From e69362c677c2deb98c8bb4cca773aeb8907f2781 Mon Sep 17 00:00:00 2001 From: Sohee Date: Mon, 17 Nov 2025 20:56:31 +0900 Subject: [PATCH] =?UTF-8?q?[BE]=20SICS1-212=20[FIX]=20cookie=20=EC=A0=80?= =?UTF-8?q?=EC=9E=A5=20=EC=8B=A4=ED=8C=A8=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../auth/config/OAuth2SuccessHandler.java | 3 +++ .../common/auth/config/SecurityConfig.java | 21 ++++++++++++++----- 2 files changed, 19 insertions(+), 5 deletions(-) diff --git a/backend/src/main/java/org/sejongisc/backend/common/auth/config/OAuth2SuccessHandler.java b/backend/src/main/java/org/sejongisc/backend/common/auth/config/OAuth2SuccessHandler.java index dc04e7c1..348599f4 100644 --- a/backend/src/main/java/org/sejongisc/backend/common/auth/config/OAuth2SuccessHandler.java +++ b/backend/src/main/java/org/sejongisc/backend/common/auth/config/OAuth2SuccessHandler.java @@ -108,11 +108,13 @@ public void onAuthenticationSuccess( String domain = isProd ? "sisc-web.duckdns.org" : "localhost"; + // 6. HttpOnly 쿠키로 refreshToken 저장 ResponseCookie accessCookie = ResponseCookie.from("access", accessToken) .httpOnly(true) .secure(secure) // 로컬=false, 배포=true .sameSite(sameSite) // 로컬= "Lax", 배포="None" + .domain(domain) .path("/") .maxAge(60L * 60) // 1 hour .build(); @@ -121,6 +123,7 @@ public void onAuthenticationSuccess( .httpOnly(true) .secure(secure) .sameSite(sameSite) + .domain(domain) .path("/") .maxAge(60L * 60 * 24 * 14) // 2 weeks .build(); diff --git a/backend/src/main/java/org/sejongisc/backend/common/auth/config/SecurityConfig.java b/backend/src/main/java/org/sejongisc/backend/common/auth/config/SecurityConfig.java index 6cbc15e4..0bd5a33c 100644 --- a/backend/src/main/java/org/sejongisc/backend/common/auth/config/SecurityConfig.java +++ b/backend/src/main/java/org/sejongisc/backend/common/auth/config/SecurityConfig.java @@ -6,6 +6,7 @@ import org.sejongisc.backend.common.auth.springsecurity.JwtAuthenticationFilter; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; +import org.springframework.core.env.Environment; import org.springframework.http.HttpMethod; import org.springframework.security.config.Customizer; import org.springframework.security.config.annotation.web.builders.HttpSecurity; @@ -38,6 +39,12 @@ public class SecurityConfig { private final CustomOidcUserService customOidcUserService; private final OAuth2SuccessHandler oAuth2SuccessHandler; + private final Environment env; + + private boolean isProd() { + return List.of(env.getActiveProfiles()).contains("prod"); + } + @Bean public AuthorizationRequestRepository authorizationRequestRepository() { return new HttpSessionOAuth2AuthorizationRequestRepository(); @@ -63,9 +70,13 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Excepti } ) .successHandler(oAuth2SuccessHandler) - .failureHandler((req, res, ex) -> - res.sendRedirect("http://localhost:5173/oauth/fail") - ) + .failureHandler((req, res, ex) -> { + if (isProd()) { + res.sendRedirect("https://sisc-web.duckdns.org/oauth/fail"); + } else { + res.sendRedirect("http://localhost:5173/oauth/fail"); + } + }) ) .authorizeHttpRequests(auth -> { @@ -110,8 +121,8 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Excepti @Bean public CorsConfigurationSource corsConfigurationSource() { CorsConfiguration config = new CorsConfiguration(); - config.setAllowedOrigins(List.of( - "http://localhost:5173", // 허용할 프론트 주소 + config.setAllowedOriginPatterns(List.of( + "http://localhost:5173", "https://sisc-web.duckdns.org" )); config.setAllowedMethods(List.of("GET", "POST", "PUT", "DELETE", "PATCH", "OPTIONS"));