Merge pull request #21 from Central-MakeUs/dev

fix: security config 수정
Central-MakeUs · Jan 29, 2024 · fc448dd · fc448dd
2 parents 2c4640f + e3a0d6f
commit fc448dd
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 0 deletions.
diff --git a/core/core-security/src/main/java/com/mm/coresecurity/config/WebSecurityConfig.java b/core/core-security/src/main/java/com/mm/coresecurity/config/WebSecurityConfig.java
@@ -1,12 +1,18 @@
 package com.mm.coresecurity.config;
 
+import static org.springframework.http.HttpMethod.*;
+import static org.springframework.security.web.util.matcher.AntPathRequestMatcher.*;
+
+import java.util.List;
+
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.authentication.logout.LogoutFilter;
+import org.springframework.security.web.util.matcher.RequestMatcher;
 
 import com.mm.coresecurity.jwt.JwtAccessDeniedHandler;
 import com.mm.coresecurity.jwt.JwtAuthenticationEntryPoint;
@@ -51,6 +57,7 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Excepti
 
 			.authorizeHttpRequests(authorize ->
 				authorize
+					.requestMatchers(oauthRequests()).authenticated()
 					.anyRequest().permitAll())
 
 			.addFilterAfter(jwtAuthenticationFilter, LogoutFilter.class)
@@ -61,6 +68,14 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Excepti
 
 			.build();
 	}
+
+	private RequestMatcher[] oauthRequests() {
+		List<RequestMatcher> requestMatchers = List.of(
+			antMatcher(GET, "/login/oauth2/code/kakao"),
+			antMatcher(GET, "/oauth2/authorization/kakao")
+		);
+		return requestMatchers.toArray(RequestMatcher[]::new);
+	}
 }
 
 
diff --git a/core/core-security/src/main/java/com/mm/coresecurity/oauth/OAuth2AuthSuccessHandler.java b/core/core-security/src/main/java/com/mm/coresecurity/oauth/OAuth2AuthSuccessHandler.java
@@ -68,6 +68,7 @@ public void onAuthenticationSuccess(HttpServletRequest request, HttpServletRespo
 		tokenMap.put("accessToken", accessToken);
 		tokenMap.put("refreshToken", refreshToken);
 
+		response.addHeader("Authorization", "Bearer " + accessToken);
 		HttpResponseUtil.writeSuccessResponse(response, tokenMap);
 	}