[Refactor] security 구조 변경 (#27)

junseoplee · web-flow · commit b5e1262cacb7 · 2024-09-24T18:25:17.000+09:00
* refactor: security 구조 변경 (#24) * refactor: auth URI 변경 (#24) * refactor: 리이슈 트리거를 상태 코드로 변경 (#24) * refactor: token entity 구조 변경 (#24)
diff --git a/src/main/java/project/backend/business/auth/AuthService.java b/src/main/java/project/backend/business/auth/AuthService.java
@@ -10,14 +10,14 @@
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
 import project.backend.business.auth.implement.KakaoLoginManager;
-import project.backend.common.auth.token.BlacklistToken;
+import project.backend.entity.token.BlacklistToken;
 import project.backend.business.auth.request.TokenServiceRequest;
 import project.backend.common.error.CustomException;
 import project.backend.common.error.ErrorCode;
 import project.backend.repository.auth.BlacklistTokenRedisRepository;
 import project.backend.repository.auth.RefreshTokenRedisRepository;
 import project.backend.entity.user.User;
-import project.backend.common.auth.token.RefreshToken;
+import project.backend.entity.token.RefreshToken;
 import project.backend.business.auth.implement.TokenProvider;
 import project.backend.business.auth.response.TokenServiceResponse;
 
diff --git a/src/main/java/project/backend/business/auth/implement/KakaoLoginManager.java b/src/main/java/project/backend/business/auth/implement/KakaoLoginManager.java
@@ -18,7 +18,7 @@
 import org.springframework.util.MultiValueMap;
 import org.springframework.web.client.HttpClientErrorException;
 import org.springframework.web.client.RestTemplate;
-import project.backend.common.auth.oauth.KakaoUserInfo;
+import project.backend.security.oauth.KakaoUserInfo;
 import project.backend.common.error.exception.UserNotAuthenticatedException;
 import project.backend.entity.user.User;
 import project.backend.repository.user.UserRepository;
diff --git a/src/main/java/project/backend/business/auth/implement/TokenProvider.java b/src/main/java/project/backend/business/auth/implement/TokenProvider.java
@@ -23,7 +23,7 @@
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.stereotype.Component;
 import project.backend.business.auth.response.TokenServiceResponse;
-import project.backend.common.auth.oauth.KakaoUserDetails;
+import project.backend.security.oauth.KakaoUserDetails;
 import project.backend.repository.auth.BlacklistTokenRedisRepository;
 
 @Slf4j
diff --git a/src/main/java/project/backend/business/auth/oauth/KakaoUserDetailsService.java b/src/main/java/project/backend/business/auth/oauth/KakaoUserDetailsService.java
@@ -8,8 +8,8 @@
 import org.springframework.security.oauth2.client.userinfo.OAuth2UserRequest;
 import org.springframework.security.oauth2.core.user.OAuth2User;
 import org.springframework.stereotype.Service;
-import project.backend.common.auth.oauth.KakaoUserDetails;
-import project.backend.common.auth.oauth.KakaoUserInfo;
+import project.backend.security.oauth.KakaoUserDetails;
+import project.backend.security.oauth.KakaoUserInfo;
 import project.backend.entity.user.User;
 import project.backend.repository.user.UserRepository;
 
diff --git a/src/main/java/project/backend/common/config/SecurityConfig.java b/src/main/java/project/backend/common/config/SecurityConfig.java
@@ -17,9 +17,9 @@
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
 import project.backend.business.auth.oauth.KakaoUserDetailsService;
-import project.backend.common.auth.jwt.JwtAccessDeniedHandler;
-import project.backend.common.auth.jwt.JwtAuthenticationFailEntryPoint;
-import project.backend.common.auth.jwt.JwtFilter;
+import project.backend.security.jwt.JwtAccessDeniedHandler;
+import project.backend.security.jwt.JwtAuthenticationFailEntryPoint;
+import project.backend.security.jwt.JwtFilter;
 import project.backend.common.error.ExceptionHandlerFilter;
 
 @Configuration
@@ -28,36 +28,37 @@
 @Profile("dev")
 public class SecurityConfig {
 
-    private final JwtAuthenticationFailEntryPoint jwtAuthenticationFailEntryPoint;
-    private final JwtAccessDeniedHandler jwtAccessDeniedHandler;
-    private final JwtFilter jwtFilter;
-    private final KakaoUserDetailsService kakaoUserDetailsService;
+  private final JwtAuthenticationFailEntryPoint jwtAuthenticationFailEntryPoint;
+  private final JwtAccessDeniedHandler jwtAccessDeniedHandler;
+  private final JwtFilter jwtFilter;
+  private final KakaoUserDetailsService kakaoUserDetailsService;
+  private final ExceptionHandlerFilter exceptionHandlerFilter;
 
-    @Bean
-    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
-        http.formLogin(AbstractHttpConfigurer::disable)
-                .httpBasic(AbstractHttpConfigurer::disable)
-                .csrf(AbstractHttpConfigurer::disable)
-                .cors(withDefaults())
-                .headers(headers -> headers.frameOptions(FrameOptionsConfig::disable))
-                .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
-                .oauth2Login(oauth -> oauth.userInfoEndpoint(config -> config.userService(kakaoUserDetailsService)))
-                .authorizeHttpRequests(request -> request
-                        .requestMatchers("/v1/auth/**").permitAll()
-                        .requestMatchers("/v1/exception/**").permitAll()
-                        .requestMatchers(HttpMethod.POST, "/post").permitAll()
-                        .requestMatchers(HttpMethod.PATCH, "/post/*/summary").permitAll()
-                        .anyRequest().authenticated()
-                )
-                .addFilterBefore(jwtFilter, UsernamePasswordAuthenticationFilter.class)
-                .addFilterBefore(new ExceptionHandlerFilter(), JwtFilter.class) // JwtFilter 에서 CustomException 사용하기 위해 추가
-                .exceptionHandling(exceptionHandling -> {
-                    exceptionHandling.authenticationEntryPoint(jwtAuthenticationFailEntryPoint);
-                    exceptionHandling.accessDeniedHandler(jwtAccessDeniedHandler);
-                });
+  @Bean
+  public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
+    http.formLogin(AbstractHttpConfigurer::disable)
+        .httpBasic(AbstractHttpConfigurer::disable)
+        .csrf(AbstractHttpConfigurer::disable)
+        .cors(withDefaults())
+        .headers(headers -> headers.frameOptions(FrameOptionsConfig::disable))
+        .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
+        .oauth2Login(oauth -> oauth.userInfoEndpoint(config -> config.userService(kakaoUserDetailsService)))
+        .authorizeHttpRequests(request -> request
+            .requestMatchers("/auth/**").permitAll()
+            .requestMatchers("/exception/**").permitAll()
+            .requestMatchers(HttpMethod.POST, "/post").permitAll()
+            .requestMatchers(HttpMethod.PATCH, "/post/*/summary").permitAll()
+            .anyRequest().authenticated()
+        )
+        .addFilterBefore(jwtFilter, UsernamePasswordAuthenticationFilter.class)
+        .addFilterBefore(exceptionHandlerFilter, JwtFilter.class) // ExceptionHandlerFilter 의존성 주입으로 사용
+        .exceptionHandling(exceptionHandling -> {
+          exceptionHandling.authenticationEntryPoint(jwtAuthenticationFailEntryPoint);
+          exceptionHandling.accessDeniedHandler(jwtAccessDeniedHandler);
+        });
 
-        return http.build();
-    }
+    return http.build();
+  }
 
     @Bean
     public PasswordEncoder passwordEncoder() {
diff --git a/src/main/java/project/backend/common/error/ErrorCode.java b/src/main/java/project/backend/common/error/ErrorCode.java
@@ -8,10 +8,11 @@ public enum ErrorCode {
   NONE_AUTHENTICATED("인증 정보가 없습니다.", HttpStatus.UNAUTHORIZED),
   NOT_AUTHENTICATED("유효하지 않는 인증 정보입니다.", HttpStatus.UNAUTHORIZED),
   USER_NOT_FOUND("존재하지 않는 유저입니다.", HttpStatus.UNAUTHORIZED),
-  INVALID_PASSWORD("올바르지 않은 비밀번호입니다.", HttpStatus.UNAUTHORIZED),
   BAD_REQUEST("잘못된 요청입니다.", HttpStatus.BAD_REQUEST),
   INVALID_REFRESH_TOKEN("유효하지 않은 리프레시 토큰입니다.", HttpStatus.UNAUTHORIZED),
-  INVALID_ACCESS_TOKEN("유효하지 않은 엑세스 토큰입니다.", HttpStatus.UNAUTHORIZED);
+  INVALID_ACCESS_TOKEN("유효하지 않은 엑세스 토큰입니다.", HttpStatus.UNAUTHORIZED),
+  TOKEN_INVALID("유효하지 않은 토큰입니다.", HttpStatus.UNAUTHORIZED),
+  ACCESS_DENIED("접근 권한이 없습니다.", HttpStatus.FORBIDDEN);
 
   private final String message;
   private final HttpStatus httpStatus;
diff --git a/src/main/java/project/backend/common/error/ExceptionHandlerFilter.java b/src/main/java/project/backend/common/error/ExceptionHandlerFilter.java
@@ -2,33 +2,38 @@
 
 import com.fasterxml.jackson.databind.ObjectMapper;
 import jakarta.servlet.FilterChain;
-import jakarta.servlet.ServletException;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
-import lombok.extern.slf4j.Slf4j;
-import org.springframework.http.HttpStatus;
-import org.springframework.web.filter.OncePerRequestFilter;
-
 import java.io.IOException;
 import java.util.HashMap;
 import java.util.Map;
-
+import java.util.Objects;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.http.HttpStatus;
+import org.springframework.lang.Nullable;
+import org.springframework.stereotype.Component;
+import org.springframework.web.filter.OncePerRequestFilter;
 
 @Slf4j
+@Component
 public class ExceptionHandlerFilter extends OncePerRequestFilter {
     @Override
-    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
+    protected void doFilterInternal(
+        @Nullable HttpServletRequest request,
+        @Nullable HttpServletResponse response,
+        @Nullable FilterChain filterChain
+    ) throws IOException {
         try {
-            filterChain.doFilter(request, response);
+            Objects.requireNonNull(filterChain).doFilter(request, response);
         } catch (CustomException e) {
-            setErrorResponse(e.getErrorCode().getHttpStatus(), response, e);
+            setErrorResponse(e.getErrorCode().getHttpStatus(), Objects.requireNonNull(response), e);
         } catch (Exception e) {
-            setErrorResponse(HttpStatus.INTERNAL_SERVER_ERROR, response, e);
+            setErrorResponse(HttpStatus.INTERNAL_SERVER_ERROR, Objects.requireNonNull(response), e);
         }
     }
 
     public void setErrorResponse(HttpStatus status, HttpServletResponse response, Throwable ex) throws IOException {
-        log.error("[ExceptionHandlerFilter] errMsg : " + ex.getMessage());
+      log.error("[ExceptionHandlerFilter] errMsg : {}", ex.getMessage());
 
         response.setStatus(status.value());
         response.setContentType("application/json; charset=UTF-8");
@@ -44,5 +49,4 @@ public void setErrorResponse(HttpStatus status, HttpServletResponse response, Th
                 new ObjectMapper().writeValueAsString(errorResponse)
         );
     }
-
-}
+}
diff --git a/src/main/java/project/backend/entity/token/BlacklistToken.java b/src/main/java/project/backend/entity/token/BlacklistToken.java
@@ -1,4 +1,4 @@
-package project.backend.common.auth.token;
+package project.backend.entity.token;
 
 import lombok.Builder;
 import lombok.Getter;
diff --git a/src/main/java/project/backend/entity/token/RefreshToken.java b/src/main/java/project/backend/entity/token/RefreshToken.java
@@ -1,4 +1,4 @@
-package project.backend.common.auth.token;
+package project.backend.entity.token;
 
 import java.util.Collection;
 import org.springframework.data.annotation.Id;
diff --git a/src/main/java/project/backend/presentation/auth/controller/AuthController.java b/src/main/java/project/backend/presentation/auth/controller/AuthController.java
@@ -17,7 +17,7 @@
 
 @RestController
 @RequiredArgsConstructor
-@RequestMapping("/v1/auth")
+@RequestMapping("/auth")
 public class AuthController {
 
   private final AuthService authService;
diff --git a/src/main/java/project/backend/presentation/post/controller/PostController.java b/src/main/java/project/backend/presentation/post/controller/PostController.java
@@ -8,9 +8,9 @@
 import project.backend.business.post.PostService;
 import project.backend.business.post.dto.PostDetailDto;
 import project.backend.business.post.dto.PostListDto;
-import project.backend.common.auth.aop.AssignCurrentUserInfo;
-import project.backend.common.auth.aop.AssignOrNullCurrentUserInfo;
-import project.backend.common.auth.aop.CurrentUserInfo;
+import project.backend.security.aop.AssignCurrentUserInfo;
+import project.backend.security.aop.AssignOrNullCurrentUserInfo;
+import project.backend.security.aop.CurrentUserInfo;
 import project.backend.presentation.post.dto.request.SummaryUrlRequest;
 import project.backend.presentation.post.dto.request.UpdatePostRequest;
 import project.backend.presentation.post.dto.response.CreateUpdatePostResponse;
diff --git a/src/main/java/project/backend/presentation/user/controller/UserController.java b/src/main/java/project/backend/presentation/user/controller/UserController.java
@@ -6,8 +6,8 @@
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
 import project.backend.business.user.UserService;
-import project.backend.common.auth.aop.AssignCurrentUserInfo;
-import project.backend.common.auth.aop.CurrentUserInfo;
+import project.backend.security.aop.AssignCurrentUserInfo;
+import project.backend.security.aop.CurrentUserInfo;
 import project.backend.entity.user.User;
 
 @RestController
diff --git a/src/main/java/project/backend/repository/auth/BlacklistTokenRedisRepository.java b/src/main/java/project/backend/repository/auth/BlacklistTokenRedisRepository.java
@@ -1,7 +1,7 @@
 package project.backend.repository.auth;
 
 import org.springframework.data.repository.CrudRepository;
-import project.backend.common.auth.token.BlacklistToken;
+import project.backend.entity.token.BlacklistToken;
 
 public interface BlacklistTokenRedisRepository extends CrudRepository<BlacklistToken, String> {
 
diff --git a/src/main/java/project/backend/repository/auth/RefreshTokenRedisRepository.java b/src/main/java/project/backend/repository/auth/RefreshTokenRedisRepository.java
@@ -2,7 +2,7 @@
 
 import org.springframework.data.redis.core.RedisHash;
 import org.springframework.data.repository.CrudRepository;
-import project.backend.common.auth.token.RefreshToken;
+import project.backend.entity.token.RefreshToken;
 
 @RedisHash
 public interface RefreshTokenRedisRepository extends CrudRepository<RefreshToken, Long> {
diff --git a/src/main/java/project/backend/security/aop/AssignCurrentUserInfo.java b/src/main/java/project/backend/security/aop/AssignCurrentUserInfo.java
@@ -1,4 +1,4 @@
-package project.backend.common.auth.aop;
+package project.backend.security.aop;
 
 import java.lang.annotation.ElementType;
 import java.lang.annotation.Retention;
diff --git a/src/main/java/project/backend/security/aop/AssignCurrentUserInfoAspect.java b/src/main/java/project/backend/security/aop/AssignCurrentUserInfoAspect.java
@@ -1,4 +1,4 @@
-package project.backend.common.auth.aop;
+package project.backend.security.aop;
 
 import java.lang.reflect.Method;
 import java.util.Arrays;
@@ -12,14 +12,14 @@
 import org.springframework.stereotype.Component;
 import project.backend.common.error.CustomException;
 import project.backend.common.error.ErrorCode;
-import project.backend.common.auth.oauth.KakaoUserDetails;
+import project.backend.security.oauth.KakaoUserDetails;
 
 @Aspect
 @Component
 public class AssignCurrentUserInfoAspect {
 
     // @AssignCurrentUserInfo 가 있는 메서드 실행 전에 현재 유저의 ID를 CurrentUserInfo 객체에 할당
-    @Before("@annotation(project.backend.common.auth.aop.AssignCurrentUserInfo)")
+    @Before("@annotation(project.backend.security.aop.AssignCurrentUserInfo)")
     public void assignUserId(JoinPoint joinPoint) {
         Arrays.stream(joinPoint.getArgs())
                 .forEach(arg -> getMethod(arg.getClass())
@@ -31,7 +31,7 @@ public void assignUserId(JoinPoint joinPoint) {
 
     // Login 했을 경우 현재 유저의 ID를 CurrentUserInfo 객체에 할당
     // Login 하지 않았을 경우 CurrentUserInfo 객체에 null 할당
-    @Before("@annotation(project.backend.common.auth.aop.AssignOrNullCurrentUserInfo)")
+    @Before("@annotation(project.backend.security.aop.AssignOrNullCurrentUserInfo)")
     public void assignUserIdOrNull(JoinPoint joinPoint) {
         Arrays.stream(joinPoint.getArgs())
                 .forEach(arg -> getMethod(arg.getClass())
diff --git a/src/main/java/project/backend/security/aop/AssignOrNullCurrentUserInfo.java b/src/main/java/project/backend/security/aop/AssignOrNullCurrentUserInfo.java
@@ -1,4 +1,4 @@
-package project.backend.common.auth.aop;
+package project.backend.security.aop;
 
 import java.lang.annotation.ElementType;
 import java.lang.annotation.Retention;
diff --git a/src/main/java/project/backend/security/aop/CurrentUserInfo.java b/src/main/java/project/backend/security/aop/CurrentUserInfo.java
@@ -1,4 +1,4 @@
-package project.backend.common.auth.aop;
+package project.backend.security.aop;
 
 import jakarta.validation.constraints.Null;
 import lombok.AccessLevel;
diff --git a/src/main/java/project/backend/security/jwt/JwtAccessDeniedHandler.java b/src/main/java/project/backend/security/jwt/JwtAccessDeniedHandler.java
@@ -1,26 +1,29 @@
-package project.backend.common.auth.jwt;
+package project.backend.security.jwt;
 
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
 import java.io.IOException;
+import java.util.Map;
 import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.web.access.AccessDeniedHandler;
 import org.springframework.stereotype.Component;
+import project.backend.common.error.ErrorCode;
+import com.fasterxml.jackson.databind.ObjectMapper;
 
 @Component
 public class JwtAccessDeniedHandler implements AccessDeniedHandler {
 
-  private static final String EXCEPTION_ACCESS_HANDLER = "/exception/access-denied";
-
   @Override
   public void handle(HttpServletRequest request, HttpServletResponse response,
       AccessDeniedException accessDeniedException) throws IOException {
-    if (!request.isSecure()) {
-      String redirectUrl =
-          "https://" + request.getServerName() + EXCEPTION_ACCESS_HANDLER;
-      response.sendRedirect(redirectUrl);
-    } else {
-      response.sendRedirect(EXCEPTION_ACCESS_HANDLER);
-    }
+
+    response.setStatus(HttpServletResponse.SC_FORBIDDEN);
+    response.setContentType("application/json; charset=UTF-8");
+
+    ObjectMapper objectMapper = new ObjectMapper();
+    response.getWriter().write(objectMapper.writeValueAsString(Map.of(
+        "status", HttpServletResponse.SC_FORBIDDEN,
+        "error", ErrorCode.ACCESS_DENIED.getMessage()
+    )));
   }
 }
diff --git a/src/main/java/project/backend/security/jwt/JwtAuthenticationFailEntryPoint.java b/src/main/java/project/backend/security/jwt/JwtAuthenticationFailEntryPoint.java
@@ -1,26 +1,29 @@
-package project.backend.common.auth.jwt;
+package project.backend.security.jwt;
 
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
 import java.io.IOException;
+import java.util.Map;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.web.AuthenticationEntryPoint;
 import org.springframework.stereotype.Component;
+import project.backend.common.error.ErrorCode;
+import com.fasterxml.jackson.databind.ObjectMapper;
 
 @Component
 public class JwtAuthenticationFailEntryPoint implements AuthenticationEntryPoint {
 
-  private static final String EXCEPTION_ENTRY_POINT = "/exception/entry-point";
-
   @Override
   public void commence(HttpServletRequest request, HttpServletResponse response,
       AuthenticationException authException) throws IOException {
-    if (!request.isSecure()) {
-      String redirectUrl =
-          "https://" + request.getServerName() + EXCEPTION_ENTRY_POINT;
-      response.sendRedirect(redirectUrl);
-    } else {
-      response.sendRedirect(EXCEPTION_ENTRY_POINT);
-    }
+
+    response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
+    response.setContentType("application/json; charset=UTF-8");
+
+    ObjectMapper objectMapper = new ObjectMapper();
+    response.getWriter().write(objectMapper.writeValueAsString(Map.of(
+        "status", HttpServletResponse.SC_UNAUTHORIZED,
+        "error", ErrorCode.NONE_AUTHENTICATED.getMessage()
+    )));
   }
 }
diff --git a/src/main/java/project/backend/security/jwt/JwtFilter.java b/src/main/java/project/backend/security/jwt/JwtFilter.java
diff --git a/src/main/java/project/backend/security/oauth/KakaoUserDetails.java b/src/main/java/project/backend/security/oauth/KakaoUserDetails.java
diff --git a/src/main/java/project/backend/security/oauth/KakaoUserInfo.java b/src/main/java/project/backend/security/oauth/KakaoUserInfo.java

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-package project.backend.common.auth.token;`
	`1`	`+package project.backend.entity.token;`
`2`	`2`
`3`	`3`	`import lombok.Builder;`
`4`	`4`	`import lombok.Getter;`
Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-package project.backend.common.auth.aop;`
	`1`	`+package project.backend.security.aop;`
`2`	`2`
`3`	`3`	`import java.lang.annotation.ElementType;`
`4`	`4`	`import java.lang.annotation.Retention;`