feat: JWT 기반 인증 및 Spring Security 설정 구현 #23

build.gradle

@@ -61,6 +61,14 @@ dependencies {
     annotationProcessor "jakarta.annotation:jakarta.annotation-api"
     annotationProcessor "jakarta.persistence:jakarta.persistence-api"
 
+    //jwt
+    implementation 'io.jsonwebtoken:jjwt-api:0.11.5'
+    implementation 'io.jsonwebtoken:jjwt-impl:0.11.5'
+    implementation 'io.jsonwebtoken:jjwt-jackson:0.11.5'
+
+    //security
+    implementation 'org.springframework.boot:spring-boot-starter-security'
+
     // Test
     testImplementation 'org.springframework.boot:spring-boot-starter-test'
     testRuntimeOnly 'org.junit.platform:junit-platform-launcher'

src/main/java/team05/integrated_feed_backend/common/BaseApiResponse.java

@@ -4,10 +4,10 @@
 
 import io.swagger.v3.oas.annotations.media.Schema;
 import lombok.Getter;
-import team05.integrated_feed_backend.exception.code.StatusCode;
+import team05.integrated_feed_backend.common.code.StatusCode;
 
 /**
- *  code, status, message 기본 응답 형식
+ * code, status, message 기본 응답 형식
  **/
 @Getter
 @Schema(description = "기본 응답 형식")

src/main/java/team05/integrated_feed_backend/common/code/StatusCode.java

@@ -1,4 +1,4 @@
-package team05.integrated_feed_backend.exception.code;
+package team05.integrated_feed_backend.common.code;
 
 import org.springframework.http.HttpStatus;
 
@@ -18,6 +18,8 @@ public enum StatusCode {
 	 * 400 번대 CODE
 	 **/
 	METHOD_NOT_ALLOWED(HttpStatus.METHOD_NOT_ALLOWED, "요청 경로가 지원되지 않습니다."),
+	USER_NOT_FOUND(HttpStatus.NOT_FOUND, "요청된 사용자를 찾을 수 없습니다."),
+	UNAUTHORIZED(HttpStatus.UNAUTHORIZED, "인증 오류가 발생했습니다."),
 
 	/**
 	 * 500 번대 CODE

src/main/java/team05/integrated_feed_backend/common/BaseEntity.java → src/main/java/team05/integrated_feed_backend/common/entity/BaseEntity.java

@@ -1,4 +1,4 @@
-package team05.integrated_feed_backend.common;
+package team05.integrated_feed_backend.common.entity;
 
 import com.fasterxml.jackson.annotation.JsonFormat;
 import jakarta.persistence.Column;

src/main/java/team05/integrated_feed_backend/core/config/SecurityConfig.java

@@ -0,0 +1,71 @@
+package team05.integrated_feed_backend.core.config;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.http.HttpMethod;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.http.SessionCreationPolicy;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+
+import lombok.RequiredArgsConstructor;
+import team05.integrated_feed_backend.module.auth.jwt.JwtAuthenticationFilter;
+import team05.integrated_feed_backend.module.auth.jwt.JwtManager;
+
+@Configuration
+@EnableWebSecurity
+@RequiredArgsConstructor
+public class SecurityConfig {
+
+	private final JwtManager jwtManager;
+	private final UserDetailsService userDetailsService;
+
+	@Bean
+	public JwtAuthenticationFilter jwtAuthenticationFilter() {
+		return new JwtAuthenticationFilter(jwtManager, userDetailsService);
+	}
+
+	@Bean
+	public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
+
+		http
+			.csrf(csrf -> csrf.disable()) // CSRF 보호를 비활성화 (JWT를 사용하기 때문에)
+			.authorizeHttpRequests(authorize -> authorize
+				.requestMatchers(
+					"/swagger-ui/**",
+					"/v3/api-docs/**",
+					"/swagger-ui.html",
+					"/api-docs/**",
+					"/webjars/**"
+				).permitAll()  // Swagger UI 관련 경로에 인증 없이 접근 허용
+				.requestMatchers("/auth/**").permitAll() // 인증 없이 접근할 수 있는 경로 설정 (회원가입, 로그인 등)
+				.requestMatchers(HttpMethod.POST, "/api/members").permitAll()
+				.anyRequest().authenticated() // 그 외의 모든 요청 인증 필요
+			)
+			.sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS)) // 세션 사용 X
+			.addFilterBefore(jwtAuthenticationFilter(),
+				UsernamePasswordAuthenticationFilter.class); // JWT 필터를 UsernamePasswordAuthenticationFilter 앞에 추가
+
+		return http.build();
+	}
+
+	@Bean
+	public PasswordEncoder passwordEncoder() {
+		return new BCryptPasswordEncoder();
+	}
+
+	@Bean
+	public AuthenticationManager authenticationManager(HttpSecurity http) throws Exception {
+		AuthenticationManagerBuilder authManagerBuilder = http.getSharedObject(AuthenticationManagerBuilder.class);
+		authManagerBuilder
+			.userDetailsService(userDetailsService)
+			.passwordEncoder(passwordEncoder());
+		return authManagerBuilder.build();
+	}
+}

