prgrms-web-devcourse-final-project · jungdongha · Oct 13, 2025 · Oct 13, 2025 · Oct 13, 2025 · Oct 13, 2025
diff --git a/src/main/kotlin/com/back/koreaTravelGuide/common/security/SecurityConfig.kt b/src/main/kotlin/com/back/koreaTravelGuide/common/security/SecurityConfig.kt
@@ -1,11 +1,10 @@
-package com.back.koreaTravelGuide.common.config
+package com.back.koreaTravelGuide.common.security
 
-import com.back.koreaTravelGuide.common.security.CustomOAuth2LoginSuccessHandler
-import com.back.koreaTravelGuide.common.security.CustomOAuth2UserService
-import com.back.koreaTravelGuide.common.security.JwtAuthenticationFilter
+import com.back.koreaTravelGuide.common.config.AppConfig
 import org.springframework.context.annotation.Bean
 import org.springframework.context.annotation.Configuration
 import org.springframework.core.env.Environment
+import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity
 import org.springframework.security.config.annotation.web.builders.HttpSecurity
 import org.springframework.security.config.annotation.web.invoke
 import org.springframework.security.config.http.SessionCreationPolicy
@@ -16,17 +15,19 @@ import org.springframework.web.cors.CorsConfigurationSource
 import org.springframework.web.cors.UrlBasedCorsConfigurationSource
 
 @Configuration
+@EnableMethodSecurity
 class SecurityConfig(
     private val customOAuth2UserService: CustomOAuth2UserService,
     private val customOAuth2LoginSuccessHandler: CustomOAuth2LoginSuccessHandler,
     private val jwtAuthenticationFilter: JwtAuthenticationFilter,
     private val environment: Environment,
+    private val appConfig: AppConfig,
 ) {
     @Bean
     fun filterChain(http: HttpSecurity): SecurityFilterChain {
-        val isDev =
-            environment.getProperty("spring.profiles.active")?.contains("dev") == true ||
-                environment.activeProfiles.contains("dev")
+        val activeProfiles = environment.activeProfiles
+        val defaultProfiles = environment.defaultProfiles
+        val isDev = activeProfiles.contains("dev") || (activeProfiles.isEmpty() && defaultProfiles.contains("dev"))
 
         http {
             csrf { disable() }
@@ -76,7 +77,6 @@ class SecurityConfig(
                     authorize(anyRequest, authenticated)
                 }
             }
-
             if (!isDev) {
                 addFilterBefore<UsernamePasswordAuthenticationFilter>(jwtAuthenticationFilter)
             }
@@ -95,7 +95,7 @@ class SecurityConfig(
                         listOf(
                             "http://localhost:3000",
                             "http://localhost:63342",
-                            // 배포주소
+                            AppConfig.siteFrontUrl,
                         )
                     allowedMethods = listOf("GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS")
                     allowedHeaders = listOf("*")

diff --git a/src/test/kotlin/com/back/koreaTravelGuide/domain/ai/tour/service/TourParamsParserTest.kt b/src/test/kotlin/com/back/koreaTravelGuide/domain/ai/tour/service/TourParamsParserTest.kt
@@ -1,9 +1,9 @@
 package com.back.koreaTravelGuide.domain.ai.tour.service
 
-import kotlin.test.assertEquals
-import kotlin.test.assertNull
 import org.junit.jupiter.api.DisplayName
 import org.junit.jupiter.api.Test
+import kotlin.test.assertEquals
+import kotlin.test.assertNull
 
 class TourParamsParserTest {
     private val parser = TourParamsParser()