로그아웃 수정, 패스워드 변경 수정

2025-12-15 18:18:37 +09:00
parent 39ef86b218
commit a1d812a9d1
4 changed files with 14 additions and 6 deletions
--- a/src/main/java/com/kamco/cd/kamcoback/auth/JwtAuthenticationFilter.java
+++ b/src/main/java/com/kamco/cd/kamcoback/auth/JwtAuthenticationFilter.java
@@ -11,6 +11,7 @@ import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.stereotype.Component;
+import org.springframework.util.AntPathMatcher;
 import org.springframework.web.filter.OncePerRequestFilter;

@Component
@@ -19,6 +20,10 @@ public class JwtAuthenticationFilter extends OncePerRequestFilter {

  private final JwtTokenProvider jwtTokenProvider;
  private final UserDetailsService userDetailsService;
+  private static final AntPathMatcher PATH_MATCHER = new AntPathMatcher();
+  private static final String[] EXCLUDE_PATHS = {
+    "/api/auth/signin", "/api/auth/refresh", "/api/auth/logout", "/api/members/*/password"
+  };

  @Override
  protected void doFilterInternal(
@@ -44,10 +49,12 @@ public class JwtAuthenticationFilter extends OncePerRequestFilter {
    String path = request.getServletPath();

    // JWT 필터를 타지 않게 할 URL 패턴들
-    return path.startsWith("/api/auth/signin")
-        || path.startsWith("/api/auth/refresh")
-        || path.startsWith("/api/auth/logout")
-        || path.startsWith("/api/members/*/password");
+    for (String pattern : EXCLUDE_PATHS) {
+      if (PATH_MATCHER.match(pattern, path)) {
+        return true;
+      }
+    }
+    return false;
  }

  // /api/members/{memberId}/password
--- a/src/main/java/com/kamco/cd/kamcoback/config/SecurityConfig.java
+++ b/src/main/java/com/kamco/cd/kamcoback/config/SecurityConfig.java
@@ -69,6 +69,7 @@ public class SecurityConfig {
                    .requestMatchers(
                        "/api/auth/signin",
                        "/api/auth/refresh",
+                        "/api/auth/logout",
                        "/swagger-ui/**",
                        "/api/members/*/password",
                        "/v3/api-docs/**")
--- a/src/main/java/com/kamco/cd/kamcoback/members/AuthController.java
+++ b/src/main/java/com/kamco/cd/kamcoback/members/AuthController.java
@@ -205,7 +205,7 @@ public class AuthController {
    @ApiResponse(
        responseCode = "200",
        description = "로그아웃 성공",
-        content = @Content(schema = @Schema(implementation = Void.class)))
+        content = @Content(schema = @Schema(implementation = Object.class)))
  })
  public ApiResponseDto<ResponseEntity<Object>> logout(
      Authentication authentication, HttpServletResponse response) {
--- a/src/main/java/com/kamco/cd/kamcoback/postgres/core/MembersCoreService.java
+++ b/src/main/java/com/kamco/cd/kamcoback/postgres/core/MembersCoreService.java
@@ -111,7 +111,7 @@ public class MembersCoreService {
    }

    String password =
-        CommonStringUtils.hashPassword(initReq.getOldPassword(), memberEntity.getEmployeeNo());
+        CommonStringUtils.hashPassword(initReq.getNewPassword(), memberEntity.getEmployeeNo());

    memberEntity.setPassword(password);
    memberEntity.setStatus(StatusType.ACTIVE.getId());