gc-guide-api/src/main/java/com/gcsc/guide/config/SecurityConfig.java

package com.gcsc.guide.config;

import com.gcsc.guide.auth.JwtAuthenticationFilter;
import lombok.RequiredArgsConstructor;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.CorsConfigurationSource;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;

import java.util.List;

@Configuration
@EnableWebSecurity
@RequiredArgsConstructor
public class SecurityConfig {

    private final JwtAuthenticationFilter jwtAuthenticationFilter;

    @Value("${app.cors.allowed-origins:http://localhost:5173,https://guide.gc-si.dev}")
    private List<String> allowedOrigins;

    @Bean
    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
        http
            .cors(cors -> cors.configurationSource(corsConfigurationSource()))
            .csrf(csrf -> csrf.disable())
            .sessionManagement(session ->
                session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
            .authorizeHttpRequests(auth -> auth
                .requestMatchers(
                    "/api/auth/**",
                    "/api/health",
                    "/actuator/health",
                    "/h2-console/**"
                ).permitAll()
                .requestMatchers("/api/admin/**").authenticated()
                .anyRequest().authenticated()
            )
            .headers(headers -> headers.frameOptions(frame -> frame.sameOrigin()))
            .addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class);

        return http.build();
    }

    @Bean
    public CorsConfigurationSource corsConfigurationSource() {
        CorsConfiguration config = new CorsConfiguration();
        config.setAllowedOrigins(allowedOrigins);
        config.setAllowedMethods(List.of("GET", "POST", "PUT", "DELETE", "OPTIONS"));
        config.setAllowedHeaders(List.of("*"));
        config.setAllowCredentials(true);
        config.setMaxAge(3600L);

        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
        source.registerCorsConfiguration("/api/**", config);
        return source;
    }
}
feat: Spring Boot 3.5 + JDK 17 초기 프로젝트 구성 - Spring Boot 3.5.2 + Spring Security + JPA + PostgreSQL - Google OAuth2 ID Token 검증 (google-api-client) - JWT 인증 (jjwt 0.12.6) - H2 인메모리 DB (로컬) / PostgreSQL (운영) 프로필 분리 - Nexus 프록시 경유 Maven 빌드 설정 - 팀 워크플로우 템플릿 (common + java-maven) 적용 2026-02-14 13:00:24 +09:00			`package com.gcsc.guide.config;`

feat(auth): JWT 기반 Google 로그인 인증 API 구현 - Entity: User, Role, RoleUrlPattern, UserStatus enum - Repository: UserRepository, RoleRepository (fetch join 쿼리) - Auth: GoogleTokenVerifier, JwtTokenProvider, JwtAuthenticationFilter - API: POST /api/auth/google, GET /api/auth/me, POST /api/auth/logout - DTO: AuthResponse, UserResponse, RoleResponse, GoogleLoginRequest - SecurityConfig: JWT 필터 등록, CORS 설정, 공개 엔드포인트 정의 - 초기 데이터: roles + role_url_patterns 시드 (data.sql) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-02-14 17:28:51 +09:00			`import com.gcsc.guide.auth.JwtAuthenticationFilter;`
			`import lombok.RequiredArgsConstructor;`
			`import org.springframework.beans.factory.annotation.Value;`
feat: Spring Boot 3.5 + JDK 17 초기 프로젝트 구성 - Spring Boot 3.5.2 + Spring Security + JPA + PostgreSQL - Google OAuth2 ID Token 검증 (google-api-client) - JWT 인증 (jjwt 0.12.6) - H2 인메모리 DB (로컬) / PostgreSQL (운영) 프로필 분리 - Nexus 프록시 경유 Maven 빌드 설정 - 팀 워크플로우 템플릿 (common + java-maven) 적용 2026-02-14 13:00:24 +09:00			`import org.springframework.context.annotation.Bean;`
			`import org.springframework.context.annotation.Configuration;`
			`import org.springframework.security.config.annotation.web.builders.HttpSecurity;`
			`import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;`
			`import org.springframework.security.config.http.SessionCreationPolicy;`
			`import org.springframework.security.web.SecurityFilterChain;`
feat(auth): JWT 기반 Google 로그인 인증 API 구현 - Entity: User, Role, RoleUrlPattern, UserStatus enum - Repository: UserRepository, RoleRepository (fetch join 쿼리) - Auth: GoogleTokenVerifier, JwtTokenProvider, JwtAuthenticationFilter - API: POST /api/auth/google, GET /api/auth/me, POST /api/auth/logout - DTO: AuthResponse, UserResponse, RoleResponse, GoogleLoginRequest - SecurityConfig: JWT 필터 등록, CORS 설정, 공개 엔드포인트 정의 - 초기 데이터: roles + role_url_patterns 시드 (data.sql) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-02-14 17:28:51 +09:00			`import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;`
			`import org.springframework.web.cors.CorsConfiguration;`
			`import org.springframework.web.cors.CorsConfigurationSource;`
			`import org.springframework.web.cors.UrlBasedCorsConfigurationSource;`

