From 0de70f5ef5d0d4b549c7737059d57e3ffecf49ea Mon Sep 17 00:00:00 2001 From: jungdongha Date: Mon, 13 Oct 2025 12:03:06 +0900 Subject: [PATCH 1/4] =?UTF-8?q?SecurityConfig=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../common/security/SecurityConfig.kt | 16 ++++++++-------- .../ai/tour/service/TourParamsParserTest.kt | 4 ++-- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/src/main/kotlin/com/back/koreaTravelGuide/common/security/SecurityConfig.kt b/src/main/kotlin/com/back/koreaTravelGuide/common/security/SecurityConfig.kt index e306783..85d7a2d 100644 --- a/src/main/kotlin/com/back/koreaTravelGuide/common/security/SecurityConfig.kt +++ b/src/main/kotlin/com/back/koreaTravelGuide/common/security/SecurityConfig.kt @@ -1,11 +1,9 @@ -package com.back.koreaTravelGuide.common.config +package com.back.koreaTravelGuide.common.security -import com.back.koreaTravelGuide.common.security.CustomOAuth2LoginSuccessHandler -import com.back.koreaTravelGuide.common.security.CustomOAuth2UserService -import com.back.koreaTravelGuide.common.security.JwtAuthenticationFilter import org.springframework.context.annotation.Bean import org.springframework.context.annotation.Configuration import org.springframework.core.env.Environment +import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity import org.springframework.security.config.annotation.web.builders.HttpSecurity import org.springframework.security.config.annotation.web.invoke import org.springframework.security.config.http.SessionCreationPolicy @@ -16,6 +14,7 @@ import org.springframework.web.cors.CorsConfigurationSource import org.springframework.web.cors.UrlBasedCorsConfigurationSource @Configuration +@EnableMethodSecurity class SecurityConfig( private val customOAuth2UserService: CustomOAuth2UserService, private val customOAuth2LoginSuccessHandler: CustomOAuth2LoginSuccessHandler, @@ -24,9 +23,9 @@ class SecurityConfig( ) { @Bean fun filterChain(http: HttpSecurity): SecurityFilterChain { - val isDev = - environment.getProperty("spring.profiles.active")?.contains("dev") == true || - environment.activeProfiles.contains("dev") + val activeProfiles = environment.activeProfiles + val defaultProfiles = environment.defaultProfiles + val isDev = activeProfiles.contains("dev") || (activeProfiles.isEmpty() && defaultProfiles.contains("dev")) http { csrf { disable() } @@ -69,6 +68,7 @@ class SecurityConfig( authorize("/webjars/swagger-ui/**", permitAll) authorize("/api/auth/**", permitAll) authorize("/actuator/health", permitAll) + authorize("/weather/test1", permitAll) authorize("/favicon.ico", permitAll) if (isDev) { authorize(anyRequest, permitAll) @@ -95,7 +95,7 @@ class SecurityConfig( listOf( "http://localhost:3000", "http://localhost:63342", - // 배포주소 + "http://www.team11.giwon11292.com", ) allowedMethods = listOf("GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS") allowedHeaders = listOf("*") diff --git a/src/test/kotlin/com/back/koreaTravelGuide/domain/ai/tour/service/TourParamsParserTest.kt b/src/test/kotlin/com/back/koreaTravelGuide/domain/ai/tour/service/TourParamsParserTest.kt index d000173..20a4835 100644 --- a/src/test/kotlin/com/back/koreaTravelGuide/domain/ai/tour/service/TourParamsParserTest.kt +++ b/src/test/kotlin/com/back/koreaTravelGuide/domain/ai/tour/service/TourParamsParserTest.kt @@ -1,9 +1,9 @@ package com.back.koreaTravelGuide.domain.ai.tour.service -import kotlin.test.assertEquals -import kotlin.test.assertNull import org.junit.jupiter.api.DisplayName import org.junit.jupiter.api.Test +import kotlin.test.assertEquals +import kotlin.test.assertNull class TourParamsParserTest { private val parser = TourParamsParser() From a9b0882c3d028dd59116a9e738557952353e5bd3 Mon Sep 17 00:00:00 2001 From: jungdongha Date: Mon, 13 Oct 2025 12:20:28 +0900 Subject: [PATCH 2/4] work --- .../koreaTravelGuide/common/security/SecurityConfig.kt | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/src/main/kotlin/com/back/koreaTravelGuide/common/security/SecurityConfig.kt b/src/main/kotlin/com/back/koreaTravelGuide/common/security/SecurityConfig.kt index 85d7a2d..171d208 100644 --- a/src/main/kotlin/com/back/koreaTravelGuide/common/security/SecurityConfig.kt +++ b/src/main/kotlin/com/back/koreaTravelGuide/common/security/SecurityConfig.kt @@ -1,5 +1,6 @@ package com.back.koreaTravelGuide.common.security +import com.back.koreaTravelGuide.common.config.AppConfig import org.springframework.context.annotation.Bean import org.springframework.context.annotation.Configuration import org.springframework.core.env.Environment @@ -20,6 +21,7 @@ class SecurityConfig( private val customOAuth2LoginSuccessHandler: CustomOAuth2LoginSuccessHandler, private val jwtAuthenticationFilter: JwtAuthenticationFilter, private val environment: Environment, + private val appConfig: AppConfig, ) { @Bean fun filterChain(http: HttpSecurity): SecurityFilterChain { @@ -35,11 +37,7 @@ class SecurityConfig( logout { disable() } headers { - if (isDev) { - frameOptions { disable() } - } else { - frameOptions { sameOrigin } - } + frameOptions { disable() } } sessionManagement { @@ -95,7 +93,7 @@ class SecurityConfig( listOf( "http://localhost:3000", "http://localhost:63342", - "http://www.team11.giwon11292.com", + AppConfig.siteFrontUrl, ) allowedMethods = listOf("GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS") allowedHeaders = listOf("*") From 8a9f32b7c6de0fdb8f837ff2b5918db56d88d17d Mon Sep 17 00:00:00 2001 From: jungdongha Date: Mon, 13 Oct 2025 12:24:20 +0900 Subject: [PATCH 3/4] work2 --- .../koreaTravelGuide/common/security/SecurityConfig.kt | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/src/main/kotlin/com/back/koreaTravelGuide/common/security/SecurityConfig.kt b/src/main/kotlin/com/back/koreaTravelGuide/common/security/SecurityConfig.kt index 171d208..1b1d75a 100644 --- a/src/main/kotlin/com/back/koreaTravelGuide/common/security/SecurityConfig.kt +++ b/src/main/kotlin/com/back/koreaTravelGuide/common/security/SecurityConfig.kt @@ -37,7 +37,11 @@ class SecurityConfig( logout { disable() } headers { - frameOptions { disable() } + if (isDev) { + frameOptions { disable() } + } else { + frameOptions { sameOrigin } + } } sessionManagement { @@ -66,7 +70,6 @@ class SecurityConfig( authorize("/webjars/swagger-ui/**", permitAll) authorize("/api/auth/**", permitAll) authorize("/actuator/health", permitAll) - authorize("/weather/test1", permitAll) authorize("/favicon.ico", permitAll) if (isDev) { authorize(anyRequest, permitAll) From abab4890e4d552178b8b22cd10ccd249311a94af Mon Sep 17 00:00:00 2001 From: jungdongha Date: Mon, 13 Oct 2025 12:25:19 +0900 Subject: [PATCH 4/4] work --- .../com/back/koreaTravelGuide/common/security/SecurityConfig.kt | 1 - 1 file changed, 1 deletion(-) diff --git a/src/main/kotlin/com/back/koreaTravelGuide/common/security/SecurityConfig.kt b/src/main/kotlin/com/back/koreaTravelGuide/common/security/SecurityConfig.kt index 1b1d75a..1002483 100644 --- a/src/main/kotlin/com/back/koreaTravelGuide/common/security/SecurityConfig.kt +++ b/src/main/kotlin/com/back/koreaTravelGuide/common/security/SecurityConfig.kt @@ -77,7 +77,6 @@ class SecurityConfig( authorize(anyRequest, authenticated) } } - if (!isDev) { addFilterBefore(jwtAuthenticationFilter) }