fix: 로그아웃 SecurityConfig 설정

Cushion-Dev · Aug 5, 2024 · a9ce93d · a9ce93d
1 parent 9575a3d
commit a9ce93d
Showing 1 changed file with 7 additions and 1 deletion.
diff --git a/src/main/java/com/chzzk/cushion/global/config/SecurityConfig.java b/src/main/java/com/chzzk/cushion/global/config/SecurityConfig.java
@@ -17,6 +17,7 @@
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
 import org.springframework.web.cors.CorsConfiguration;
 import org.springframework.web.cors.CorsConfigurationSource;
 import org.springframework.web.cors.CorsUtils;
@@ -64,7 +65,12 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
                 .oauth2Login(oauth2 -> oauth2
                         .userInfoEndpoint(userInfoEndpointConfig -> userInfoEndpointConfig.userService(customOAuth2UserService))
                         .successHandler(customSuccessHandler)
-                );
+                )
+                .logout(logout -> logout
+                        .logoutRequestMatcher(new AntPathRequestMatcher("/members/logout"))
+                        .logoutSuccessUrl("/")
+                        .deleteCookies("Authorization", "refreshToken", "JSESSIONID", "accessToken")
+                        .invalidateHttpSession(true));
 
         return http.build();
     }