jwt 미적용으로 수정, spotlessApply 적용

2025-12-04 10:20:34 +09:00
parent 44ad02f4fe
commit 345794ce69
13 changed files with 217 additions and 180 deletions
--- a/src/main/java/com/kamco/cd/kamcoback/config/GlobalExceptionHandler.java
+++ b/src/main/java/com/kamco/cd/kamcoback/config/GlobalExceptionHandler.java
@@ -291,7 +291,7 @@ public class GlobalExceptionHandler {
  @ResponseStatus(HttpStatus.CONFLICT)
  @ExceptionHandler(DuplicateKeyException.class)
  public ApiResponseDto<String> handlerDuplicateKeyException(
-    DuplicateKeyException e, HttpServletRequest request) {
+      DuplicateKeyException e, HttpServletRequest request) {
    log.warn("[DuplicateKeyException] resource :{} ", e.getMessage());

    String codeName = "DUPLICATE_DATA";
--- a/src/main/java/com/kamco/cd/kamcoback/config/SecurityConfig.java
+++ b/src/main/java/com/kamco/cd/kamcoback/config/SecurityConfig.java
@@ -11,7 +11,6 @@ import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.web.SecurityFilterChain;
-import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

@Configuration
@EnableWebSecurity
@@ -23,24 +22,30 @@ public class SecurityConfig {

  @Bean
  public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
-    http.csrf(csrf -> csrf.disable())
-        .sessionManagement(sm -> sm.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
-        .formLogin(form -> form.disable())
-        .httpBasic(basic -> basic.disable())
-        .logout(logout -> logout.disable())
-        // 🔥 여기서 우리가 만든 CustomAuthenticationProvider 하나만 등록
-        .authenticationProvider(customAuthenticationProvider)
-        .authorizeHttpRequests(
-            auth ->
-                auth.requestMatchers(
-                        "/api/auth/signin",
-                        "/api/auth/refresh",
-                        "/swagger-ui/**",
-                        "/v3/api-docs/**")
-                    .permitAll()
-                    .anyRequest()
-                    .authenticated())
-        .addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class);
+    http.csrf(csrf -> csrf.disable()) // CSRF 보안 기능 비활성화
+        .sessionManagement(
+            sm ->
+                sm.sessionCreationPolicy(
+                    SessionCreationPolicy.STATELESS)) // 서버 세션 만들지 않음 요청은 JWT 인증
+        .formLogin(form -> form.disable()) // react에서 로그인 요청 관리
+        .httpBasic(basic -> basic.disable()) // 기본 basic 인증 비활성화 JWT 인증사용
+        .logout(logout -> logout.disable()) // 기본 로그아웃 비활성화 JWT는 서버 상태가 없으므로 로그아웃 처리 필요 없음
+        .authenticationProvider(
+            customAuthenticationProvider) // 로그인 패스워드 비교방식 스프링 기본 Provider 사용안함 커스텀 사용
+        .authorizeHttpRequests(auth -> auth.anyRequest().permitAll());
+    //                auth.requestMatchers(
+    //                        "/api/auth/signin",
+    //                        "/api/auth/refresh",
+    //                        "/swagger-ui/**",
+    //                        "/v3/api-docs/**") // 로그인 없이 접근가능 url
+    //                    .permitAll()
+    //                    .anyRequest()
+    //                    .authenticated())
+    //        .addFilterBefore(
+    //            jwtAuthenticationFilter,
+    //            UsernamePasswordAuthenticationFilter
+    //                .class) // 요청 들어오면 먼저 JWT 토큰 검사 후 security context 에 사용자 정보 저장.
+    ;

    return http.build();
  }