[feat] 인증.인가 필터 및 소셜 로그인 연동

build.gradle

@@ -26,23 +26,33 @@ repositories {
 dependencies {
 	// Spring Boot 스타터
 	implementation 'org.springframework.boot:spring-boot-starter-data-jpa'
-//	implementation 'org.springframework.boot:spring-boot-starter-security'
 	implementation 'org.springframework.boot:spring-boot-starter-web'
-	implementation 'org.springframework.boot:spring-boot-starter-data-redis'
 	implementation 'org.springframework.boot:spring-boot-starter-validation'
+	implementation 'org.springframework.boot:spring-boot-starter-data-redis'
 
 	// Lombok
 	compileOnly 'org.projectlombok:lombok'
 	annotationProcessor 'org.projectlombok:lombok'
 
+	//Security
+	implementation 'org.springframework.boot:spring-boot-starter-security'
+
+	// JWT
+	implementation 'io.jsonwebtoken:jjwt-api:0.12.3'
+	implementation 'io.jsonwebtoken:jjwt-impl:0.12.3'
+	implementation 'io.jsonwebtoken:jjwt-jackson:0.12.3'
+
+	// OAuth2
+	implementation 'org.springframework.security:spring-security-oauth2-client'
+
 	// Runtime DB 드라이버
 	runtimeOnly 'com.h2database:h2'
 	runtimeOnly 'com.mysql:mysql-connector-j'
 
 	// Test
 	testImplementation 'org.assertj:assertj-core:3.24.2'
 	testImplementation 'org.springframework.boot:spring-boot-starter-test'
-//	testImplementation 'org.springframework.security:spring-security-test'
+	testImplementation 'org.springframework.security:spring-security-test'
 	testImplementation 'com.h2database:h2:2.1.214'
 	testRuntimeOnly 'org.junit.platform:junit-platform-launcher'
 
@@ -55,16 +65,10 @@ dependencies {
 
 def querydslDir = layout.buildDirectory.dir("generated/querydsl").get().asFile
 
-// QueryDSL Q-클래스는 compileJava 단계에서만 생성
-tasks.named('compileJava', org.gradle.api.tasks.compile.JavaCompile) {
+tasks.withType(JavaCompile).configureEach {
 	options.generatedSourceOutputDirectory.set(querydslDir)
 }
 
-// test 컴파일 단계에서는 어노테이션 프로세서를 비워서 Q-클래스 중복 생성 방지
-tasks.named('compileTestJava', org.gradle.api.tasks.compile.JavaCompile) {
-	options.annotationProcessorPath = files()
-}
-
 sourceSets {
 	main.java.srcDirs += [ querydslDir ]
 }

src/main/java/konkuk/thip/common/exception/AuthException.java

@@ -0,0 +1,18 @@
+package konkuk.thip.common.exception;
+
+import konkuk.thip.common.exception.code.ErrorCode;
+import lombok.Getter;
+
+@Getter
+public class AuthException extends RuntimeException {
+    private final ErrorCode errorCode;
+
+    public AuthException(ErrorCode errorCode) {
+        this.errorCode = errorCode;
+    }
+
+    public AuthException(ErrorCode errorCode, Exception e) {
+        super(e);
+        this.errorCode = errorCode;
+    }
+}

src/main/java/konkuk/thip/common/exception/code/ErrorCode.java

@@ -16,6 +16,13 @@ public enum ErrorCode implements ResponseCode {
     API_INVALID_PARAM(HttpStatus.BAD_REQUEST, 40002, "파라미터 값 중 유효하지 않은 값이 있습니다."),
     API_INVALID_TYPE(HttpStatus.BAD_REQUEST, 40003, "파라미터 타입이 잘못되었습니다."),
 
