diff --git a/src/main/java/com/kamco/cd/kamcoback/auth/CustomAuthenticationProvider.java b/src/main/java/com/kamco/cd/kamcoback/auth/CustomAuthenticationProvider.java index 36260107..8e6cb1bf 100644 --- a/src/main/java/com/kamco/cd/kamcoback/auth/CustomAuthenticationProvider.java +++ b/src/main/java/com/kamco/cd/kamcoback/auth/CustomAuthenticationProvider.java @@ -6,7 +6,6 @@ import lombok.RequiredArgsConstructor; import org.mindrot.jbcrypt.BCrypt; import org.springframework.security.authentication.AuthenticationProvider; import org.springframework.security.authentication.BadCredentialsException; -import org.springframework.security.authentication.DisabledException; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.core.Authentication; import org.springframework.security.core.AuthenticationException; @@ -39,11 +38,6 @@ public class CustomAuthenticationProvider implements AuthenticationProvider { // 3. 인증 성공 → UserDetails 생성 CustomUserDetails userDetails = new CustomUserDetails(member); - // 4. 상태값 확인 - if (!userDetails.isEnabled()) { - throw new DisabledException("비활성화된 계정입니다."); - } - return new UsernamePasswordAuthenticationToken(userDetails, null, userDetails.getAuthorities()); } diff --git a/src/main/java/com/kamco/cd/kamcoback/config/SecurityConfig.java b/src/main/java/com/kamco/cd/kamcoback/config/SecurityConfig.java index b7fdcbf2..a952e535 100644 --- a/src/main/java/com/kamco/cd/kamcoback/config/SecurityConfig.java +++ b/src/main/java/com/kamco/cd/kamcoback/config/SecurityConfig.java @@ -6,14 +6,12 @@ import java.util.List; import lombok.RequiredArgsConstructor; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; -import org.springframework.http.HttpMethod; import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.http.SessionCreationPolicy; import org.springframework.security.web.SecurityFilterChain; -import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; import org.springframework.web.cors.CorsConfiguration; import org.springframework.web.cors.CorsConfigurationSource; import org.springframework.web.cors.UrlBasedCorsConfigurationSource; @@ -30,32 +28,33 @@ public class SecurityConfig { public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { http.cors(cors -> cors.configurationSource(corsConfigurationSource())) - .csrf(csrf -> csrf.disable()) // CSRF 보안 기능 비활성화 - .sessionManagement( - sm -> - sm.sessionCreationPolicy( - SessionCreationPolicy.STATELESS)) // 서버 세션 만들지 않음, 요청은 JWT 인증 - .formLogin(form -> form.disable()) // react에서 로그인 요청 관리 - .httpBasic(basic -> basic.disable()) // 기본 basic 인증 비활성화 JWT 인증사용 - .logout(logout -> logout.disable()) // 기본 로그아웃 비활성화 JWT는 서버 상태가 없으므로 로그아웃 처리 필요 없음 - .authenticationProvider( - customAuthenticationProvider) // 로그인 패스워드 비교방식 스프링 기본 Provider 사용안함 커스텀 사용 - .authorizeHttpRequests( - auth -> - auth.requestMatchers(HttpMethod.OPTIONS, "/**") - .permitAll() // preflight 허용 - .requestMatchers( - "/api/auth/signin", - "/api/auth/refresh", - "/swagger-ui/**", - "/v3/api-docs/**") - .permitAll() - .anyRequest() - .authenticated()) - .addFilterBefore( - jwtAuthenticationFilter, - UsernamePasswordAuthenticationFilter - .class) // 요청 들어오면 먼저 JWT 토큰 검사 후 security context 에 사용자 정보 저장. + .csrf(csrf -> csrf.disable()) // CSRF 보안 기능 비활성화 + .sessionManagement( + sm -> + sm.sessionCreationPolicy( + SessionCreationPolicy.STATELESS)) // 서버 세션 만들지 않음, 요청은 JWT 인증 + .formLogin(form -> form.disable()) // react에서 로그인 요청 관리 + .httpBasic(basic -> basic.disable()) // 기본 basic 인증 비활성화 JWT 인증사용 + .logout(logout -> logout.disable()) // 기본 로그아웃 비활성화 JWT는 서버 상태가 없으므로 로그아웃 처리 필요 없음 + .authenticationProvider( + customAuthenticationProvider) // 로그인 패스워드 비교방식 스프링 기본 Provider 사용안함 커스텀 사용 + .authorizeHttpRequests( + auth -> + auth.anyRequest().permitAll()); +// requestMatchers(HttpMethod.OPTIONS, "/**") +// .permitAll() // preflight 허용 +// .requestMatchers( +// "/api/auth/signin", +// "/api/auth/refresh", +// "/swagger-ui/**", +// "/v3/api-docs/**") +// .permitAll() +// .anyRequest() +// .authenticated()) +// .addFilterBefore( +// jwtAuthenticationFilter, +// UsernamePasswordAuthenticationFilter +// .class) // 