refactor: CORS 설정 주입받아 사용토록 수정

timepiece/src/main/java/com/appcenter/timepiece/TimepieceApplication.java

@@ -1,12 +1,15 @@
 package com.appcenter.timepiece;
 
+import com.appcenter.timepiece.common.security.CorsProperties;
 import io.swagger.v3.oas.annotations.OpenAPIDefinition;
 import io.swagger.v3.oas.annotations.servers.Server;
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.boot.context.properties.EnableConfigurationProperties;
 import org.springframework.context.annotation.EnableAspectJAutoProxy;
 import org.springframework.data.jpa.repository.config.EnableJpaAuditing;
 
+@EnableConfigurationProperties(CorsProperties.class)
 @OpenAPIDefinition(servers = {@Server(url = "/", description = "Default Server url")})
 @EnableJpaAuditing
 @EnableAspectJAutoProxy

timepiece/src/main/java/com/appcenter/timepiece/common/security/CorsConfig.java

@@ -0,0 +1,33 @@
+package com.appcenter.timepiece.common.security;
+
+
+import lombok.RequiredArgsConstructor;
+import org.springframework.context.annotation.Bean;
+import org.springframework.stereotype.Component;
+import org.springframework.web.cors.CorsConfiguration;
+import org.springframework.web.cors.CorsConfigurationSource;
+import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
+
+
+@Component
+@RequiredArgsConstructor
+public class CorsConfig {
+
+    private final CorsProperties corsProperties;
+
+    @Bean
+    public CorsConfigurationSource corsConfigurationSource() {
+        CorsConfiguration configuration = new CorsConfiguration();
+
+        configuration.setAllowedOrigins(corsProperties.getAllowedOrigins());
+        configuration.setAllowedMethods(corsProperties.getAllowedMethods());
+        configuration.setAllowedHeaders(corsProperties.getAllowedHeaders());
+        // cors preflight request(OPTIONS) 결과를 캐싱하는 시간. 너무 길면 CORS 변경 시 즉시 반영되지 않을 수 있음
+        configuration.setMaxAge(corsProperties.getMaxAge());
+        configuration.setAllowCredentials(corsProperties.getAllowCredentials());
+
+        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
+        source.registerCorsConfiguration("/**", configuration);
+        return source;
+    }
+}

timepiece/src/main/java/com/appcenter/timepiece/common/security/CorsProperties.java

@@ -0,0 +1,26 @@
+package com.appcenter.timepiece.common.security;
+
+import lombok.Getter;
+import org.springframework.boot.context.properties.ConfigurationProperties;
+
+import java.util.List;
+
+@Getter
+@ConfigurationProperties(prefix = "cors")
+public class CorsProperties {
+    private final List<String> allowedOrigins;
+    private final List<String> allowedMethods;
+    private final List<String> allowedHeaders;
+    private final Long maxAge;
+    private final Boolean allowCredentials;
+
+    public CorsProperties(List<String> allowedOrigins, List<String> allowedMethods,
+                          List<String> allowedHeaders, Long maxAge, Boolean allowCredentials) {
+        this.allowedOrigins = allowedOrigins;
+        this.allowedMethods = allowedMethods;
+        this.allowedHeaders = allowedHeaders;
+        this.maxAge = maxAge;
+        this.allowCredentials = allowCredentials;
+    }
+
+}

timepiece/src/main/java/com/appcenter/timepiece/common/security/SecurityConfig.java

@@ -14,11 +14,7 @@
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.access.AccessDeniedHandler;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
-import org.springframework.web.cors.CorsConfiguration;
 import org.springframework.web.cors.CorsConfigurationSource;
-import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
-
-import java.util.List;
 
 @Configuration
 @EnableWebSecurity
@@ -35,13 +31,15 @@ public class SecurityConfig {
 
     private final OAuth2SuccessHandler oAuth2SuccessHandler;
 
+    private final CorsConfigurationSource corsConfigurationSource;
+
     @Bean
     protected SecurityFilterChain configure(HttpSecurity httpSecurity) throws Exception {
         httpSecurity
                 .httpBasic(HttpBasicConfigurer::disable)
                 .csrf(CsrfConfigurer::disable)
                 .cors(security -> {
-                    security.configurationSource(corsConfigurationSource());
+                    security.configurationSource(corsConfigurationSource);
                 })
                 .sessionManagement((sessionManagement) ->
                         sessionManagement
@@ -74,19 +72,6 @@ protected SecurityFilterChain configure(HttpSecurity httpSecurity) throws Except
         return httpSecurity.build();
     }
 
-    @Bean
-    protected CorsConfigurationSource corsConfigurationSource() {
-        CorsConfiguration configuration = new CorsConfiguration();
-
-        configuration.setAllowedOrigins(List.of("https://timepiece.inuappcenter.kr"));
-        configuration.setAllowedMethods(List.of("GET", "POST", "PUT", "DELETE", "PATCH", "OPTIONS"));
-        configuration.addAllowedHeader("*");
-        configuration.setAllowCredentials(true);
-        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
-        source.registerCorsConfiguration("/**", configuration);
-        return source;
-    }
-
     String[] PERMIT_ALL = {
             "/oauth2/**", //oauth2 로그인 서비스 접근
             "/login/**", //oauth2 로그인창