rabbit125834668

<p>boot 3.3.5 기준</p><p>&nbsp;</p><pre><code>@Configuration
@EnableWebSecurity
public class WebSecurity {

    private static final String[] WHITE_LIST = {
            "/users/**",
            "/**"
    };

    @Bean
    public SecurityFilterChain config(HttpSecurity http) throws Exception {
        http
                .csrf(AbstractHttpConfigurer::disable) // CSRF 비활성화
                .headers(headers -> headers
                        .frameOptions(HeadersConfigurer.FrameOptionsConfig::disable) // X-Frame-Options 비활성화
                )
                .authorizeHttpRequests(authorize -> authorize
                        .requestMatchers(WHITE_LIST).permitAll() // 특정 경로 허용
                        .anyRequest().authenticated()); // 나머지 요청은 인증 필요
        return http.build();
    }
}</code></pre>

rabbit125834668

Posts