diff --git a/build.gradle b/build.gradle index 445ee36..b16b386 100644 --- a/build.gradle +++ b/build.gradle @@ -24,6 +24,7 @@ dependencies { implementation 'org.springframework.boot:spring-boot-starter-security' implementation 'org.springframework.boot:spring-boot-starter-web' implementation 'org.springframework.boot:spring-boot-starter-validation' + implementation 'org.springframework.boot:spring-boot-starter-actuator' // OpenAPI / Swagger UI implementation 'org.springdoc:springdoc-openapi-starter-webmvc-ui:2.1.0' diff --git a/src/main/java/com/goi/erp/config/SecurityConfig.java b/src/main/java/com/goi/erp/config/SecurityConfig.java index b98d26d..fb43533 100644 --- a/src/main/java/com/goi/erp/config/SecurityConfig.java +++ b/src/main/java/com/goi/erp/config/SecurityConfig.java @@ -18,6 +18,9 @@ import org.springframework.web.cors.CorsConfigurationSource; import org.springframework.web.cors.UrlBasedCorsConfigurationSource; import org.springframework.web.filter.CorsFilter; +import org.springframework.boot.actuate.autoconfigure.security.servlet.EndpointRequest; +import org.springframework.boot.actuate.health.HealthEndpoint; + @Configuration @EnableMethodSecurity // @PreAuthorize 등 사용 가능 @RequiredArgsConstructor @@ -31,6 +34,7 @@ public class SecurityConfig { .csrf(csrf -> csrf.disable()) // CSRF 비활성화 (API 서버라면 stateless) .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS)) // 세션 사용 안함 .authorizeHttpRequests(auth -> auth + .requestMatchers(EndpointRequest.to(HealthEndpoint.class)).permitAll() .requestMatchers("/swagger-ui/**", "/v3/api-docs/**").permitAll() .requestMatchers("/ext/**").permitAll() .requestMatchers("/scheduler/**").permitAll()