			`import java.util.List;`
feat: Spring Boot 3.5 + JDK 17 초기 프로젝트 구성 - Spring Boot 3.5.2 + Spring Security + JPA + PostgreSQL - Google OAuth2 ID Token 검증 (google-api-client) - JWT 인증 (jjwt 0.12.6) - H2 인메모리 DB (로컬) / PostgreSQL (운영) 프로필 분리 - Nexus 프록시 경유 Maven 빌드 설정 - 팀 워크플로우 템플릿 (common + java-maven) 적용 2026-02-14 13:00:24 +09:00
			`@Configuration`
			`@EnableWebSecurity`
feat(auth): JWT 기반 Google 로그인 인증 API 구현 - Entity: User, Role, RoleUrlPattern, UserStatus enum - Repository: UserRepository, RoleRepository (fetch join 쿼리) - Auth: GoogleTokenVerifier, JwtTokenProvider, JwtAuthenticationFilter - API: POST /api/auth/google, GET /api/auth/me, POST /api/auth/logout - DTO: AuthResponse, UserResponse, RoleResponse, GoogleLoginRequest - SecurityConfig: JWT 필터 등록, CORS 설정, 공개 엔드포인트 정의 - 초기 데이터: roles + role_url_patterns 시드 (data.sql) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-02-14 17:28:51 +09:00			`@RequiredArgsConstructor`
feat: Spring Boot 3.5 + JDK 17 초기 프로젝트 구성 - Spring Boot 3.5.2 + Spring Security + JPA + PostgreSQL - Google OAuth2 ID Token 검증 (google-api-client) - JWT 인증 (jjwt 0.12.6) - H2 인메모리 DB (로컬) / PostgreSQL (운영) 프로필 분리 - Nexus 프록시 경유 Maven 빌드 설정 - 팀 워크플로우 템플릿 (common + java-maven) 적용 2026-02-14 13:00:24 +09:00			`public class SecurityConfig {`

feat(auth): JWT 기반 Google 로그인 인증 API 구현 - Entity: User, Role, RoleUrlPattern, UserStatus enum - Repository: UserRepository, RoleRepository (fetch join 쿼리) - Auth: GoogleTokenVerifier, JwtTokenProvider, JwtAuthenticationFilter - API: POST /api/auth/google, GET /api/auth/me, POST /api/auth/logout - DTO: AuthResponse, UserResponse, RoleResponse, GoogleLoginRequest - SecurityConfig: JWT 필터 등록, CORS 설정, 공개 엔드포인트 정의 - 초기 데이터: roles + role_url_patterns 시드 (data.sql) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-02-14 17:28:51 +09:00			`private final JwtAuthenticationFilter jwtAuthenticationFilter;`

			`@Value("${app.cors.allowed-origins:http://localhost:5173,https://guide.gc-si.dev}")`
			`private List<String> allowedOrigins;`

