From a1d812a9d1cc3c5c00a90a2abc2d78f6fc053991 Mon Sep 17 00:00:00 2001 From: teddy Date: Mon, 15 Dec 2025 18:18:37 +0900 Subject: [PATCH] =?UTF-8?q?=EB=A1=9C=EA=B7=B8=EC=95=84=EC=9B=83=20?= =?UTF-8?q?=EC=88=98=EC=A0=95,=20=ED=8C=A8=EC=8A=A4=EC=9B=8C=EB=93=9C=20?= =?UTF-8?q?=EB=B3=80=EA=B2=BD=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../kamcoback/auth/JwtAuthenticationFilter.java | 15 +++++++++++---- .../kamco/cd/kamcoback/config/SecurityConfig.java | 1 + .../cd/kamcoback/members/AuthController.java | 2 +- .../postgres/core/MembersCoreService.java | 2 +- 4 files changed, 14 insertions(+), 6 deletions(-) diff --git a/src/main/java/com/kamco/cd/kamcoback/auth/JwtAuthenticationFilter.java b/src/main/java/com/kamco/cd/kamcoback/auth/JwtAuthenticationFilter.java index 7155dd87..edb84348 100644 --- a/src/main/java/com/kamco/cd/kamcoback/auth/JwtAuthenticationFilter.java +++ b/src/main/java/com/kamco/cd/kamcoback/auth/JwtAuthenticationFilter.java @@ -11,6 +11,7 @@ import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.stereotype.Component; +import org.springframework.util.AntPathMatcher; import org.springframework.web.filter.OncePerRequestFilter; @Component @@ -19,6 +20,10 @@ public class JwtAuthenticationFilter extends OncePerRequestFilter { private final JwtTokenProvider jwtTokenProvider; private final UserDetailsService userDetailsService; + private static final AntPathMatcher PATH_MATCHER = new AntPathMatcher(); + private static final String[] EXCLUDE_PATHS = { + "/api/auth/signin", "/api/auth/refresh", "/api/auth/logout", "/api/members/*/password" + }; @Override protected void doFilterInternal( @@ -44,10 +49,12 @@ public class JwtAuthenticationFilter extends OncePerRequestFilter { String path = request.getServletPath(); // JWT 필터를 타지 않게 할 URL 패턴들 - return path.startsWith("/api/auth/signin") - || path.startsWith("/api/auth/refresh") - || path.startsWith("/api/auth/logout") - || path.startsWith("/api/members/*/password"); + for (String pattern : EXCLUDE_PATHS) { + if (PATH_MATCHER.match(pattern, path)) { + return true; + } + } + return false; } // /api/members/{memberId}/password diff --git a/src/main/java/com/kamco/cd/kamcoback/config/SecurityConfig.java b/src/main/java/com/kamco/cd/kamcoback/config/SecurityConfig.java index 1b11fdf4..41906e2a 100644 --- a/src/main/java/com/kamco/cd/kamcoback/config/SecurityConfig.java +++ b/src/main/java/com/kamco/cd/kamcoback/config/SecurityConfig.java @@ -69,6 +69,7 @@ public class SecurityConfig { .requestMatchers( "/api/auth/signin", "/api/auth/refresh", + "/api/auth/logout", "/swagger-ui/**", "/api/members/*/password", "/v3/api-docs/**") diff --git a/src/main/java/com/kamco/cd/kamcoback/members/AuthController.java b/src/main/java/com/kamco/cd/kamcoback/members/AuthController.java index cd123a40..4a9e06b1 100644 --- a/src/main/java/com/kamco/cd/kamcoback/members/AuthController.java +++ b/src/main/java/com/kamco/cd/kamcoback/members/AuthController.java @@ -205,7 +205,7 @@ public class AuthController { @ApiResponse( responseCode = "200", description = "로그아웃 성공", - content = @Content(schema = @Schema(implementation = Void.class))) + content = @Content(schema = @Schema(implementation = Object.class))) }) public ApiResponseDto> logout( Authentication authentication, HttpServletResponse response) { diff --git a/src/main/java/com/kamco/cd/kamcoback/postgres/core/MembersCoreService.java b/src/main/java/com/kamco/cd/kamcoback/postgres/core/MembersCoreService.java index 251f5c02..4bb2aba7 100644 --- a/src/main/java/com/kamco/cd/kamcoback/postgres/core/MembersCoreService.java +++ b/src/main/java/com/kamco/cd/kamcoback/postgres/core/MembersCoreService.java @@ -111,7 +111,7 @@ public class MembersCoreService { } String password = - CommonStringUtils.hashPassword(initReq.getOldPassword(), memberEntity.getEmployeeNo()); + CommonStringUtils.hashPassword(initReq.getNewPassword(), memberEntity.getEmployeeNo()); memberEntity.setPassword(password); memberEntity.setStatus(StatusType.ACTIVE.getId());