diff --git a/src/main/java/org/rf/rfserver/config/WebSecurityConfig.java b/src/main/java/org/rf/rfserver/config/WebSecurityConfig.java index 976d77f..42eb095 100644 --- a/src/main/java/org/rf/rfserver/config/WebSecurityConfig.java +++ b/src/main/java/org/rf/rfserver/config/WebSecurityConfig.java @@ -32,8 +32,8 @@ public SecurityFilterChain filterChain(HttpSecurity http, TokenAuthenticationFil return http .csrf(AbstractHttpConfigurer::disable) .authorizeHttpRequests(requests -> - requests.requestMatchers("/", "/swagger-ui/**", "/user/**", "/party/**" - , "/mail/**", "/schedule/**", "/report/**","/chat/**", "/block/**", + requests.requestMatchers("/", "/user/login", "/chat/**", "/user", "/user/idCheck/**", "/user/nicknameCheck/**" , + "/user/findId", "/user/resetPassword", "/token", "/enums", "/apns/**", "/ws/**").permitAll() // requestMatchers의 인자로 전달된 url은 모두에게 허용 .anyRequest().authenticated() // 그 외의 모든 요청은 인증 필요 ) diff --git a/src/main/java/org/rf/rfserver/constant/RfRule.java b/src/main/java/org/rf/rfserver/constant/RfRule.java index 9f1ae7d..e7153b8 100644 --- a/src/main/java/org/rf/rfserver/constant/RfRule.java +++ b/src/main/java/org/rf/rfserver/constant/RfRule.java @@ -2,6 +2,6 @@ public class RfRule { public static final int MAX_PARTY_NUMBER = 5; - public static final int ACCESS_TOKEN_EXPIRATION = 2; + public static final int ACCESS_TOKEN_EXPIRATION = 70; public static final int REFRESH_TOKEN_EXPIRATION = 7; } diff --git a/src/main/java/org/rf/rfserver/user/service/UserService.java b/src/main/java/org/rf/rfserver/user/service/UserService.java index da1c5fb..5bd43a3 100644 --- a/src/main/java/org/rf/rfserver/user/service/UserService.java +++ b/src/main/java/org/rf/rfserver/user/service/UserService.java @@ -223,7 +223,7 @@ public LoginRes login(LoginReq loginReq) throws BaseException { User user = userRepository.findByLoginId(loginReq.getLoginId()) .filter(it -> bCryptPasswordEncoder.matches(loginReq.getPassword(), it.getPassword())) // 암호화된 비밀번호와 비교하도록 수정 .orElseThrow(() -> new BaseException(INVALID_LOGIN_IR_OR_PASSWORD)); - String accessToken = tokenProvider.generateToken(user, Duration.ofHours(ACCESS_TOKEN_EXPIRATION)); + String accessToken = tokenProvider.generateToken(user, Duration.ofDays(ACCESS_TOKEN_EXPIRATION)); String refreshToken = tokenProvider.generateToken(user, Duration.ofDays(REFRESH_TOKEN_EXPIRATION)); refreshTokenService.saveRefreshToken(user.getId(), refreshToken); user.setDeviceToken(loginReq.getDeviceToken());