# 스프링 인터셉터로 허용된 URL만 통과시키는 방법 (Spring Boot)

Spring Boot 프로젝트에서는 인터셉터를 이용해 허용된 URL만 접근할 수 있도록 설정하는 것이 중요합니다. 보안이 필요한 관리자 페이지, 로그인 체크, 정적 자원 필터링 등을 위해 PageInterceptor를 자주 사용하게 됩니다.

 

HandlerInterceptor

public class PageInterceptor implements HandlerInterceptor {
    private static final Set<String> allowedPages = Set.of("/", "/member/login");
    private static final List<String> allowedPrefixes = List.of("/js/", "/css/", "/images/", "/favicon.ico", "/geoserver/", "/error");
    private static final List<String> allowedExtensions = List.of(".js", ".css", ".png", ".jpg", ".jpeg", ".gif", ".svg", ".ico");

    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
        String uri = request.getRequestURI();
        String header = request.getHeader("X-Requested-With");

        for (String ext : allowedExtensions) {
            if (uri.endsWith(ext)) return true;
        }

        for (String prefix : allowedPrefixes) {
            if (uri.startsWith(prefix)) return true;
        }

        if ("XMLHttpRequest".equals(header)) return true;
        if (allowedPages.contains(uri)) return true;

        response.sendRedirect("/");
        return false;
    }
}

 

WebMvcConfiogurer

@Configuration
public class WebMvcConfig implements WebMvcConfigurer {
    @Override
    public void addInterceptors(InterceptorRegistry registry) {
        registry.addInterceptor(new PageInterceptor())
                .addPathPatterns("/**")
                .excludePathPatterns("/css/**", "/js/**", "/images/**", "/favicon.ico", "/error", "/geoserver/**", "/api/**");
    }
}