refactor: 기존 독립적이었던 Cors 설정을 Security에서 설정하도록 수정

#3
BDD-CLUB · Nov 22, 2024 · 6b68f4f · 6b68f4f
1 parent 561fea4
commit 6b68f4f
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 12 deletions.
diff --git a/src/main/java/MusicPlatform/global/config/cors/CorsConfig.java b/src/main/java/MusicPlatform/global/config/cors/CorsConfig.java
@@ -1,26 +1,32 @@
 package MusicPlatform.global.config.cors;
 
+import java.util.List;
 import org.springframework.beans.factory.annotation.Value;
+import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
-import org.springframework.web.servlet.config.annotation.CorsRegistry;
-import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
+import org.springframework.web.cors.CorsConfiguration;
+import org.springframework.web.cors.CorsConfigurationSource;
+import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
 
 @Configuration
-public class CorsConfig implements WebMvcConfigurer {
+public class CorsConfig {
 
     @Value(value = "${cors.allow.origins}")
     private String[] allowedOrigins;
 
     @Value(value = "${cors.allow.methods}")
     private String[] allowedMethods;
 
-    @Override
-    public void addCorsMappings(CorsRegistry registry) {
-        registry.addMapping("/**")
-                .allowedOrigins(allowedOrigins)
-                .allowedMethods(allowedMethods)
-                .allowedHeaders("Origin", "Content-Type", "Accept", "Authorization")
-                .allowCredentials(true)
-                .maxAge(3600);
+    @Bean
+    public CorsConfigurationSource corsConfigurationSource() {
+        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
+        CorsConfiguration config = new CorsConfiguration();
+        config.setAllowedOrigins(List.of(allowedOrigins));
+        config.setAllowedMethods(List.of(allowedMethods));
+        config.setAllowedHeaders(List.of("Origin", "Content-Type", "Accept", "Authorization"));
+        config.setAllowCredentials(true);
+        config.setMaxAge(3600L); // preflight 요청에 대한 응답 캐싱 (1시간)
+        source.registerCorsConfiguration("/**", config);
+        return source;
     }
 }
diff --git a/src/main/java/MusicPlatform/global/config/security/Oauth2ClientConfig.java b/src/main/java/MusicPlatform/global/config/security/Oauth2ClientConfig.java
@@ -3,6 +3,7 @@
 import static org.springframework.security.config.http.SessionCreationPolicy.STATELESS;
 
 import MusicPlatform.domain.oauth2.service.OAuth2UserService;
+import MusicPlatform.global.config.cors.CorsConfig;
 import MusicPlatform.global.filter.JwtAuthorizationFilter;
 import MusicPlatform.global.handler.LoginSuccessHandler;
 import MusicPlatform.global.handler.OauthAccessDeniedHandler;
@@ -24,6 +25,7 @@
 @RequiredArgsConstructor
 public class Oauth2ClientConfig {
 
+    private final CorsConfig corsConfig;
     private final OAuth2UserService oAuth2UserService;
     private final LoginSuccessHandler loginSuccessHandler;
     private final OauthAccessDeniedHandler oauthAccessDeniedHandler;
@@ -40,7 +42,7 @@ SecurityFilterChain securityFilterChane(HttpSecurity http) throws Exception {
         );
 
         http.csrf(AbstractHttpConfigurer::disable);
-        http.cors(AbstractHttpConfigurer::disable);
+        http.cors(cors -> cors.configurationSource(corsConfig.corsConfigurationSource())); // CORS 설정 활성화
 
         http.sessionManagement(sessionManagement -> sessionManagement.sessionCreationPolicy(STATELESS));