MVPTeam/test
6
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

로그인 상태값 검증 제거

Browse Source
This commit is contained in:
teddy
2025-12-11 10:18:03 +09:00
parent fc2edf7c6d
commit 83bfdc2728
5 changed files with 48 additions and 54 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/main/java/com/kamco/cd/kamcoback/auth/CustomAuthenticationProvider.java
View File

@@ -6,7 +6,6 @@ import lombok.RequiredArgsConstructor;
import org.mindrot.jbcrypt.BCrypt;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.DisabledException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
@@ -39,11 +38,6 @@ public class CustomAuthenticationProvider implements AuthenticationProvider {
// 3. 인증 성공 → UserDetails 생성
CustomUserDetails userDetails = new CustomUserDetails(member);
// 4. 상태값 확인
if (!userDetails.isEnabled()) {
throw new DisabledException("비활성화된 계정입니다.");
}
return new UsernamePasswordAuthenticationToken(userDetails, null, userDetails.getAuthorities());
}

57
src/main/java/com/kamco/cd/kamcoback/config/SecurityConfig.java
View File

@@ -6,14 +6,12 @@ import java.util.List;
import lombok.RequiredArgsConstructor;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.CorsConfigurationSource;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
@@ -30,32 +28,33 @@ public class SecurityConfig {
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
http.cors(cors -> cors.configurationSource(corsConfigurationSource()))
.csrf(csrf -> csrf.disable()) // CSRF 보안 기능 비활성화
.sessionManagement(
sm ->
sm.sessionCreationPolicy(
SessionCreationPolicy.STATELESS)) // 서버 세션 만들지 않음, 요청은 JWT 인증
.formLogin(form -> form.disable()) // react에서 로그인 요청 관리
.httpBasic(basic -> basic.disable()) // 기본 basic 인증 비활성화 JWT 인증사용
.logout(logout -> logout.disable()) // 기본 로그아웃 비활성화 JWT는 서버 상태가 없으므로 로그아웃 처리 필요 없음
.authenticationProvider(
customAuthenticationProvider) // 로그인 패스워드 비교방식 스프링 기본 Provider 사용안함 커스텀 사용
.authorizeHttpRequests(
auth ->
auth.requestMatchers(HttpMethod.OPTIONS, "/**")
.permitAll() // preflight 허용
.requestMatchers(
"/api/auth/signin",
"/api/auth/refresh",
"/swagger-ui/**",
"/v3/api-docs/**")
.permitAll()
.anyRequest()
.authenticated())
.addFilterBefore(
jwtAuthenticationFilter,
UsernamePasswordAuthenticationFilter
.class) // 요청 들어오면 먼저 JWT 토큰 검사 후 security context 에 사용자 정보 저장.
.csrf(csrf -> csrf.disable()) // CSRF 보안 기능 비활성화
.sessionManagement(
sm ->
sm.sessionCreationPolicy(
SessionCreationPolicy.STATELESS)) // 서버 세션 만들지 않음, 요청은 JWT 인증
.formLogin(form -> form.disable()) // react에서 로그인 요청 관리
.httpBasic(basic -> basic.disable()) // 기본 basic 인증 비활성화 JWT 인증사용
.logout(logout -> logout.disable()) // 기본 로그아웃 비활성화 JWT는 서버 상태가 없으므로 로그아웃 처리 필요 없음
.authenticationProvider(
customAuthenticationProvider) // 로그인 패스워드 비교방식 스프링 기본 Provider 사용안함 커스텀 사용
.authorizeHttpRequests(
auth ->
auth.anyRequest().permitAll());
// requestMatchers(HttpMethod.OPTIONS, "/**")
// .permitAll() // preflight 허용
// .requestMatchers(
// "/api/auth/signin",
// "/api/auth/refresh",
// "/swagger-ui/**",
// "/v3/api-docs/**")
// .permitAll()
// .anyRequest()
// .authenticated())
// .addFilterBefore(
// jwtAuthenticationFilter,
// UsernamePasswordAuthenticationFilter
// .class) // 요청 들어오면 먼저 JWT 토큰 검사 후 security context 에 사용자 정보 저장.
;
return http.build();
@@ -63,7 +62,7 @@ public class SecurityConfig {
@Bean
public AuthenticationManager authenticationManager(AuthenticationConfiguration configuration)
throws Exception {
throws Exception {
return configuration.getAuthenticationManager();
}