src/main/java/team05/integrated_feed_backend/exception/GlobalExceptionHandler.java

@@ -8,6 +8,7 @@
 import org.springframework.context.support.DefaultMessageSourceResolvable;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.converter.HttpMessageNotReadableException;
+import org.springframework.security.core.userdetails.UsernameNotFoundException;
 import org.springframework.web.bind.MethodArgumentNotValidException;
 import org.springframework.web.bind.annotation.ExceptionHandler;
 import org.springframework.web.bind.annotation.ResponseStatus;
@@ -18,7 +19,7 @@
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 import team05.integrated_feed_backend.common.BaseApiResponse;
-import team05.integrated_feed_backend.exception.code.StatusCode;
+import team05.integrated_feed_backend.common.code.StatusCode;
 import team05.integrated_feed_backend.exception.custom.BadRequestException;
 import team05.integrated_feed_backend.exception.custom.BusinessException;
 import team05.integrated_feed_backend.exception.custom.DataNotFoundException;
@@ -147,6 +148,18 @@ public BaseApiResponse<Void> handleUnknownException(Exception e) {
 		return BaseApiResponse.of(statusCode);
 	}
 
+	/**
+	 * 인증 과정에서 사용자를 찾을 수 없는 경우 발생
+	 * ex) JWT 토큰에 포함된 사용자 이름으로 사용자를 로드할 때 해당 사용자가 존재하지 않는 경우
+	 **/
+	@ResponseStatus(UNAUTHORIZED)
+	@ExceptionHandler({UsernameNotFoundException.class})
+	public BaseApiResponse<Void> handleUsernameNotFoundException(UsernameNotFoundException e) {
+		log.warn(e.getMessage(), e);
+
+		return BaseApiResponse.of(StatusCode.UNAUTHORIZED);
+	}
+
 	/**
 	 * validation 검사 실패한 항목 에러 메세지 만드는 메서드
 	 */
@@ -192,4 +205,5 @@ private static StatusCode getStatusCodeFromException(BusinessException e) {
 
 		return e.getStatusCode();
 	}
+
 }

src/main/java/team05/integrated_feed_backend/exception/custom/BadRequestException.java

@@ -1,7 +1,7 @@
 package team05.integrated_feed_backend.exception.custom;
 
 import lombok.Getter;
-import team05.integrated_feed_backend.exception.code.StatusCode;
+import team05.integrated_feed_backend.common.code.StatusCode;
 
 /**
  * 요청이 잘못된 경우

src/main/java/team05/integrated_feed_backend/exception/custom/BusinessException.java

@@ -2,7 +2,7 @@
 
 import lombok.AllArgsConstructor;
 import lombok.Getter;
-import team05.integrated_feed_backend.exception.code.StatusCode;
+import team05.integrated_feed_backend.common.code.StatusCode;
 