요청 들어오면 먼저 JWT 토큰 검사 후 security context 에 사용자 정보 저장. ; return http.build(); @@ -63,7 +62,7 @@ public class SecurityConfig { @Bean public AuthenticationManager authenticationManager(AuthenticationConfiguration configuration) - throws Exception { + throws Exception { return configuration.getAuthenticationManager(); } diff --git a/src/main/java/com/kamco/cd/kamcoback/members/AuthController.java b/src/main/java/com/kamco/cd/kamcoback/members/AuthController.java index 28877c5e..47b76169 100644 --- a/src/main/java/com/kamco/cd/kamcoback/members/AuthController.java +++ b/src/main/java/com/kamco/cd/kamcoback/members/AuthController.java @@ -70,15 +70,15 @@ public class AuthController { SignInRequest request, HttpServletResponse response) { - // - if (authService.existsUsername(request)) { -// return - } - Authentication authentication = authenticationManager.authenticate( new UsernamePasswordAuthenticationToken(request.getUsername(), request.getPassword())); + String status = authService.getUserStatus(request); + if ("INACTIVE".equals(status)) { + return ApiResponseDto.ok(new TokenResponse(status, null, null)); + } + String username = authentication.getName(); // UserDetailsService 에서 사용한 username // 로그인 시간 저장 @@ -103,7 +103,7 @@ public class AuthController { response.addHeader(HttpHeaders.SET_COOKIE, cookie.toString()); - return ApiResponseDto.ok(new TokenResponse(accessToken, refreshToken)); + return ApiResponseDto.ok(new TokenResponse(status, accessToken, refreshToken)); } @PostMapping("/refresh") @@ -150,7 +150,7 @@ public class AuthController { .build(); response.addHeader(HttpHeaders.SET_COOKIE, cookie.toString()); - return ResponseEntity.ok(new TokenResponse(newAccessToken, newRefreshToken)); + return ResponseEntity.ok(new TokenResponse("ACTIVE", newAccessToken, newRefreshToken)); } @PostMapping("/logout") @@ -183,7 +183,7 @@ public class AuthController { return ApiResponseDto.createOK(ResponseEntity.noContent().build()); } - public record TokenResponse(String accessToken, String refreshToken) { + public record TokenResponse(String status, String accessToken, String refreshToken) { } } diff --git a/src/main/java/com/kamco/cd/kamcoback/members/service/AuthService.java b/src/main/java/com/kamco/cd/kamcoback/members/service/AuthService.java index 065c7aaa..5433750b 100644 --- a/src/main/java/com/kamco/cd/kamcoback/members/service/AuthService.java +++ b/src/main/java/com/kamco/cd/kamcoback/members/service/AuthService.java @@ -34,7 +34,13 @@ public class AuthService { membersCoreService.loginFail(uuid); } - public boolean existsUsername(SignInRequest request) { - return membersCoreService.existsUsername(request); + /** + * 사용자 상태 조회 + * + * @param request + * @return + */ + public String getUserStatus(SignInRequest request) { + return membersCoreService.getUserStatus(request); } } diff --git a/src/main/java/com/kamco/cd/kamcoback/postgres/core/MembersCoreService.java b/src/main/java/com/kamco/cd/kamcoback/postgres/core/MembersCoreService.java index e1613003..d1a1b642 100644 --- a/src/main/java/com/kamco/cd/kamcoback/postgres/core/MembersCoreService.java +++ b/src/main/java/com/kamco/cd/kamcoback/postgres/core/MembersCoreService.java @@ -37,7 +37,7 @@ public class MembersCoreService { } // salt 생성, 사번이 salt - String salt = BCryptSaltGenerator.generateSaltWithEmployeeNo(addReq.getUserId().trim()); + String salt = BCryptSaltGenerator.generateSaltWithEmployeeNo(addReq.getEmployeeNo().trim()); // 패스워드 암호화, 초기 패스워드 고정 String hashedPassword = BCrypt.hashpw(addReq.getTempPassword(), salt); @@ -165,18 +165,13 @@ public class MembersCoreService { } /** - * 등록, 패스워드가 초기 상태일때 + * 사용자 상태 조회 * * @param request * @return */ - public boolean existsUsername(SignInRequest request) { + public String getUserStatus(SignInRequest request) { MemberEntity memberEntity = membersRepository.findByUserId(request.getUsername()).orElseThrow(MemberNotFoundException::new); - - if (memberEntity.getStatus().equals("INACTIVE") && memberEntity.getTempPassword().equals(request.getPassword())) { - return true; - } - - return false; + return memberEntity.getStatus(); } }