16
src/main/java/com/kamco/cd/kamcoback/members/AuthController.java
View File

@@ -70,15 +70,15 @@ public class AuthController {
SignInRequest request,
HttpServletResponse response) {
//
if (authService.existsUsername(request)) {
// return
}
Authentication authentication =
authenticationManager.authenticate(
new UsernamePasswordAuthenticationToken(request.getUsername(), request.getPassword()));
String status = authService.getUserStatus(request);
if ("INACTIVE".equals(status)) {
return ApiResponseDto.ok(new TokenResponse(status, null, null));
}
String username = authentication.getName(); // UserDetailsService 에서 사용한 username
// 로그인 시간 저장
@@ -103,7 +103,7 @@ public class AuthController {
response.addHeader(HttpHeaders.SET_COOKIE, cookie.toString());
return ApiResponseDto.ok(new TokenResponse(accessToken, refreshToken));
return ApiResponseDto.ok(new TokenResponse(status, accessToken, refreshToken));
}
@PostMapping("/refresh")
@@ -150,7 +150,7 @@ public class AuthController {
.build();
response.addHeader(HttpHeaders.SET_COOKIE, cookie.toString());
return ResponseEntity.ok(new TokenResponse(newAccessToken, newRefreshToken));
return ResponseEntity.ok(new TokenResponse("ACTIVE", newAccessToken, newRefreshToken));
}
@PostMapping("/logout")
@@ -183,7 +183,7 @@ public class AuthController {
return ApiResponseDto.createOK(ResponseEntity.noContent().build());
}
public record TokenResponse(String accessToken, String refreshToken) {
public record TokenResponse(String status, String accessToken, String refreshToken) {
}
}

10
src/main/java/com/kamco/cd/kamcoback/members/service/AuthService.java
View File

@@ -34,7 +34,13 @@ public class AuthService {
membersCoreService.loginFail(uuid);
}
public boolean existsUsername(SignInRequest request) {
return membersCoreService.existsUsername(request);
/**
* 사용자 상태 조회
*
* @param request
* @return
*/
public String getUserStatus(SignInRequest request) {
return membersCoreService.getUserStatus(request);
}
}

13
src/main/java/com/kamco/cd/kamcoback/postgres/core/MembersCoreService.java
View File

@@ -37,7 +37,7 @@ public class MembersCoreService {
}
// salt 생성, 사번이 salt
String salt = BCryptSaltGenerator.generateSaltWithEmployeeNo(addReq.getUserId().trim());
String salt = BCryptSaltGenerator.generateSaltWithEmployeeNo(addReq.getEmployeeNo().trim());
// 패스워드 암호화, 초기 패스워드 고정
String hashedPassword = BCrypt.hashpw(addReq.getTempPassword(), salt);
@@ -165,18 +165,13 @@ public class MembersCoreService {
}
/**
* 등록, 패스워드가 초기 상태일때
* 사용자 상태 조회
*
* @param request
* @return
*/
public boolean existsUsername(SignInRequest request) {
public String getUserStatus(SignInRequest request) {
MemberEntity memberEntity = membersRepository.findByUserId(request.getUsername()).orElseThrow(MemberNotFoundException::new);
if (memberEntity.getStatus().equals("INACTIVE") && memberEntity.getTempPassword().equals(request.getPassword())) {
return true;
}
return false;
return memberEntity.getStatus();
}
}