 /**
  * 비즈니스 로직 중에서 나는 에러 정의

src/main/java/team05/integrated_feed_backend/exception/custom/DataNotFoundException.java

@@ -1,7 +1,7 @@
 package team05.integrated_feed_backend.exception.custom;
 
 import lombok.Getter;
-import team05.integrated_feed_backend.exception.code.StatusCode;
+import team05.integrated_feed_backend.common.code.StatusCode;
 
 /**
  * 요청 결과가 없는 경우

src/main/java/team05/integrated_feed_backend/exception/custom/DuplicateResourceException.java

@@ -1,7 +1,7 @@
 package team05.integrated_feed_backend.exception.custom;
 
 import lombok.Getter;
-import team05.integrated_feed_backend.exception.code.StatusCode;
+import team05.integrated_feed_backend.common.code.StatusCode;
 
 /**
  * 생성하고자 요청하는 데이터가 이미 있는 경우

src/main/java/team05/integrated_feed_backend/exception/custom/ForbiddenException.java

@@ -1,7 +1,7 @@
 package team05.integrated_feed_backend.exception.custom;
 
 import lombok.Getter;
-import team05.integrated_feed_backend.exception.code.StatusCode;
+import team05.integrated_feed_backend.common.code.StatusCode;
 
 /**
  * 권한이 없는 곳에 접근하고자 하는 경우

src/main/java/team05/integrated_feed_backend/module/auth/entity/VerificationCode.java

@@ -2,8 +2,8 @@
 
 import jakarta.persistence.*;
 import lombok.*;
-import team05.integrated_feed_backend.common.BaseEntity;
-import team05.integrated_feed_backend.module.user.entity.Member;
+import team05.integrated_feed_backend.common.entity.BaseEntity;
+import team05.integrated_feed_backend.module.member.entity.Member;
 
 import java.time.LocalDateTime;
 

src/main/java/team05/integrated_feed_backend/module/auth/jwt/JwtAuthenticationFilter.java

@@ -0,0 +1,55 @@
+package team05.integrated_feed_backend.module.auth.jwt;
+
+import java.io.IOException;
+
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
+import org.springframework.web.filter.OncePerRequestFilter;
+
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+
+@Slf4j
+@RequiredArgsConstructor
+public class JwtAuthenticationFilter extends OncePerRequestFilter {
+
+	private final JwtManager jwtManager;
+	private final UserDetailsService userDetailsService;
+
+	@Override
+	protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
+		throws ServletException, IOException {
+
+		// Swagger ui 관련 요청은 필터링하지 않음
+		String path = request.getRequestURI();
+		if (path.startsWith("/swagger-ui") || path.startsWith("/webjars/") || path.startsWith("/v3/api-docs")) {
+			filterChain.doFilter(request, response);
+			return;
+		}
+		// request에서 토큰 파싱, 토큰 문자열 반환해 이후 인증 확인
+		String token = jwtManager.resolveToken(request);
+
+		if (token != null && jwtManager.isValidToken(token)) {
+			String account = jwtManager.getAccount(token);
+
+			// UserDetailsService를 통해 UserDetails를 로드
+			var userDetails = userDetailsService.loadUserByUsername(account);
+
+			// 토큰이 유효한 경우 Authentication 생성
+			UsernamePasswordAuthenticationToken authentication = (UsernamePasswordAuthenticationToken)jwtManager.getAuthentication(
+				token, userDetails);
+			authentication.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
+
+			// SecurityContext에 객체 설정
+			SecurityContextHolder.getContext().setAuthentication(authentication);
+		}
+		// 다음 필터로 요청 전달
+		filterChain.doFilter(request, response);
+	}
+}