+    AUTH_INVALID_TOKEN(HttpStatus.UNAUTHORIZED, 40100, "유효하지 않은 토큰입니다."),
+    AUTH_EXPIRED_TOKEN(HttpStatus.UNAUTHORIZED, 40101, "만료된 토큰입니다."),
+    AUTH_UNAUTHORIZED(HttpStatus.UNAUTHORIZED, 40102, "인증되지 않은 사용자입니다."),
+    AUTH_TOKEN_NOT_FOUND(HttpStatus.UNAUTHORIZED, 40103, "토큰을 찾을 수 없습니다."),
+    AUTH_LOGIN_FAILED(HttpStatus.UNAUTHORIZED, 40104, "로그인에 실패했습니다."),
+    AUTH_UNSUPPORTED_SOCIAL_LOGIN(HttpStatus.UNAUTHORIZED, 40105, "지원하지 않는 소셜 로그인입니다."),
+
     /* 60000부터 비즈니스 예외 */
     /**
      * 60000 : alias error

src/main/java/konkuk/thip/common/exception/handler/GlobalExceptionHandler.java

@@ -1,6 +1,7 @@
 package konkuk.thip.common.exception.handler;
 
 import konkuk.thip.common.dto.ErrorResponse;
+import konkuk.thip.common.exception.AuthException;
 import konkuk.thip.common.exception.BusinessException;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.http.ResponseEntity;
@@ -71,6 +72,15 @@ public ResponseEntity<ErrorResponse> missingServletRequestParameterExceptionHand
                 .body(ErrorResponse.of(API_MISSING_PARAM, e.getParameterName() + "를 추가해서 요청해주세요."));
     }
 
+    // 인증, 인가 권한 관련 예외 처리
+    @ExceptionHandler(AuthException.class)
+    public ResponseEntity<ErrorResponse> authExceptionHandler(AuthException e) {
+        log.error("[AuthExceptionHandler] {}", e.getMessage());
+        return ResponseEntity
+                .status(e.getErrorCode().getHttpStatus())
+                .body(ErrorResponse.of(e.getErrorCode()));
+    }
+
     // 비즈니스 로직에서 발생한 예외 처리
     @ExceptionHandler(BusinessException.class)
     public ResponseEntity<ErrorResponse> businessExceptionHandler(BusinessException e) {
@@ -81,12 +91,21 @@ public ResponseEntity<ErrorResponse> businessExceptionHandler(BusinessException
     }
 
     // 서버 내부 오류 예외 처리
-    @ExceptionHandler({RuntimeException.class, IllegalStateException.class})
-    public ResponseEntity<ErrorResponse> runtimeExceptionHandler(Exception e) {
+    @ExceptionHandler(RuntimeException.class)
+    public ResponseEntity<ErrorResponse> runtimeExceptionHandler(RuntimeException e) {
         log.error("[RuntimeExceptionHandler] {}", e.getMessage());
         return ResponseEntity
                 .status(API_SERVER_ERROR.getHttpStatus())
                 .body(ErrorResponse.of(API_SERVER_ERROR));
     }
 
+    // IllegalStateException 예외 처리
+    @ExceptionHandler(IllegalStateException.class)
+    public ResponseEntity<ErrorResponse> illegalStateExceptionHandler(IllegalStateException e) {
+        log.error("[IllegalStateExceptionHandler] {}", e.getMessage());
+        return ResponseEntity
+                .status(API_SERVER_ERROR.getHttpStatus())
+                .body(ErrorResponse.of(API_SERVER_ERROR));
+    }
+
 }

src/main/java/konkuk/thip/common/security/annotation/Oauth2Id.java

@@ -0,0 +1,11 @@
+package konkuk.thip.common.security.annotation;
+
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+
+@Target(ElementType.PARAMETER)
+@Retention(RetentionPolicy.RUNTIME)
+public @interface Oauth2Id {
+}

src/main/java/konkuk/thip/common/security/annotation/UserId.java

@@ -0,0 +1,11 @@
+package konkuk.thip.common.security.annotation;
+
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+
+@Target(ElementType.PARAMETER)
+@Retention(RetentionPolicy.RUNTIME)
+public @interface UserId {
+}

src/main/java/konkuk/thip/common/security/argument_resolver/Oauth2IdArgumentResolver.java

