurationSource()))
+            .cors(Customizer.withDefaults())
             .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
             .logout(AbstractHttpConfigurer::disable)
             .authorizeHttpRequests(
@@ -99,24 +97,11 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Excepti
         return http.build();
     }
 
-    @Bean
-    public CorsConfigurationSource corsConfigurationSource() {
-        CorsConfiguration configuration = new CorsConfiguration();
-        configuration.addAllowedOriginPattern("*");
-        configuration.addAllowedMethod("*");
-        configuration.addAllowedHeader("*");
-        configuration.setAllowCredentials(true);
-
-        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
-        source.registerCorsConfiguration("/**", configuration);
-        return source;
-    }
-//
 //    @Bean
 //    public AuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository() {
 //        return new HttpCookieOAuth2AuthorizationRequestRepository();
 //    }
-//
+
     @Bean
     public PasswordEncoder passwordEncoder(){
         return PasswordEncoderFactories.createDelegatingPasswordEncoder();