Merge pull request #268 from CodIN-INU/develop

gisu1102 · web-flow · commit 3f94a130a7f9 · 2025-10-07T14:10:28.000+09:00
fix : 공개api (swagger, auth) 에서 토큰 검증요구 에러
diff --git a/src/main/java/inu/codin/codin/common/config/SecurityConfig.java b/src/main/java/inu/codin/codin/common/config/SecurityConfig.java
@@ -2,6 +2,7 @@
 
 
 import inu.codin.codin.common.dto.PermitAllProperties;
+import inu.codin.codin.common.dto.PublicApiProperties;
 import inu.codin.codin.common.security.filter.ExceptionHandlerFilter;
 import inu.codin.codin.common.security.filter.JwtAuthenticationFilter;
 import inu.codin.codin.common.security.service.JwtService;
@@ -57,6 +58,7 @@ public class SecurityConfig {
     private final OAuth2LoginFailureHandler oAuth2LoginFailureHandler;
     private final CustomOAuth2UserService customOAuth2UserService;
     private final PermitAllProperties permitAllProperties;
+    private final PublicApiProperties publicApiProperties;
 
     private final AppleOAuth2UserService appleOAuth2UserService;
     private final ClientRegistrationRepository clientRegistrationRepository;
@@ -81,6 +83,7 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
                 .authorizeHttpRequests((authorizeHttpRequests) ->
                         authorizeHttpRequests
                                 .requestMatchers(permitAllProperties.getUrls().toArray(new String[0])).permitAll()
+                                .requestMatchers(publicApiProperties.getUrls().toArray(new String[0])).permitAll()
                                 .requestMatchers(ADMIN_AUTH_PATHS).hasRole("ADMIN")
                                 .requestMatchers(MANAGER_AUTH_PATHS).hasRole("MANAGER")
                                 .requestMatchers(USER_AUTH_PATHS).hasRole("USER")
@@ -115,7 +118,7 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 //                .httpBasic(Customizer.withDefaults())
                 // JwtAuthenticationFilter 추가
                 .addFilterBefore(
-                        new JwtAuthenticationFilter(jwtService, permitAllProperties),
+                        new JwtAuthenticationFilter(jwtService, permitAllProperties, publicApiProperties),
                         UsernamePasswordAuthenticationFilter.class
                 )
                 // 예외 처리 필터 추가
diff --git a/src/main/java/inu/codin/codin/common/dto/PublicApiProperties.java b/src/main/java/inu/codin/codin/common/dto/PublicApiProperties.java
@@ -0,0 +1,16 @@
+package inu.codin.codin.common.dto;
+
+import lombok.Getter;
+import lombok.Setter;
+import org.springframework.boot.context.properties.ConfigurationProperties;
+import org.springframework.context.annotation.Configuration;
+
+import java.util.List;
+
+@Getter
+@Setter
+@Configuration
+@ConfigurationProperties(prefix = "security.public-api")
+public class PublicApiProperties {
+    private List<String> urls;
+}
diff --git a/src/main/java/inu/codin/codin/common/security/filter/JwtAuthenticationFilter.java b/src/main/java/inu/codin/codin/common/security/filter/JwtAuthenticationFilter.java
@@ -1,6 +1,7 @@
 package inu.codin.codin.common.security.filter;
 
 import inu.codin.codin.common.dto.PermitAllProperties;
+import inu.codin.codin.common.dto.PublicApiProperties;
 import inu.codin.codin.common.security.service.JwtService;
 import jakarta.servlet.FilterChain;
 import jakarta.servlet.ServletException;
@@ -23,6 +24,7 @@ public class JwtAuthenticationFilter extends OncePerRequestFilter {
 
     private final JwtService jwtService;
     private final PermitAllProperties permitAllProperties;
+    private final PublicApiProperties publicApiProperties;
     private final AntPathMatcher pathMatcher = new AntPathMatcher();
 
     private final String [] SWAGGER_AUTH_PATHS = {
@@ -40,6 +42,14 @@ protected void doFilterInternal(HttpServletRequest request, HttpServletResponse
         final boolean isPermitAll = permitAllProperties.getUrls().stream()
                 .anyMatch(url -> pathMatcher.match(url, requestURI));
 
+        final boolean isPublicApi = publicApiProperties.getUrls().stream()
+                .anyMatch(url -> pathMatcher.match(url, requestURI));
+
+        if (isPermitAll) {
+            filterChain.doFilter(request, response);
+            return;
+        }
+
         String token = null;
         if (Arrays.stream(SWAGGER_AUTH_PATHS).anyMatch(url -> pathMatcher.match(url, requestURI))) {
             token = jwtService.getRefreshToken(request);
@@ -53,7 +63,7 @@ protected void doFilterInternal(HttpServletRequest request, HttpServletResponse
         } else {
             SecurityContextHolder.clearContext();
 
-             if (isPermitAll) {
+             if (isPublicApi) {
                  filterChain.doFilter(request, response);
                  return;
              }
diff --git a/src/main/resources b/src/main/resources
@@ -1 +1 @@
-Subproject commit 602ab2842c147fc7bffcb7f137539d0229e86b78
+Subproject commit 7a4f3d3cfcc431add261543a761a86bbe49bba9a
