Skip to content

[DIT-13] Spring Security 초기 세팅 #2

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
hajimeong wants to merge 2 commits into
base: develop
Choose a base branch
from
Open

[DIT-13] Spring Security 초기 세팅 #2

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
ee6aa4c
feat: Spring Security, Cors Config 초기 세팅
hajimeong Mar 17, 2026
f2c4097
refactor: security 설정 정리 및 의존성 스타터 기반으로 정리
hajimeong Mar 18, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 7 additions & 0 deletions build.gradle.kts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,13 @@ dependencies {
implementation("com.fasterxml.jackson.module:jackson-module-kotlin")
implementation("org.jetbrains.kotlin:kotlin-reflect")

implementation("org.springframework.boot:spring-boot-starter-security")
implementation("org.springframework.boot:spring-boot-starter-oauth2-client")

implementation("io.jsonwebtoken:jjwt-api:0.11.5")
runtimeOnly("io.jsonwebtoken:jjwt-impl:0.11.5")
runtimeOnly("io.jsonwebtoken:jjwt-jackson:0.11.5")

developmentOnly("org.springframework.boot:spring-boot-docker-compose")

runtimeOnly("com.mysql:mysql-connector-j")
Expand Down
26 changes: 26 additions & 0 deletions src/main/kotlin/com/didit/adapter/config/CorsConfig.kt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
package com.didit.adapter.config

import org.springframework.context.annotation.Bean
import org.springframework.context.annotation.Configuration
import org.springframework.web.cors.CorsConfiguration
import org.springframework.web.cors.CorsConfigurationSource
import org.springframework.web.cors.UrlBasedCorsConfigurationSource

@Configuration
class CorsConfig {
@Bean
fun corsConfigurationSource(): CorsConfigurationSource {
val configuration =
CorsConfiguration().apply {
allowedOrigins = listOf("*")
allowedMethods = listOf("GET", "POST", "PUT", "DELETE")
allowedHeaders = listOf("*")
allowCredentials = false
}

val source = UrlBasedCorsConfigurationSource()
source.registerCorsConfiguration("/**", configuration)

return source
}
}
35 changes: 35 additions & 0 deletions src/main/kotlin/com/didit/adapter/config/SecurityConfig.kt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
package com.didit.adapter.config

import org.springframework.context.annotation.Bean
import org.springframework.context.annotation.Configuration
import org.springframework.http.HttpMethod
import org.springframework.security.config.annotation.web.builders.HttpSecurity
import org.springframework.security.config.http.SessionCreationPolicy
import org.springframework.security.web.SecurityFilterChain

@Configuration
class SecurityConfig {
@Bean
fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http
.csrf { it.disable() }
.formLogin { it.disable() }
.httpBasic { it.disable() }
.cors {}
.sessionManagement {
it.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
}.authorizeHttpRequests {
it
.requestMatchers(HttpMethod.OPTIONS, "/**")
.permitAll()
.requestMatchers(
"/auth/**",
"/health",
).permitAll()
.anyRequest()
.authenticated()
}

return http.build()
}
}