feat : 최신 앱 버전 API 구현을 위한 security 변경

essaysir · essaysir · commit e279f8836524 · 2025-08-11T20:32:07.000+09:00
diff --git a/src/main/java/umc/th/juinjang/api/appVersion/controller/AppVersionController.java b/src/main/java/umc/th/juinjang/api/appVersion/controller/AppVersionController.java
@@ -6,7 +6,7 @@
 
 import lombok.RequiredArgsConstructor;
 import umc.th.juinjang.api.appVersion.controller.response.AppVersionResponse;
-import umc.th.juinjang.api.dto.ApiResponse;
+import umc.th.juinjang.apiPayload.ApiResponse;
 import umc.th.juinjang.config.AppVersionProperties;
 
 @RestController
diff --git a/src/main/java/umc/th/juinjang/config/SecurityConfig.java b/src/main/java/umc/th/juinjang/config/SecurityConfig.java
@@ -1,6 +1,7 @@
 package umc.th.juinjang.config;
 
-import lombok.RequiredArgsConstructor;
+import java.util.Arrays;
+
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.core.annotation.Order;
@@ -16,85 +17,88 @@
 import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
+
+import lombok.RequiredArgsConstructor;
 import umc.th.juinjang.jwt.JwtAuthenticationFilter;
 import umc.th.juinjang.jwt.JwtExceptionFilter;
 import umc.th.juinjang.service.auth.JwtService;
 
-import java.util.Arrays;
-
 @Configuration
 @EnableWebSecurity
 @RequiredArgsConstructor
 public class SecurityConfig {
-    private final AuthenticationConfiguration authenticationConfiguration;
-
-    private final JwtService jwtService;
-
-    private final JwtExceptionFilter jwtExceptionFilter;
-
-    private final Environment environment;
-    @Bean
-    @Order(0)
-    public WebSecurityCustomizer webSecurityCustomizer(){
-        String[] activeProfiles = environment.getActiveProfiles();
-        boolean isProd = Arrays.asList(activeProfiles).contains("prod");
-
-        //prod아닐때
-        if (!isProd) {
-            return web -> web.ignoring()
-                    .requestMatchers("/swagger-ui/**", "/swagger/**", "/swagger-resources/**", "/swagger-ui.html", "/test",
-                            "/configuration/ui",  "/v3/api-docs/**", "/h2-console/**", "/api/auth/regenerate-token",
-                            "/api/auth/kakao/**", "/api/auth/apple/**", "/actuator/prometheus",
-                            "/api/auth/v2/apple/**", "/api/auth/v2/kakao/**");
-        }
-        else {
-          return web -> web.ignoring()
-                    .requestMatchers("/h2-console/**", "/api/auth/regenerate-token",
-                            "/api/auth/kakao/**", "/api/auth/apple/**", "/actuator/prometheus",
-                            "/api/auth/v2/apple/**", "/api/auth/v2/kakao/**");
-        }
-
-    }
-
-    //선언 방식이 3.x에서 바뀜
-    @Bean AuthenticationManager authenticationManager(AuthenticationConfiguration authConfiguration) throws Exception
-    { return authConfiguration.getAuthenticationManager(); }
-
-    @Bean
-    protected SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
-
-        http
-                .csrf(AbstractHttpConfigurer::disable)
-                .formLogin(Customizer.withDefaults())
-                .sessionManagement((sessionManagement) ->
-                                sessionManagement.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
-//                        세션을 사용하지 않는다고 설정함
-                )
-                .addFilter(new JwtAuthenticationFilter(authenticationManager(authenticationConfiguration),jwtService))
-//                 JwtAuthenticationFilter를 필터에 넣음
-                .authorizeHttpRequests((authorizeRequests) ->
-                        authorizeRequests
-                                .requestMatchers(
-                                        AntPathRequestMatcher.antMatcher("/api/auth/**")
-                                ).authenticated()
-                                .requestMatchers(
-                                    AntPathRequestMatcher.antMatcher("/h2-console/**")
-                                ).permitAll()
-
-                                .anyRequest().authenticated()
-
-                )
-                .headers(
-                        headersConfigurer ->
-                                headersConfigurer
-                                        .frameOptions(
-                                                HeadersConfigurer.FrameOptionsConfig::sameOrigin
-                                        )
-                )
-                .addFilterBefore(jwtExceptionFilter, JwtAuthenticationFilter.class);
-
-        return http.build();
-    }
+	private final AuthenticationConfiguration authenticationConfiguration;
+
+	private final JwtService jwtService;
+
+	private final JwtExceptionFilter jwtExceptionFilter;
+
+	private final Environment environment;
+
+	@Bean
+	@Order(0)
+	public WebSecurityCustomizer webSecurityCustomizer() {
+		String[] activeProfiles = environment.getActiveProfiles();
+		boolean isProd = Arrays.asList(activeProfiles).contains("prod");
+
+		//prod아닐때
+		if (!isProd) {
+			return web -> web.ignoring()
+				.requestMatchers("/swagger-ui/**", "/swagger/**", "/swagger-resources/**", "/swagger-ui.html", "/test",
+					"/configuration/ui", "/v3/api-docs/**", "/h2-console/**", "/api/auth/regenerate-token",
+					"/api/auth/kakao/**", "/api/auth/apple/**", "/actuator/prometheus",
+					"/api/auth/v2/apple/**", "/api/auth/v2/kakao/**");
+		} else {
+			return web -> web.ignoring()
+				.requestMatchers("/h2-console/**", "/api/auth/regenerate-token",
+					"/api/auth/kakao/**", "/api/auth/apple/**", "/actuator/prometheus",
+					"/api/auth/v2/apple/**", "/api/auth/v2/kakao/**", "/api/app/version/ios");
+		}
+
+	}
+
+	//선언 방식이 3.x에서 바뀜
+	@Bean
+	AuthenticationManager authenticationManager(AuthenticationConfiguration authConfiguration) throws Exception {
+		return authConfiguration.getAuthenticationManager();
+	}
+
+	@Bean
+	protected SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
+
+		http
+			.csrf(AbstractHttpConfigurer::disable)
+			.formLogin(Customizer.withDefaults())
+			.sessionManagement((sessionManagement) ->
+					sessionManagement.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
+				//                        세션을 사용하지 않는다고 설정함
+			)
+			.addFilter(new JwtAuthenticationFilter(authenticationManager(authenticationConfiguration), jwtService))
+			//                 JwtAuthenticationFilter를 필터에 넣음
+			.authorizeHttpRequests((authorizeRequests) ->
+				authorizeRequests
+					.requestMatchers(
+						AntPathRequestMatcher.antMatcher("/api/auth/**")
+					).authenticated()
+					.requestMatchers(
+						AntPathRequestMatcher.antMatcher("/h2-console/**"),
+						AntPathRequestMatcher.antMatcher("/api/app/version/ios")
+					).permitAll()
+
+					.anyRequest().authenticated()
+
+			)
+			.headers(
+				headersConfigurer ->
+					headersConfigurer
+						.frameOptions(
+							HeadersConfigurer.FrameOptionsConfig::sameOrigin
+						)
+			)
+			.addFilterBefore(jwtExceptionFilter, JwtAuthenticationFilter.class);
+
+		return http.build();
+	}
 
 }
 
