Merge pull request #55 from INFP-Study/feature/cors

[FEATURE] E4-S1 로그인 API - cors 설정 #28
INFP-Study · Oct 25, 2021 · 911cf8c · 911cf8c
2 parents 32cc9b9 + c164eef
commit 911cf8c
Show file tree

Hide file tree

Showing 2 changed files with 30 additions and 3 deletions.
diff --git a/backend/cicd/dev/charts/templates/deployment.yaml b/backend/cicd/dev/charts/templates/deployment.yaml
@@ -39,7 +39,7 @@ spec:
               protocol: TCP
           env:
             - name: JAVA_OPTS
-              value: -Djasypt.encryptor.password={{ .Values.application.secret.jasypt }} -Dspring.profiles.active={{ .Values.application.mode }}"
+              value: -Djasypt.encryptor.password={{ .Values.application.secret.jasypt }} -Dspring.profiles.active={{ .Values.application.mode }}
           livenessProbe:
             httpGet:
               path: /healthcheck

diff --git a/backend/src/main/java/com/infp/ciat/config/security/WebSecurityConfig.java b/backend/src/main/java/com/infp/ciat/config/security/WebSecurityConfig.java
@@ -3,6 +3,7 @@
 //import com.infp.ciat.user.service.OAuth2DetailesService;
 //import com.infp.ciat.user.service.OAuth2DetailesService;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
@@ -11,6 +12,11 @@
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.transaction.annotation.Transactional;
+import org.springframework.web.cors.CorsConfiguration;
+import org.springframework.web.cors.CorsConfigurationSource;
+import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
+
+import java.util.List;
 
 /***
  * 스프링시큐리티 설정
@@ -20,6 +26,8 @@
 @Configuration
 @EnableWebSecurity
 public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
+    @Value("${cors.iplist}")
+    private String[] cors;
 
 //    @Autowired
 //    private OAuth2DetailesService oAuth2DetailesService;
@@ -48,12 +56,31 @@ protected void configure(HttpSecurity http) throws Exception {
             .and()
         .formLogin()
             .usernameParameter("email")
-            .passwordParameter("password");
-
+            .passwordParameter("password")
+            .and()
+        .cors()
+            .configurationSource(corsConfigurationSource())
+            .and();
 //
 //        http
 //          .oauth2Login()
 //          .userInfoEndpoint()
 //          .userService(oAuth2DetailesService);
     }
+
+
+    @Bean
+    public CorsConfigurationSource corsConfigurationSource() {
+        CorsConfiguration corsConfiguration = new CorsConfiguration();
+        corsConfiguration.addAllowedOrigin("*");
+        corsConfiguration.addAllowedHeader("*");
+        corsConfiguration.addAllowedMethod("*");
+        corsConfiguration.addExposedHeader("JSESSIONID");
+        corsConfiguration.setAllowCredentials(true);
+
+        UrlBasedCorsConfigurationSource urlBasedCorsConfigurationSource = new UrlBasedCorsConfigurationSource();
+        urlBasedCorsConfigurationSource.registerCorsConfiguration("/**", corsConfiguration);
+
+        return urlBasedCorsConfigurationSource;
+    }
 }