From e8eb4381f2865ed64c74596f254fde3570e1c90b Mon Sep 17 00:00:00 2001 From: Hyojin Ahn Date: Tue, 9 Jun 2026 12:32:15 -0400 Subject: [PATCH] =?UTF-8?q?health=20check=20=EC=B6=94=EA=B0=80?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- build.gradle | 1 + src/main/java/com/goi/erp/config/SecurityConfig.java | 4 ++++ 2 files changed, 5 insertions(+) diff --git a/build.gradle b/build.gradle index 445ee36..b16b386 100644 --- a/build.gradle +++ b/build.gradle @@ -24,6 +24,7 @@ dependencies { implementation 'org.springframework.boot:spring-boot-starter-security' implementation 'org.springframework.boot:spring-boot-starter-web' implementation 'org.springframework.boot:spring-boot-starter-validation' + implementation 'org.springframework.boot:spring-boot-starter-actuator' // OpenAPI / Swagger UI implementation 'org.springdoc:springdoc-openapi-starter-webmvc-ui:2.1.0' diff --git a/src/main/java/com/goi/erp/config/SecurityConfig.java b/src/main/java/com/goi/erp/config/SecurityConfig.java index b98d26d..fb43533 100644 --- a/src/main/java/com/goi/erp/config/SecurityConfig.java +++ b/src/main/java/com/goi/erp/config/SecurityConfig.java @@ -18,6 +18,9 @@ import org.springframework.web.cors.CorsConfigurationSource; import org.springframework.web.cors.UrlBasedCorsConfigurationSource; import org.springframework.web.filter.CorsFilter; +import org.springframework.boot.actuate.autoconfigure.security.servlet.EndpointRequest; +import org.springframework.boot.actuate.health.HealthEndpoint; + @Configuration @EnableMethodSecurity // @PreAuthorize 등 사용 가능 @RequiredArgsConstructor @@ -31,6 +34,7 @@ public class SecurityConfig { .csrf(csrf -> csrf.disable()) // CSRF 비활성화 (API 서버라면 stateless) .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS)) // 세션 사용 안함 .authorizeHttpRequests(auth -> auth + .requestMatchers(EndpointRequest.to(HealthEndpoint.class)).permitAll() .requestMatchers("/swagger-ui/**", "/v3/api-docs/**").permitAll() .requestMatchers("/ext/**").permitAll() .requestMatchers("/scheduler/**").permitAll()