VRGuild · Hexeong · Oct 18, 2024 · Oct 18, 2024
@@ -30,19 +30,10 @@ protected void doFilterInternal(HttpServletRequest request, HttpServletResponse
 
         // Authorization 헤더에서 Bearer 토큰 추출
         String authorizationHeader = request.getHeader("Authorization");
-        String token = null;
-
-        // 헤더에서 액세스 토큰 추출
-        if (StringUtils.hasText(authorizationHeader) && authorizationHeader.startsWith("Bearer ")) {
-            token = authorizationHeader.substring(7); // "Bearer " 이후의 토큰 부분 추출
-        } else {
-            response.setStatus(450); // 잘못된 인증 헤더
-            return;
-        }
 
         try {
             // 토큰 검증 | 검증 성공 시 SecurityContext에 인증 정보 저장
-            String accountId = jwtUtil.getSubjectFromAuthHeaderWithAuth(token);
+            String accountId = jwtUtil.getSubjectFromAuthHeaderWithAuth(authorizationHeader);
             UsernamePasswordAuthenticationToken authentication =
                     new UsernamePasswordAuthenticationToken(accountId, null, null);
 
@@ -73,16 +64,4 @@ protected boolean shouldNotFilter(HttpServletRequest request) {
                 || path.startsWith("/webjars")
                 || path.startsWith("/api");
     }
-
-    // 쿠키에서 리프레시 토큰을 추출하는 메서드
-    private String getRefreshTokenFromCookies(HttpServletRequest request) {
-        if (request.getCookies() != null) {
-            for (Cookie cookie : request.getCookies()) {
-                if ("refreshToken".equals(cookie.getName())) {
-                    return cookie.getValue();
-                }
-            }
-        }
-        return null;
-    }
 }
@@ -16,7 +16,7 @@
 @Component
 public class JwtUtil {
 
-    private static final String ISSUER_URL = "https://api.epicgames.dev";
+    private static final String ISSUER_URL = "https://api.epicgames.dev/epic/oauth/v1";
 
     @Value("${spring.security.oauth2.client.registration.epicgames.client-id}")
     private String clientId;
@@ -31,7 +31,6 @@ public JwtUtil(EpicGamesJWKCache jwkCache) {
     public Map<String, Object> getClaimsFromAuthHeaderWithAuth(String authorizationHeader) throws Exception {
         // Claims 검증
         JWTClaimsSet claims = getClaimsFromToken(extractToken(authorizationHeader));
-        System.out.println(claims);
         validateClaims(claims);
 
         // 검증이 완료되었을 경우 모든 Claims을 Map으로 변환하여 반환
@@ -61,7 +60,7 @@ public String getSubjectFromAuthHeaderWithoutAuth(String authorizationHeader) th
 
     private void validateClaims(JWTClaimsSet claims) throws BadJWTException {
         // 'iss' 검증
-        if (claims.getIssuer() == null || !claims.getIssuer().startsWith(ISSUER_URL)) {
+        if (claims.getIssuer() == null || !claims.getIssuer().equals(ISSUER_URL)) {
             throw new BadJWTException("Invalid issuer");
         }
 
@@ -107,7 +106,6 @@ private Map<String, Object> convertClaimsToMap(JWTClaimsSet claims) {
     }
 
     private String extractToken(String authorizationHeader) {
-        System.out.println(authorizationHeader);
         if (authorizationHeader != null && authorizationHeader.startsWith("Bearer ")) {
             return authorizationHeader.substring(7);
         } else {