gc-guide-api/src/main/java/com/gcsc/guide/config/SecurityConfig.java

package com.gcsc.guide.config;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.web.SecurityFilterChain;

@Configuration
@EnableWebSecurity
public class SecurityConfig {

    @Bean
    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
        http
            .csrf(csrf -> csrf.disable())
            .sessionManagement(session ->
                session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
            .authorizeHttpRequests(auth -> auth
                .requestMatchers("/api/auth/**", "/actuator/health", "/h2-console/**").permitAll()
                .anyRequest().authenticated()
            )
            .headers(headers -> headers.frameOptions(frame -> frame.sameOrigin()));

        return http.build();
    }
}
feat: Spring Boot 3.5 + JDK 17 초기 프로젝트 구성 - Spring Boot 3.5.2 + Spring Security + JPA + PostgreSQL - Google OAuth2 ID Token 검증 (google-api-client) - JWT 인증 (jjwt 0.12.6) - H2 인메모리 DB (로컬) / PostgreSQL (운영) 프로필 분리 - Nexus 프록시 경유 Maven 빌드 설정 - 팀 워크플로우 템플릿 (common + java-maven) 적용 2026-02-14 13:00:24 +09:00			`package com.gcsc.guide.config;`

			`import org.springframework.context.annotation.Bean;`
			`import org.springframework.context.annotation.Configuration;`
			`import org.springframework.security.config.annotation.web.builders.HttpSecurity;`
			`import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;`
			`import org.springframework.security.config.http.SessionCreationPolicy;`
			`import org.springframework.security.web.SecurityFilterChain;`

			`@Configuration`
			`@EnableWebSecurity`
			`public class SecurityConfig {`

			`@Bean`
			`public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {`
			`http`
			`.csrf(csrf -> csrf.disable())`
			`.sessionManagement(session ->`
			`session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))`
			`.authorizeHttpRequests(auth -> auth`
			`.requestMatchers("/api/auth/", "/actuator/health", "/h2-console/").permitAll()`
			`.anyRequest().authenticated()`
			`)`
			`.headers(headers -> headers.frameOptions(frame -> frame.sameOrigin()));`

			`return http.build();`
			`}`
			`}`