@@ -0,0 +1,38 @@
+package konkuk.thip.common.security.argument_resolver;
+
+import jakarta.servlet.http.HttpServletRequest;
+import konkuk.thip.common.exception.AuthException;
+import konkuk.thip.common.security.annotation.Oauth2Id;
+import lombok.RequiredArgsConstructor;
+import org.springframework.core.MethodParameter;
+import org.springframework.stereotype.Component;
+import org.springframework.web.bind.support.WebDataBinderFactory;
+import org.springframework.web.context.request.NativeWebRequest;
+import org.springframework.web.method.support.HandlerMethodArgumentResolver;
+import org.springframework.web.method.support.ModelAndViewContainer;
+
+import static konkuk.thip.common.exception.code.ErrorCode.AUTH_TOKEN_NOT_FOUND;
+
+@Component
+@RequiredArgsConstructor
+public class Oauth2IdArgumentResolver implements HandlerMethodArgumentResolver {
+
+    @Override
+    public boolean supportsParameter(MethodParameter parameter) {
+        return parameter.hasParameterAnnotation(Oauth2Id.class)
+                && parameter.getParameterType().equals(String.class);
+    }
+
+    @Override
+    public String resolveArgument(MethodParameter parameter,
+                                  ModelAndViewContainer mavContainer,
+                                  NativeWebRequest webRequest,
+                                  WebDataBinderFactory binderFactory) {
+
+        Object oauth2Id = ((HttpServletRequest) webRequest.getNativeRequest()).getAttribute("oauth2Id");
+        if (oauth2Id == null) {
+            throw new AuthException(AUTH_TOKEN_NOT_FOUND);
+        }
+        return (String) oauth2Id;
+    }
+}

src/main/java/konkuk/thip/common/security/argument_resolver/UserIdArgumentResolver.java

@@ -0,0 +1,38 @@
+package konkuk.thip.common.security.argument_resolver;
+
+import jakarta.servlet.http.HttpServletRequest;
+import konkuk.thip.common.exception.AuthException;
+import konkuk.thip.common.security.annotation.UserId;
+import lombok.RequiredArgsConstructor;
+import org.springframework.core.MethodParameter;
+import org.springframework.stereotype.Component;
+import org.springframework.web.bind.support.WebDataBinderFactory;
+import org.springframework.web.context.request.NativeWebRequest;
+import org.springframework.web.method.support.HandlerMethodArgumentResolver;
+import org.springframework.web.method.support.ModelAndViewContainer;
+
+import static konkuk.thip.common.exception.code.ErrorCode.AUTH_TOKEN_NOT_FOUND;
+
+@Component
+@RequiredArgsConstructor
+public class UserIdArgumentResolver implements HandlerMethodArgumentResolver {
+
+    @Override
+    public boolean supportsParameter(MethodParameter parameter) {
+        return parameter.hasParameterAnnotation(UserId.class)
+                && parameter.getParameterType().equals(Long.class);
+    }
+
+    @Override
+    public Long resolveArgument(MethodParameter parameter,
+                                  ModelAndViewContainer mavContainer,
+                                  NativeWebRequest webRequest,
+                                  WebDataBinderFactory binderFactory) {
+
+        Object userId = ((HttpServletRequest) webRequest.getNativeRequest()).getAttribute("userId");
+        if (userId == null) {
+            throw new AuthException(AUTH_TOKEN_NOT_FOUND);
+        }
+        return (Long) userId;
+    }
+}

src/main/java/konkuk/thip/common/security/constant/AuthParameters.java

@@ -0,0 +1,23 @@
+package konkuk.thip.common.security.constant;
+
+import lombok.Getter;
+
+@Getter
+public enum AuthParameters {
+    JWT_HEADER_KEY("Authorization"),
+    JWT_PREFIX("Bearer "),
+    KAKAO("kakao"),
+    GOOGLE("google"),
+    KAKAO_PROVIDER_ID_KEY("id"),
+    GOOGLE_PROVIDER_ID_KEY("sub"),
+    JWT_ACCESS_TOKEN_KEY("userId"),
+    JWT_SIGNUP_TOKEN_KEY("oauth2Id"),
+    ;
+
+    private final String value;
+
+    AuthParameters(String value) {
+        this.value = value;
+    }
+}
+

src/main/java/konkuk/thip/common/security/filter/JwtAuthenticationEntryPoint.java

