Skip to content

Commit

Permalink
[#111] fix: spring Prod swagger 변경
Browse files Browse the repository at this point in the history
  • Loading branch information
rdd9223 committed Dec 9, 2023
1 parent acaed34 commit 4d900c6
Showing 1 changed file with 65 additions and 51 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -23,61 +23,75 @@
@EnableWebSecurity
public class SecurityConfig {

private final JwtTokenProvider jwtTokenProvider;
private final JwtAuthenticationEntryPoint jwtAuthenticationEntryPoint;
private final JwtTokenProvider jwtTokenProvider;
private final JwtAuthenticationEntryPoint jwtAuthenticationEntryPoint;

private static final String[] SWAGGER_URL = {
"/swagger-resources/**",
"/favicon.ico",
"/api-docs/**",
"/swagger-ui/**",
"/swagger-ui.html",
"/swagger-ui/index.html",
"/docs/swagger-ui/index.html",
"/swagger-ui/swagger-ui.css",
};
private static final String[] SWAGGER_URL = {
"/swagger-resources/**",
"/favicon.ico",
"/api-docs/**",
"/swagger-ui/**",
"/swagger-ui.html",
"/swagger-ui/index.html",
"/docs/swagger-ui/index.html",
"/swagger-ui/swagger-ui.css",
};

private static final String[] AUTH_WHITELIST = {
"/health"
};
private static final String[] AUTH_WHITELIST = {
"/health"
};

@Bean
@Profile("dev")
SecurityFilterChain devSecurityFilterChain(HttpSecurity http) throws Exception {
http.csrf((csrfConfig) ->
csrfConfig.disable()
)
.cors(Customizer.withDefaults())
.sessionManagement((sessionManagement) ->
sessionManagement.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
)
.authorizeHttpRequests(
authorize -> authorize.requestMatchers(AUTH_WHITELIST).permitAll()
.requestMatchers(SWAGGER_URL).permitAll()
.anyRequest().authenticated()
)
.addFilterBefore(
new JwtAuthenticationFilter(jwtTokenProvider, jwtAuthenticationEntryPoint),
UsernamePasswordAuthenticationFilter.class)
.exceptionHandling(exceptionHandling ->
exceptionHandling.authenticationEntryPoint(jwtAuthenticationEntryPoint)
);
return http.build();
}
@Bean
@Profile("dev")
SecurityFilterChain devSecurityFilterChain(HttpSecurity http) throws Exception {
http.csrf((csrfConfig) -> csrfConfig.disable())
.cors(Customizer.withDefaults())
.sessionManagement(
(sessionManagement) -> sessionManagement.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
.authorizeHttpRequests(
authorize -> authorize.requestMatchers(AUTH_WHITELIST).permitAll()
.requestMatchers(SWAGGER_URL).permitAll()
.anyRequest().authenticated())
.addFilterBefore(
new JwtAuthenticationFilter(this.jwtTokenProvider, this.jwtAuthenticationEntryPoint),
UsernamePasswordAuthenticationFilter.class)
.exceptionHandling(exceptionHandling -> exceptionHandling
.authenticationEntryPoint(this.jwtAuthenticationEntryPoint));
return http.build();
}

@Bean
CorsConfigurationSource corsConfigurationSource() {
CorsConfiguration configuration = new CorsConfiguration();
configuration.setAllowedOrigins(
Arrays.asList("https://playground.sopt.org/", "http://localhost:3000/",
"https://sopt-internal-dev.pages.dev/"));
configuration.setAllowedMethods(Arrays.asList("GET", "POST", "PATCH", "DELETE", "OPTIONS"));
configuration.addAllowedHeader("*");
configuration.setAllowCredentials(false);
@Bean
@Profile("prod")
SecurityFilterChain prodSecurityFilterChain(HttpSecurity http) throws Exception {
http.csrf((csrfConfig) -> csrfConfig.disable())
.cors(Customizer.withDefaults())
.sessionManagement(
(sessionManagement) -> sessionManagement.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
.authorizeHttpRequests(
authorize -> authorize.requestMatchers(AUTH_WHITELIST).permitAll()
.requestMatchers(SWAGGER_URL).permitAll()
.anyRequest().authenticated())
.addFilterBefore(
new JwtAuthenticationFilter(this.jwtTokenProvider, this.jwtAuthenticationEntryPoint),
UsernamePasswordAuthenticationFilter.class)
.exceptionHandling(exceptionHandling -> exceptionHandling
.authenticationEntryPoint(this.jwtAuthenticationEntryPoint));
return http.build();
}

UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**", configuration);
return source;
}
@Bean
CorsConfigurationSource corsConfigurationSource() {
CorsConfiguration configuration = new CorsConfiguration();
configuration.setAllowedOrigins(
Arrays.asList("https://playground.sopt.org/", "http://localhost:3000/",
"https://sopt-internal-dev.pages.dev/"));
configuration.setAllowedMethods(Arrays.asList("GET", "POST", "PATCH", "DELETE", "OPTIONS"));
configuration.addAllowedHeader("*");
configuration.setAllowCredentials(false);

UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**", configuration);
return source;
}

}

0 comments on commit 4d900c6

Please sign in to comment.