diff --git a/src/main/java/com/goi/erp/auth/AuthCookieService.java b/src/main/java/com/goi/erp/auth/AuthCookieService.java index 5fa95a1..3e69bcc 100644 --- a/src/main/java/com/goi/erp/auth/AuthCookieService.java +++ b/src/main/java/com/goi/erp/auth/AuthCookieService.java @@ -5,6 +5,8 @@ import jakarta.servlet.http.HttpServletRequest; import jakarta.servlet.http.HttpServletResponse; import org.springframework.beans.factory.annotation.Value; import org.springframework.stereotype.Service; +import org.springframework.http.ResponseCookie; +import org.springframework.http.HttpHeaders; import java.util.Arrays; import java.util.Optional; @@ -54,20 +56,15 @@ public class AuthCookieService { // ===================== 내부 공통 ===================== - private void addCookie( - HttpServletResponse response, - String name, - String value, - int maxAge - ) { - Cookie cookie = new Cookie(name, value); - cookie.setHttpOnly(true); - cookie.setSecure(secure); - cookie.setPath(path); - cookie.setMaxAge(maxAge); - - response.addCookie(cookie); - addSameSiteAttribute(response, cookie); + private void addCookie(HttpServletResponse response, String name, String value, int maxAge) { + ResponseCookie cookie = ResponseCookie.from(name, value == null ? "" : value) + .httpOnly(true) + .secure(secure) + .path(path) + .sameSite(sameSite) // Lax / Strict / None + .maxAge(maxAge) // -1 = 세션, 0 = 삭제 + .build(); + response.addHeader(HttpHeaders.SET_COOKIE, cookie.toString()); } private Optional extractCookie(HttpServletRequest request, String name) { @@ -81,29 +78,4 @@ public class AuthCookieService { .filter(v -> v != null && !v.isBlank()) .findFirst(); } - - /** - * SameSite 수동 세팅 (Servlet Cookie API 한계) - */ - private void addSameSiteAttribute(HttpServletResponse response, Cookie cookie) { - StringBuilder sb = new StringBuilder(); - sb.append(cookie.getName()).append("="); - sb.append(cookie.getValue() == null ? "" : cookie.getValue()); - sb.append("; Path=").append(cookie.getPath()); - sb.append("; HttpOnly"); - - if (cookie.getSecure()) { - sb.append("; Secure"); - } - - if (sameSite != null && !sameSite.isBlank()) { - sb.append("; SameSite=").append(sameSite); - } - - if (cookie.getMaxAge() == 0) { - sb.append("; Max-Age=0"); - } - - response.addHeader("Set-Cookie", sb.toString()); - } } diff --git a/src/main/java/com/goi/erp/config/SecurityConfiguration.java b/src/main/java/com/goi/erp/config/SecurityConfiguration.java index 639f4d0..5bbdcb5 100644 --- a/src/main/java/com/goi/erp/config/SecurityConfiguration.java +++ b/src/main/java/com/goi/erp/config/SecurityConfiguration.java @@ -66,6 +66,7 @@ public class SecurityConfiguration { CorsConfiguration config = new CorsConfiguration(); config.setAllowedOriginPatterns(List.of( + "https://portal.greenoilinc.com", "http://localhost:5173", "http://192.168.*.*:5173", "http://10.*.*.*:5173" diff --git a/src/main/resources/application.yml b/src/main/resources/application.yml index 867ae65..59ccf4d 100644 --- a/src/main/resources/application.yml +++ b/src/main/resources/application.yml @@ -29,7 +29,7 @@ application: - "H:R:A" auth: cookie: - secure: false # prod: true / local: false + secure: true # prod: true / local: false same-site: Lax # 필요 시 None (→ Secure 필수) path: / server: