MVPTeam/kamco-cd-api
6
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request 'dev 토큰 유효시간 변경, 인증 Log 추가한거 삭제' (#153) from feat/infer_dev_260211 into develop

Browse Source 
Reviewed-on: #153
This commit was merged in pull request #153.
This commit is contained in:
teddy
2026-03-17 13:55:53 +09:00
parent 0aa415cf3a 4f742edf8b
commit 9eebf23774
4 changed files with 4 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
src/main/java/com/kamco/cd/kamcoback/auth/JwtAuthenticationFilter.java
View File

@@ -16,7 +16,6 @@ import org.springframework.util.AntPathMatcher;
import org.springframework.web.filter.OncePerRequestFilter;
@Component
@Log4j2
@RequiredArgsConstructor
public class JwtAuthenticationFilter extends OncePerRequestFilter {
@@ -33,24 +32,16 @@ public class JwtAuthenticationFilter extends OncePerRequestFilter {
HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
throws ServletException, IOException {
log.info("JWT FILTER START uri={}", request.getRequestURI());
// HTTP 요청 헤더에서 JWT 토큰 꺼내기
String token = resolveToken(request);
log.info("JWT TOKEN = {}", token);
// JWT 토큰을 검증하고, 인증된 사용자로 SecurityContext에 등록
if (token != null && jwtTokenProvider.isValidToken(token)) {
log.info("JWT TOKEN VALID");
String username = jwtTokenProvider.getSubject(token);
log.info("JWT USERNAME = {}", username);
UserDetails userDetails = userDetailsService.loadUserByUsername(username);
log.info("JWT AUTHORITIES = {}", userDetails.getAuthorities());
UsernamePasswordAuthenticationToken authentication =
new UsernamePasswordAuthenticationToken(userDetails, null, userDetails.getAuthorities());
SecurityContextHolder.getContext().setAuthentication(authentication);
log.info("JWT SECURITY CONTEXT SET");
}
filterChain.doFilter(request, response);

4
src/main/java/com/kamco/cd/kamcoback/auth/MenuAuthorizationManager.java
View File

@@ -21,7 +21,6 @@ import org.springframework.stereotype.Component;
* <p>- Redis 사용 안 함 - ADMIN 예외 없음 (DB 매핑 기준) - 한 계정 = role 1개 - menu_url(prefix) 기반 API 접근 제어
*/
@Component
@Log4j2
@RequiredArgsConstructor
public class MenuAuthorizationManager implements AuthorizationManager<RequestAuthorizationContext> {
@@ -60,15 +59,12 @@ public class MenuAuthorizationManager implements AuthorizationManager<RequestAut
for (MenuEntity menu : allowedMenus) {
String baseUri = menu.getMenuUrl();
log.info("MenuAuthorizationManager REQUEST = {}", requestPath);
log.info("MenuAuthorizationManager BASE URI = {}", baseUri);
if (baseUri == null || baseUri.isBlank()) {
continue;
}
if (matchUri(baseUri, requestPath)) {
log.info("MenuAuthorizationManager MATCH SUCCESS");
return new AuthorizationDecision(true);
}
}

4
src/main/java/com/kamco/cd/kamcoback/members/AuthController.java
View File

@@ -36,7 +36,6 @@ import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
@Tag(name = "인증(Auth)", description = "로그인, 토큰 재발급, 로그아웃 API")
@Log4j2
@RestController
@RequestMapping("/api/auth")
@RequiredArgsConstructor
@@ -172,9 +171,6 @@ public class AuthController {
throw new AccessDeniedException("만료되었거나 유효하지 않은 리프레시 토큰 입니다.");
}
log.info("refresh ========");
log.info("refreshToken ======== {}", refreshToken);
String username = jwtTokenProvider.getSubject(refreshToken);
// Redis에 저장된 RefreshToken과 일치하는지 확인

8
src/main/resources/application-dev.yml
View File

@@ -57,10 +57,10 @@ server:
jwt:
secret: "kamco_token_9b71e778-19a3-4c1d-97bf-2d687de17d5b"
# access-token-validity-in-ms: 86400000 # 1일
# refresh-token-validity-in-ms: 604800000 # 7일
access-token-validity-in-ms: 60000 # 1분
refresh-token-validity-in-ms: 300000 # 5분
access-token-validity-in-ms: 86400000 # 1일
refresh-token-validity-in-ms: 604800000 # 7일
#access-token-validity-in-ms: 60000 # 1분
#refresh-token-validity-in-ms: 300000 # 5분
token:
refresh-cookie-name: kamco-dev # 개발용 쿠키 이름