@@ -0,0 +1,30 @@
+package konkuk.thip.common.security.filter;
+
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import org.springframework.beans.factory.annotation.Qualifier;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.web.AuthenticationEntryPoint;
+import org.springframework.stereotype.Component;
+import org.springframework.web.servlet.HandlerExceptionResolver;
+
+import java.io.IOException;
+
+@Component
+public class JwtAuthenticationEntryPoint implements AuthenticationEntryPoint {
+    private final HandlerExceptionResolver resolver;
+
+    public JwtAuthenticationEntryPoint(@Qualifier("handlerExceptionResolver") HandlerExceptionResolver resolver){
+        this.resolver = resolver;
+    }
+
+    @Override
+    public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException) throws IOException, ServletException {
+        Exception e = (Exception) request.getAttribute("exception");
+        if(e == null){
+            e = authException;
+        }
+        resolver.resolveException(request, response, null, e);
+    }
+}

src/main/java/konkuk/thip/common/security/filter/JwtAuthenticationFilter.java

@@ -0,0 +1,79 @@
+package konkuk.thip.common.security.filter;
+
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import konkuk.thip.common.exception.AuthException;
+import konkuk.thip.common.security.oauth2.CustomOAuth2User;
+import konkuk.thip.common.security.oauth2.LoginUser;
+import konkuk.thip.common.security.util.JwtUtil;
+import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.stereotype.Component;
+import org.springframework.web.filter.OncePerRequestFilter;
+
+import java.io.IOException;
+
+import static konkuk.thip.common.exception.code.ErrorCode.*;
+import static konkuk.thip.common.security.constant.AuthParameters.*;
+
+@Slf4j
+@Component
+@RequiredArgsConstructor
+public class JwtAuthenticationFilter extends OncePerRequestFilter {
+
+    private final JwtUtil jwtUtil;
+
+    @Override
+    protected void doFilterInternal(HttpServletRequest request,
+                                    HttpServletResponse response,
+                                    FilterChain filterChain) throws ServletException, IOException {
+        try {
+            String token = extractToken(request);
+            if (token == null) {
+                throw new AuthException(AUTH_TOKEN_NOT_FOUND);
+            }
+
+            if (!jwtUtil.validateToken(token)) {
+                throw new AuthException(AUTH_INVALID_TOKEN);
+            }
+
+            if (jwtUtil.isExpired(token)) {
+                throw new AuthException(AUTH_EXPIRED_TOKEN);
+            }
+
+            LoginUser loginUser = jwtUtil.getLoginUser(token);
+
+            if (loginUser.userId() != null) {
+                request.setAttribute(JWT_ACCESS_TOKEN_KEY.getValue(), loginUser.userId());
+            }
+            else {
+                request.setAttribute(JWT_SIGNUP_TOKEN_KEY.getValue(), loginUser.oauth2Id());
+            }
+
+            CustomOAuth2User customOAuth2User = new CustomOAuth2User(loginUser);
+
+            Authentication authToken = new UsernamePasswordAuthenticationToken(customOAuth2User, null, customOAuth2User.getAuthorities());
+            SecurityContextHolder.getContext().setAuthentication(authToken);
+        } catch (Exception e) {
+            log.error("JWT 필터에서 오류 발생: {}", e.getMessage());
+            request.setAttribute("exception", e);
+        } finally {
+            filterChain.doFilter(request, response);
+        }
+    }
+
+    private String extractToken(HttpServletRequest request) {
+        String authorization = request.getHeader(JWT_HEADER_KEY.getValue());
+        if (authorization != null && authorization.startsWith(JWT_PREFIX.getValue())) {
+            return authorization.split(" ")[1];
+        }
+        log.info("토큰이 없습니다.");
+        return null;
+    }
+
+}