Merge pull request #59 from sw-security-web-app/SCRUM-68

[SCRUM-68] fix: API Error 수정

Author: pjs1710

src/main/java/example/demo/security/HealthCheckController.java

@@ -7,7 +7,7 @@
 @RestController
 public class HealthCheckController {
 
-    @GetMapping("/health-check/")
+    @GetMapping("/health-check")
     public ResponseEntity<?> healthCheck() {
         return ResponseEntity.ok("ok");
     }

src/main/java/example/demo/security/config/SecurityConfig.java

@@ -7,6 +7,7 @@
 import lombok.AllArgsConstructor;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.core.annotation.Order;
 import org.springframework.http.HttpMethod;
 import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
@@ -36,38 +37,38 @@ public class SecurityConfig {
             "/api/login","/swagger-ui/**","/api-docs", "/swagger-ui-custom.html",
             "/v3/api-docs/**", "/api-docs/**", "/swagger-ui.html","/api/signup","/api/mail-send",
             "/api/mail-check","/api/send-password","/api/sms-certification/send","/api/sms-certification/confirm",
-            "/api/find-email","/api/**", "/health-check/"
+            "/api/find-email","/api/**", "/health-check"
     };
   /*
   TODO:White List /api/** 삭제
    */
     @Bean
-    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception{
+    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
         //CSRF,CORS
         http.csrf(AbstractHttpConfigurer::disable);
         http.cors(cors -> cors.configurationSource(corsConfigurationSource()));
         //세션 관리 상태 없음 구성,
-        http.sessionManagement(sessionManagement->sessionManagement.sessionCreationPolicy(
+        http.sessionManagement(sessionManagement -> sessionManagement.sessionCreationPolicy(
                 SessionCreationPolicy.STATELESS
         ));
 
         //FormLogin,BasicHttp 비활성화
-        http.formLogin((form)->form.disable());
+        http.formLogin((form) -> form.disable());
         http.httpBasic(AbstractHttpConfigurer::disable);
 
         //JWT Filter를 UsernamePasswordAuthenticationFilter 앞에 추가
-        http.addFilterBefore(new JwtAuthFilter(customMemberDetailService,jwtUtil), UsernamePasswordAuthenticationFilter.class);
+        http.addFilterBefore(new JwtAuthFilter(customMemberDetailService, jwtUtil), UsernamePasswordAuthenticationFilter.class);
 
-        http.exceptionHandling((exceptionHandling)->exceptionHandling
+        http.exceptionHandling((exceptionHandling) -> exceptionHandling
                 .authenticationEntryPoint(customAuthenticationEntryPoint)
                 .accessDeniedHandler(accessDeniedHandler));
 
         //권한 규칙 생성
-        http.authorizeHttpRequests(authorize->authorize
+        http.authorizeHttpRequests(authorize -> authorize
                 .requestMatchers(AUTH_WHITELIST).permitAll()
                 //@PreAuthorization을 사용
                 //회사 관리자만 직원 삭제 가능
-                .requestMatchers(HttpMethod.DELETE,"/user").hasRole(MemberStatus.MANAGER.getText())
+                .requestMatchers(HttpMethod.DELETE, "/user").hasRole(MemberStatus.MANAGER.getText())
                 .anyRequest().authenticated());
 
         return http.build();

src/main/java/example/demo/security/util/JwtAuthFilter.java

@@ -22,6 +22,13 @@ public class JwtAuthFilter extends OncePerRequestFilter {
 
     //JWT 토큰 검증 필터
     protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
+
+        // health-check 요청을 위한 Security 관련 부분 패스하기
+        if (request.getRequestURI().equals("/health-check")) {
+            filterChain.doFilter(request, response);
+            return;
+        }
+
         String authorizationHeader=request.getHeader("Authorization");
 
         //JWT헤더가 있는 경우