🐛 [FIX] Spring Security 오류 수정 #52

src/main/java/org/sopt/lequuServer/global/auth/security/AuthWhiteList.java

@@ -0,0 +1,24 @@
+package org.sopt.lequuServer.global.auth.security;
+
+import java.util.Arrays;
+import java.util.List;
+import java.util.stream.Stream;
+
+public class AuthWhiteList {
+
+    public static final List<String> AUTH_WHITELIST_DEFALUT = Arrays.asList(
+            "/loading", "/error", "/api/login", "/api/reissue",
+            "/health", "/actuator/health", "/"
+    );
+
+    public static final List<String> AUTH_WHITELIST_WILDCARD = Arrays.asList(
+            "/api/kakao/**", "/api/test/**", "/api/images/**",
+            "/swagger-ui/**", "/swagger-resources/**", "/api-docs/**",
+            "/api/common/**", "/api/books/detail/**"
+    );
+
+    public static final String[] AUTH_WHITELIST = Stream.concat(
+            AUTH_WHITELIST_DEFALUT.stream(),
+            AUTH_WHITELIST_WILDCARD.stream()
+    ).toArray(String[]::new);
+}

src/main/java/org/sopt/lequuServer/global/auth/security/JwtAuthenticationFilter.java

@@ -8,7 +8,6 @@
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 import org.sopt.lequuServer.global.auth.jwt.JwtProvider;
-import org.sopt.lequuServer.global.config.SecurityConfig;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
 import org.springframework.stereotype.Component;
@@ -17,6 +16,9 @@
 
 import java.io.IOException;
 
+import static org.sopt.lequuServer.global.auth.security.AuthWhiteList.AUTH_WHITELIST_DEFALUT;
+import static org.sopt.lequuServer.global.auth.security.AuthWhiteList.AUTH_WHITELIST_WILDCARD;
+
 /**
  * JWT의 유효성을 검증하는 Filter
  */
@@ -30,11 +32,14 @@ public class JwtAuthenticationFilter extends OncePerRequestFilter {
     @Override
     protected void doFilterInternal(@NonNull HttpServletRequest request, @NonNull HttpServletResponse response, @NonNull FilterChain filterChain) throws IOException, ServletException, IOException {
 
-        if (SecurityConfig.AUTH_WHITELIST.stream()
-                .anyMatch(whiteUrl -> {
-                    String modifiedWhiteUrl = whiteUrl.endsWith("/**") ? whiteUrl.substring(0, whiteUrl.length() - 3) : whiteUrl;
-                    return request.getRequestURI().contains(modifiedWhiteUrl);
-                })) {
+        if (AUTH_WHITELIST_DEFALUT.stream()
+                .anyMatch(whiteUrl -> request.getRequestURI().equals(whiteUrl))) {
+            filterChain.doFilter(request, response);
+            return;
+        }
+
+        if (AUTH_WHITELIST_WILDCARD.stream()
+                .anyMatch(whiteUrl -> request.getRequestURI().startsWith(whiteUrl.substring(0, whiteUrl.length() - 3)))) {
             filterChain.doFilter(request, response);
             return;
         }

src/main/java/org/sopt/lequuServer/global/config/SecurityConfig.java

@@ -12,8 +12,7 @@
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
 
-import java.util.Arrays;
-import java.util.List;
+import static org.sopt.lequuServer.global.auth.security.AuthWhiteList.AUTH_WHITELIST;
 
 @Configuration
 @EnableWebSecurity
@@ -23,13 +22,6 @@ public class SecurityConfig {
     private final JwtAuthenticationFilter jwtAuthenticationFilter;
     private final JwtExceptionFilter jwtExceptionFilter;
 
-    public static final List<String> AUTH_WHITELIST = Arrays.asList(
-            "/api/kakao/**", "/loading", "/error", "/api/login", "/api/reissue",
-            "/api/test/**", "/health", "/actuator/health",
-            "/api/images/**", "/", "/swagger-ui/**", "/swagger-resources/**", "/api-docs/**",
-            "/api/common/**", "/api/books/detail/**"
-    );
-
     @Bean
     public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
         return http
@@ -40,7 +32,7 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
                         sessionManagementConfigurer.sessionCreationPolicy(SessionCreationPolicy.STATELESS)) // Spring Security 세션 정책 : 세션 생성 및 사용하지 않음
                 .authorizeHttpRequests(authorizationManagerRequestMatcherRegistry ->
                         authorizationManagerRequestMatcherRegistry
-                                .requestMatchers(AUTH_WHITELIST.toArray(new String[0])).permitAll()
+                                .requestMatchers(AUTH_WHITELIST).permitAll()
                                 .anyRequest().authenticated())
                 .addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class)
                 .addFilterBefore(jwtExceptionFilter, JwtAuthenticationFilter.class)