src/main/java/team05/integrated_feed_backend/module/auth/jwt/JwtManager.java

@@ -0,0 +1,113 @@
+package team05.integrated_feed_backend.module.auth.jwt;
+
+import java.security.Key;
+import java.util.Base64;
+import java.util.Date;
+
+import javax.crypto.spec.SecretKeySpec;
+
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.stereotype.Component;
+
+import io.jsonwebtoken.Claims;
+import io.jsonwebtoken.Jwts;
+import io.jsonwebtoken.SignatureAlgorithm;
+import jakarta.servlet.http.HttpServletRequest;
+import lombok.extern.slf4j.Slf4j;
+import team05.integrated_feed_backend.module.auth.security.CustomUserDetails;
+
+@Slf4j
+@Component
+public class JwtManager {
+	private static final String CLAIM_MEMBER_ID = "memberId";
+	private static final String CLAIM_ACCOUNT = "account";
+
+	private final Key secretKey;
+
+	@Value("${jwt.token-validity-in-seconds}")
+	private long tokenValidityInseconds;
+
+	//jjwt: String secretKey -> Key 객체 방식으로 대체됨
+	public JwtManager(@Value("${jwt.secret}") String secret) {
+		byte[] keyBytes = Base64.getDecoder().decode(secret);
+		this.secretKey = new SecretKeySpec(keyBytes, SignatureAlgorithm.HS256.getJcaName());
+	}
+
+	// JWT 토큰 생성
+	public String generateToken(Authentication authentication) {
+		CustomUserDetails userDetails = (CustomUserDetails)authentication.getPrincipal();
+		Long memberId = userDetails.getMemberId();
+		String account = userDetails.getUsername();
+
+		// JWT 토큰에 포함되는 정보(페이로드): jwt의 주체 memberId로
+		Claims claims = Jwts.claims().setSubject(String.valueOf(memberId));
+		claims.put(CLAIM_MEMBER_ID, memberId);
+		claims.put(CLAIM_ACCOUNT, account);
+
+		Date now = new Date();
+		Date validity = new Date(now.getTime() + tokenValidityInseconds * 1000);
+
+		String token = Jwts.builder()
+			.setClaims(claims)
+			.setIssuedAt(now)   // 발급 시간
+			.setExpiration(validity)    // 만료 시간
+			.signWith(secretKey, SignatureAlgorithm.HS256)  // 서명
+			.compact();
+
+		log.info("JWT 토큰 생성: 사용자 계정 = {}, 만료시간 = {}", account, validity);
+		return token;
+	}
+
+	// HTTP 요청 헤더에서 JWT 토큰을 추출
+	public String resolveToken(HttpServletRequest request) {
+		String bearerToken = request.getHeader("Authorization");
+		if (bearerToken != null && bearerToken.startsWith("Bearer ")) {
+			return bearerToken.substring(7);  // "Bearer " 이후의 토큰 실제부분만 추출
+		}
+		return null;
+	}
+
+	public Authentication getAuthentication(String token, UserDetails userDetails) {
+		return new UsernamePasswordAuthenticationToken(
+			userDetails, null, userDetails.getAuthorities());
+	}
+
+	// jjwt : parser() 메서드가 parserBuilder()로 대체됨
+	// JWT 토큰에서 memberId 추출 (Body: 페이로드)
+	public Long getMemberId(String token) {
+		return Long.parseLong(Jwts.parserBuilder()
+			.setSigningKey(secretKey)
+			.build()
+			.parseClaimsJws(token)
+			.getBody()
+			.getSubject());
+	}
+
+	// JWT 토큰에서 account 추출
+	public String getAccount(String token) {
+		return Jwts.parserBuilder()
+			.setSigningKey(secretKey)
+			.build()
+			.parseClaimsJws(token)
+			.getBody()
+			.get(CLAIM_ACCOUNT, String.class);
+	}
+
+	// JWT 토큰 유효성 검증
+	public boolean isValidToken(String token) {
+		try {
+			Jwts.parserBuilder()
+				.setSigningKey(secretKey)
+				.build()
+				.parseClaimsJws(token);
+			log.debug("JWT 토큰 유효성 검사 통과: {}", token);
+			return true;
+		} catch (Exception e) {
+			log.error("JWT 토큰 유효성 검사 실패: {}", token, e);
+			return false;
+		}
+	}
+}