2026-03-17 13:55:53 +09:00
4 changed files with 4 additions and 21 deletions
--- a/src/main/java/com/kamco/cd/kamcoback/auth/JwtAuthenticationFilter.java
+++ b/src/main/java/com/kamco/cd/kamcoback/auth/JwtAuthenticationFilter.java
@@ -16,7 +16,6 @@ import org.springframework.util.AntPathMatcher;
 import org.springframework.web.filter.OncePerRequestFilter;
@Component
@Log4j2
@RequiredArgsConstructor
 public class JwtAuthenticationFilter extends OncePerRequestFilter {
@@ -33,24 +32,16 @@ public class JwtAuthenticationFilter extends OncePerRequestFilter {
      HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
      throws ServletException, IOException {
    log.info("JWT FILTER START uri={}", request.getRequestURI());
    // HTTP 요청 헤더에서 JWT 토큰 꺼내기
    String token = resolveToken(request);
    log.info("JWT TOKEN = {}", token);
    // JWT 토큰을 검증하고, 인증된 사용자로 SecurityContext에 등록
    if (token != null && jwtTokenProvider.isValidToken(token)) {
      log.info("JWT TOKEN VALID");
      String username = jwtTokenProvider.getSubject(token);
      log.info("JWT USERNAME = {}", username);
      UserDetails userDetails = userDetailsService.loadUserByUsername(username);
      log.info("JWT AUTHORITIES = {}", userDetails.getAuthorities());
      UsernamePasswordAuthenticationToken authentication =
          new UsernamePasswordAuthenticationToken(userDetails, null, userDetails.getAuthorities());
      SecurityContextHolder.getContext().setAuthentication(authentication);
      log.info("JWT SECURITY CONTEXT SET");
    }
    filterChain.doFilter(request, response);
--- a/src/main/java/com/kamco/cd/kamcoback/auth/MenuAuthorizationManager.java
+++ b/src/main/java/com/kamco/cd/kamcoback/auth/MenuAuthorizationManager.java
@@ -21,7 +21,6 @@ import org.springframework.stereotype.Component;
 * <p>- Redis 사용 안 함 - ADMIN 예외 없음 (DB 매핑 기준) - 한 계정 = role 1개 - menu_url(prefix) 기반 API 접근 제어
 */
@Component
@Log4j2
@RequiredArgsConstructor
 public class MenuAuthorizationManager implements AuthorizationManager<RequestAuthorizationContext> {
@@ -60,15 +59,12 @@ public class MenuAuthorizationManager implements AuthorizationManager<RequestAut
      for (MenuEntity menu : allowedMenus) {
        String baseUri = menu.getMenuUrl();
        log.info("MenuAuthorizationManager REQUEST = {}", requestPath);
        log.info("MenuAuthorizationManager BASE URI = {}", baseUri);
        if (baseUri == null || baseUri.isBlank()) {
          continue;
        }
        if (matchUri(baseUri, requestPath)) {
          log.info("MenuAuthorizationManager MATCH SUCCESS");
          return new AuthorizationDecision(true);
        }
      }
--- a/src/main/java/com/kamco/cd/kamcoback/members/AuthController.java
+++ b/src/main/java/com/kamco/cd/kamcoback/members/AuthController.java
@@ -36,7 +36,6 @@ import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
@Tag(name = "인증(Auth)", description = "로그인, 토큰 재발급, 로그아웃 API")
@Log4j2
@RestController
@RequestMapping("/api/auth")
@RequiredArgsConstructor
@@ -172,9 +171,6 @@ public class AuthController {
      throw new AccessDeniedException("만료되었거나 유효하지 않은 리프레시 토큰 입니다.");
    }
    log.info("refresh ========");
    log.info("refreshToken ======== {}", refreshToken);
    String username = jwtTokenProvider.getSubject(refreshToken);
    // Redis에 저장된 RefreshToken과 일치하는지 확인
--- a/src/main/resources/application-dev.yml
+++ b/src/main/resources/application-dev.yml
@@ -57,10 +57,10 @@ server:
 jwt:
  secret: "kamco_token_9b71e778-19a3-4c1d-97bf-2d687de17d5b"
-#  access-token-validity-in-ms: 86400000      # 1일
+  access-token-validity-in-ms: 86400000      # 1일
-#  refresh-token-validity-in-ms: 604800000    # 7일
+  refresh-token-validity-in-ms: 604800000    # 7일
-  access-token-validity-in-ms: 60000        # 1분
+  #access-token-validity-in-ms: 60000        # 1분
-  refresh-token-validity-in-ms: 300000      # 5분
+  #refresh-token-validity-in-ms: 300000      # 5분
 token:
  refresh-cookie-name: kamco-dev   # 개발용 쿠키 이름