feat: Spring Boot 3.5 + JDK 17 초기 프로젝트 구성 - Spring Boot 3.5.2 + Spring Security + JPA + PostgreSQL - Google OAuth2 ID Token 검증 (google-api-client) - JWT 인증 (jjwt 0.12.6) - H2 인메모리 DB (로컬) / PostgreSQL (운영) 프로필 분리 - Nexus 프록시 경유 Maven 빌드 설정 - 팀 워크플로우 템플릿 (common + java-maven) 적용 2026-02-14 13:00:24 +09:00			`@Bean`
			`public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {`
			`http`
feat(auth): JWT 기반 Google 로그인 인증 API 구현 - Entity: User, Role, RoleUrlPattern, UserStatus enum - Repository: UserRepository, RoleRepository (fetch join 쿼리) - Auth: GoogleTokenVerifier, JwtTokenProvider, JwtAuthenticationFilter - API: POST /api/auth/google, GET /api/auth/me, POST /api/auth/logout - DTO: AuthResponse, UserResponse, RoleResponse, GoogleLoginRequest - SecurityConfig: JWT 필터 등록, CORS 설정, 공개 엔드포인트 정의 - 초기 데이터: roles + role_url_patterns 시드 (data.sql) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-02-14 17:28:51 +09:00			`.cors(cors -> cors.configurationSource(corsConfigurationSource()))`
feat: Spring Boot 3.5 + JDK 17 초기 프로젝트 구성 - Spring Boot 3.5.2 + Spring Security + JPA + PostgreSQL - Google OAuth2 ID Token 검증 (google-api-client) - JWT 인증 (jjwt 0.12.6) - H2 인메모리 DB (로컬) / PostgreSQL (운영) 프로필 분리 - Nexus 프록시 경유 Maven 빌드 설정 - 팀 워크플로우 템플릿 (common + java-maven) 적용 2026-02-14 13:00:24 +09:00			`.csrf(csrf -> csrf.disable())`
			`.sessionManagement(session ->`
			`session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))`
			`.authorizeHttpRequests(auth -> auth`
feat(auth): JWT 기반 Google 로그인 인증 API 구현 - Entity: User, Role, RoleUrlPattern, UserStatus enum - Repository: UserRepository, RoleRepository (fetch join 쿼리) - Auth: GoogleTokenVerifier, JwtTokenProvider, JwtAuthenticationFilter - API: POST /api/auth/google, GET /api/auth/me, POST /api/auth/logout - DTO: AuthResponse, UserResponse, RoleResponse, GoogleLoginRequest - SecurityConfig: JWT 필터 등록, CORS 설정, 공개 엔드포인트 정의 - 초기 데이터: roles + role_url_patterns 시드 (data.sql) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-02-14 17:28:51 +09:00			`.requestMatchers(`
			`"/api/auth/**",`
			`"/api/health",`
			`"/actuator/health",`
			`"/h2-console/**"`
			`).permitAll()`
			`.requestMatchers("/api/admin/**").authenticated()`
feat: Spring Boot 3.5 + JDK 17 초기 프로젝트 구성 - Spring Boot 3.5.2 + Spring Security + JPA + PostgreSQL - Google OAuth2 ID Token 검증 (google-api-client) - JWT 인증 (jjwt 0.12.6) - H2 인메모리 DB (로컬) / PostgreSQL (운영) 프로필 분리 - Nexus 프록시 경유 Maven 빌드 설정 - 팀 워크플로우 템플릿 (common + java-maven) 적용 2026-02-14 13:00:24 +09:00			`.anyRequest().authenticated()`
			`)`
feat(auth): JWT 기반 Google 로그인 인증 API 구현 - Entity: User, Role, RoleUrlPattern, UserStatus enum - Repository: UserRepository, RoleRepository (fetch join 쿼리) - Auth: GoogleTokenVerifier, JwtTokenProvider, JwtAuthenticationFilter - API: POST /api/auth/google, GET /api/auth/me, POST /api/auth/logout - DTO: AuthResponse, UserResponse, RoleResponse, GoogleLoginRequest - SecurityConfig: JWT 필터 등록, CORS 설정, 공개 엔드포인트 정의 - 초기 데이터: roles + role_url_patterns 시드 (data.sql) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-02-14 17:28:51 +09:00			`.headers(headers -> headers.frameOptions(frame -> frame.sameOrigin()))`
			`.addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class);`
feat: Spring Boot 3.5 + JDK 17 초기 프로젝트 구성 - Spring Boot 3.5.2 + Spring Security + JPA + PostgreSQL - Google OAuth2 ID Token 검증 (google-api-client) - JWT 인증 (jjwt 0.12.6) - H2 인메모리 DB (로컬) / PostgreSQL (운영) 프로필 분리 - Nexus 프록시 경유 Maven 빌드 설정 - 팀 워크플로우 템플릿 (common + java-maven) 적용 2026-02-14 13:00:24 +09:00
			`return http.build();`
			`}`
feat(auth): JWT 기반 Google 로그인 인증 API 구현 - Entity: User, Role, RoleUrlPattern, UserStatus enum - Repository: UserRepository, RoleRepository (fetch join 쿼리) - Auth: GoogleTokenVerifier, JwtTokenProvider, JwtAuthenticationFilter - API: POST /api/auth/google, GET /api/auth/me, POST /api/auth/logout - DTO: AuthResponse, UserResponse, RoleResponse, GoogleLoginRequest - SecurityConfig: JWT 필터 등록, CORS 설정, 공개 엔드포인트 정의 - 초기 데이터: roles + role_url_patterns 시드 (data.sql) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-02-14 17:28:51 +09:00
			`@Bean`
			`public CorsConfigurationSource corsConfigurationSource() {`
			`CorsConfiguration config = new CorsConfiguration();`
			`config.setAllowedOrigins(allowedOrigins);`
			`config.setAllowedMethods(List.of("GET", "POST", "PUT", "DELETE", "OPTIONS"));`
			`config.setAllowedHeaders(List.of("*"));`
			`config.setAllowCredentials(true);`
			`config.setMaxAge(3600L);`

			`UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();`
			`source.registerCorsConfiguration("/api/**", config);`
			`return source;`
			`}`
feat: Spring Boot 3.5 + JDK 17 초기 프로젝트 구성 - Spring Boot 3.5.2 + Spring Security + JPA + PostgreSQL - Google OAuth2 ID Token 검증 (google-api-client) - JWT 인증 (jjwt 0.12.6) - H2 인메모리 DB (로컬) / PostgreSQL (운영) 프로필 분리 - Nexus 프록시 경유 Maven 빌드 설정 - 팀 워크플로우 템플릿 (common + java-maven) 적용 2026-02-14 13:00:24 +09:00			`}`