refactor: security config permit 경로 api 접두사 제거 & 리프레시 토큰 트랜잭션 어노테이션 & 로그인시 메인페이지 리다이렉트

Author: seungwookc97

src/main/java/com/back/global/jwt/refreshToken/service/RefreshTokenService.java

@@ -25,6 +25,7 @@ public class RefreshTokenService {
     private long refreshTokenExpiration;
 
     // 기존 리프레시 토큰 삭제하고 생성
+    @Transactional
     public String generateRefreshToken(Long userId, String email) {
         // 기존 토큰 삭제
         refreshTokenRepository.deleteByUserId(userId);
@@ -53,6 +54,7 @@ public boolean validateToken(String token) {
     }
 
     //기존 토큰 지우고 발급(회전)
+    @Transactional
     public String rotateToken(String oldToken) {
         Optional<RefreshToken> oldRefreshToken = refreshTokenRepository.findByToken(oldToken);
 
@@ -67,6 +69,7 @@ public String rotateToken(String oldToken) {
     }
 
     //삭제
+    @Transactional
     public void revokeToken(String token) {
         refreshTokenRepository.deleteByToken(token);
     }

src/main/java/com/back/global/security/CustomOAuth2LoginSuccessHandler.java

@@ -24,13 +24,8 @@ public class CustomOAuth2LoginSuccessHandler implements AuthenticationSuccessHan
     @Override
     public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException {
         SecurityUser securityUser = (SecurityUser) authentication.getPrincipal();
-
         // Access Token과 Refresh Token 발급
         userAuthService.issueTokens(response, securityUser.getId(), securityUser.getEmail(), securityUser.getNickname());
-
-        // 프론트엔드로 리다이렉트
-        String redirectUrl = frontendUrl + "/oauth/success";
-
-        response.sendRedirect(redirectUrl);
+        response.sendRedirect(frontendUrl);
     }
 }

src/main/java/com/back/global/security/SecurityConfig.java

@@ -1,5 +1,6 @@
 package com.back.global.security;
 
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
@@ -18,6 +19,12 @@
 @EnableWebSecurity
 public class SecurityConfig {
 
+    @Value("${custom.site.frontUrl}")
+    private String frontUrl;
+
+    @Value("${custom.site.backUrl}")
+    private String backUrl;
+
     private final CustomOAuth2UserService customOAuth2UserService;
     private final CustomOAuth2LoginSuccessHandler oauth2SuccessHandler;
     private final CustomOAuth2LoginFailureHandler oauth2FailureHandler;
@@ -46,18 +53,16 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
                 .authorizeHttpRequests(auth -> auth
                         .requestMatchers("/").permitAll()
                         .requestMatchers("/h2-console/**").permitAll()
+                        .requestMatchers("/actuator/**").permitAll()
                         .requestMatchers("/oauth2/**").permitAll()
                         .requestMatchers("/login/oauth2/**").permitAll()
                         .requestMatchers("/swagger-ui/**", "/api-docs/**").permitAll()
-                        .requestMatchers("/api/user/**").permitAll()
-                        .requestMatchers("/api/cocktail/**").permitAll()
-                        .requestMatchers("/api/chatbot/**").permitAll()
-                        .requestMatchers("/api/cocktails/**").permitAll()
-
+                        .requestMatchers("/user/**").permitAll()
+                        .requestMatchers("/cocktails/**").permitAll()
+                        .requestMatchers("/chatbot/**").permitAll()
 
                         // 회원 or 인증된 사용자만 가능
-                        .requestMatchers("/api/admin/**").hasRole("ADMIN")
-//                        .requestMatchers("/api/cocktail/detail~~").authenticated()
+                        .requestMatchers("/admin/**").hasRole("ADMIN")
 
                         //그 외에는 인증해야함
                         .anyRequest().authenticated()
@@ -95,9 +100,8 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
     public CorsConfigurationSource corsConfigurationSource() {
         CorsConfiguration configuration = new CorsConfiguration();
         configuration.setAllowedOrigins(Arrays.asList(
-                "http://localhost:3000",
-                "http://localhost:8080"
-                //나중에 운영환경 추가
+                frontUrl,
+                backUrl
         ));
         configuration.setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "DELETE", "PATCH", "OPTIONS"));
         configuration.setAllowedHeaders(Arrays.asList("*"));