05-15 08:39
Recent Posts
Recent Comments
Tags
- νλ‘λ³΄λ Έ
- μ΄λΈμ
- DB
- μ€ν½λ ν
- μ€ν½μ€λΉ
- ICTλ©ν λ§
- mysql
- νμ΄μ
- API MarketPlace κΈλ‘λ² μν¬ν°μ¦
- Java
- Spring
- RaspberryPi
- λ°μ΄ν°λ² μ΄μ€
- ICT
- DATABASE
- APIλ§μΌνλ μ΄μ€
- appetizer
- linux
- SQL
- μ‘νκ³
- μλ°
- Naver Cloud
- ict곡λͺ¨μ
- μ¨μΌλν
- νμ΄μ곡λͺ¨μ
- TSQL
- νμ΄μ¬
- μλμ΄λ Έ
- python
- JOBνκ³
- Today
- Total
miinsun
[Lehgo] Spring CORS μ€λ₯ ν΄κ²° λ°©λ² λ³Έλ¬Έ
π» μ€μ΅ νκ²½
OS: AWS Linux
π¬ μꡬ μ¬ν
cors μλ¬λ 보μ μμ μ΄μ λ‘, λΈλΌμ°μ μμ κ΅μ°¨ μΆλ¬μ HTTP μμ²μ μ ννκΈ° λλ¬Έμ μΌμ΄λλ μλ¬μ΄λ€. μΈλΆ APIλ₯Ό μ¬μ©νλ μΉ μ΄ν리μΌμ΄μ μ 보μμμ μ΄μ λλ¬Έμ μμ μ μΆμ²μ λμΌν 리μμ€λ§ λΆλ¬μ¬ μ μμΌλ©°, λ€λ₯Έ μΆμ²μ 리μμ€λ₯Ό λΆλ¬μ€λ €λ©΄ κ·Έ μΆμ²μμ μ¬λ°λ₯Έ cors ν€λλ₯Ό ν¬ν¨ν μλ΅μ λ°νν΄μ€μΌ νλ€.
μμ κ°μ μ΄μ λ‘ spring μλ²μ vue μλ²μ ν΅μ μμ cors μ€λ₯κ° μ겨 springμμ corsλ₯Ό νμ©ν΄μ£Όλλ‘ μ½λλ₯Ό μμ ν΄μ€μΌνλ€. μ΄λ₯Ό ν΄κ²°νκΈ° μν΄ κ΅¬κΈλ§νμ λ, ν¬κ² 3κ°μ§ λ°©λ²μ μ¬μ©ν μ μλ κ±Έ μκ² λλ€.
1. main λ©μλμμ cors νμ©νκΈ°
2. webConfig.java νμΌμ μλ‘ λ§λ€μ΄μ μΉ μ€μ ν΄μ£ΌκΈ°
3. Spring Security μ€μ μμ νκΈ° (μ±ν)
μ 1, 2 λ°©λ²μ΄ μ ν΅νμ§ μμκ³ , μ°λ¦¬ νλ‘μ νΈλ spring securityλ₯Ό μ΄μ©ν΄μ 3λ² λ°©λ²μΌλ‘ cors μ€λ₯λ₯Ό ν΄κ²°ν μ μμλ€.
π SpringSecurity μ€μ λ³κ²½
Security μ€μ νμΌμ cors μ€μ μ μ μ©ν΄μ£Όμ.
(1) cors preflight μ€μ : Preflight requestμ λν΄, μΈμ¦μ νμ§ μκ³ λͺ¨λ μμ²μ νμ©νλ€.
(2) cors().μ μ± μ€μ
import org.springframework.web.cors.CorsUtils;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.CorsConfigurationSource;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf().disable()
.httpBasic().disable()
.authorizeRequests()
<!-- (1) preflight -->
.requestMatchers(CorsUtils::isPreFlightRequest).permitAll()
.antMatchers("/login").permitAll()
.antMatchers("/exists/**").permitAll() //μ€λ³΅ μ¬λΆ κ²μ¬
.antMatchers("/checkUser").hasRole("USER")
.antMatchers("/admin/**").hasRole("ADMIN")
.anyRequest().permitAll()
.and()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.formLogin()
.disable()
<!-- (2) cors μ€μ μ μ© -->
.cors().and();
http.addFilterBefore(new JwtAuthenticationFilter(jwtTokenProvider), UsernamePasswordAuthenticationFilter.class);
}
π CorsConfigurationSource λ©μλ μΆκ°
Security μ€μ νμΌμ CorsConfigurationSource λ©μλλ₯Ό μΆκ°ν΄μ£Όμ.
- configuration.addAllowedOriginPattern("*");
- νΉμ ν¨ν΄μ originμΌλ‘ λΆν° μ€λ κ²λ§ νμ©νλ€.
- configuration.addAllowedMethod("*");
- νΉμ λ©μλλ§ νμ©νλ€.
- configuration.addAllowedHeader("*");
- νΉμ ν€λλ§ νμ©νλ€.
- configuration.addExposedHeader("authorization");
- μΆκ° ν€λ, 컀μ€ν ν€λλ₯Ό μ§μ νλ€.
- jwtTokenμ μ΄μ©ν΄ μ¬μ©μ μΈμ¦μ νκΈ° μν΄ 'authorization'μ΄λΌλ 컀μ€ν ν€λκ° νμνλ€.
- source.registerCorsConfiguration("/**", configuration);
- corsConfiguration λ±λ‘
// CORS νμ© μ μ©
@Bean
public CorsConfigurationSource corsConfigurationSource() {
CorsConfiguration configuration = new CorsConfiguration();
configuration.addAllowedOriginPattern("*");
configuration.addAllowedMethod("*");
configuration.addAllowedHeader("*");
configuration.addExposedHeader("authorization");
configuration.setAllowCredentials(true);
configuration.setMaxAge(3600L);
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**", configuration);
return source;
}
'Project > 2022 Lehgo' μΉ΄ν κ³ λ¦¬μ λ€λ₯Έ κΈ
'Project/2022 Lehgo' Related Articles
more
Comments