diff --git a/app/kac-app/src/main/java/kr/co/palnet/kac/app/core/security/AppSecurityConfig.java b/app/kac-app/src/main/java/kr/co/palnet/kac/app/core/security/AppSecurityConfig.java index 8b62e3c..48e8893 100644 --- a/app/kac-app/src/main/java/kr/co/palnet/kac/app/core/security/AppSecurityConfig.java +++ b/app/kac-app/src/main/java/kr/co/palnet/kac/app/core/security/AppSecurityConfig.java @@ -8,6 +8,7 @@ import lombok.extern.slf4j.Slf4j; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.DependsOn; +import org.springframework.core.annotation.Order; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer; diff --git a/web/security/src/main/java/kr/co/palnet/kac/config/security/SecurityConfig.java b/web/security/src/main/java/kr/co/palnet/kac/config/security/SecurityConfig.java index fbbf0fc..2d08f82 100644 --- a/web/security/src/main/java/kr/co/palnet/kac/config/security/SecurityConfig.java +++ b/web/security/src/main/java/kr/co/palnet/kac/config/security/SecurityConfig.java @@ -108,11 +108,12 @@ public abstract class SecurityConfig { } http + .csrf(AbstractHttpConfigurer::disable) + .sessionManagement(AbstractHttpConfigurer::disable) .securityMatchers(matchers -> matchers.requestMatchers(ignoreURI)) .authorizeHttpRequests(authz -> authz.anyRequest().permitAll()) .requestCache(RequestCacheConfigurer::disable) .securityContext(AbstractHttpConfigurer::disable) - .sessionManagement(AbstractHttpConfigurer::disable) ; return http.build(); }