diff --git a/src/main/java/com/kamco/cd/kamcoback/auth/JwtAuthenticationFilter.java b/src/main/java/com/kamco/cd/kamcoback/auth/JwtAuthenticationFilter.java index 7155dd87..edb84348 100644 --- a/src/main/java/com/kamco/cd/kamcoback/auth/JwtAuthenticationFilter.java +++ b/src/main/java/com/kamco/cd/kamcoback/auth/JwtAuthenticationFilter.java @@ -11,6 +11,7 @@ import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.stereotype.Component; +import org.springframework.util.AntPathMatcher; import org.springframework.web.filter.OncePerRequestFilter; @Component @@ -19,6 +20,10 @@ public class JwtAuthenticationFilter extends OncePerRequestFilter { private final JwtTokenProvider jwtTokenProvider; private final UserDetailsService userDetailsService; + private static final AntPathMatcher PATH_MATCHER = new AntPathMatcher(); + private static final String[] EXCLUDE_PATHS = { + "/api/auth/signin", "/api/auth/refresh", "/api/auth/logout", "/api/members/*/password" + }; @Override protected void doFilterInternal( @@ -44,10 +49,12 @@ public class JwtAuthenticationFilter extends OncePerRequestFilter { String path = request.getServletPath(); // JWT 필터를 타지 않게 할 URL 패턴들 - return path.startsWith("/api/auth/signin") - || path.startsWith("/api/auth/refresh") - || path.startsWith("/api/auth/logout") - || path.startsWith("/api/members/*/password"); + for (String pattern : EXCLUDE_PATHS) { + if (PATH_MATCHER.match(pattern, path)) { + return true; + } + } + return false; } // /api/members/{memberId}/password diff --git a/src/main/java/com/kamco/cd/kamcoback/config/SecurityConfig.java b/src/main/java/com/kamco/cd/kamcoback/config/SecurityConfig.java index 1b11fdf4..41906e2a 100644 --- a/src/main/java/com/kamco/cd/kamcoback/config/SecurityConfig.java +++ b/src/main/java/com/kamco/cd/kamcoback/config/SecurityConfig.java @@ -69,6 +69,7 @@ public class SecurityConfig { .requestMatchers( "/api/auth/signin", "/api/auth/refresh", + "/api/auth/logout", "/swagger-ui/**", "/api/members/*/password", "/v3/api-docs/**") diff --git a/src/main/java/com/kamco/cd/kamcoback/members/AuthController.java b/src/main/java/com/kamco/cd/kamcoback/members/AuthController.java index cd123a40..4a9e06b1 100644 --- a/src/main/java/com/kamco/cd/kamcoback/members/AuthController.java +++ b/src/main/java/com/kamco/cd/kamcoback/members/AuthController.java @@ -205,7 +205,7 @@ public class AuthController { @ApiResponse( responseCode = "200", description = "로그아웃 성공", - content = @Content(schema = @Schema(implementation = Void.class))) + content = @Content(schema = @Schema(implementation = Object.class))) }) public ApiResponseDto> logout( Authentication authentication, HttpServletResponse response) { diff --git a/src/main/java/com/kamco/cd/kamcoback/postgres/core/MembersCoreService.java b/src/main/java/com/kamco/cd/kamcoback/postgres/core/MembersCoreService.java index 251f5c02..4bb2aba7 100644 --- a/src/main/java/com/kamco/cd/kamcoback/postgres/core/MembersCoreService.java +++ b/src/main/java/com/kamco/cd/kamcoback/postgres/core/MembersCoreService.java @@ -111,7 +111,7 @@ public class MembersCoreService { } String password = - CommonStringUtils.hashPassword(initReq.getOldPassword(), memberEntity.getEmployeeNo()); + CommonStringUtils.hashPassword(initReq.getNewPassword(), memberEntity.getEmployeeNo()); memberEntity.setPassword(password); memberEntity.setStatus(StatusType.ACTIVE.getId());