feat: JWT 기반 인증 및 Spring Security 설정 구현 #23

build.gradle

@@ -38,6 +38,10 @@ dependencies {
     implementation 'org.springframework.boot:spring-boot-starter-validation'
     implementation 'org.springframework.boot:spring-boot-starter-web'
     implementation 'org.springdoc:springdoc-openapi-starter-webmvc-ui:2.0.2'
+    implementation 'io.jsonwebtoken:jjwt-api:0.11.5'
+    implementation 'io.jsonwebtoken:jjwt-impl:0.11.5'
+    implementation 'io.jsonwebtoken:jjwt-jackson:0.11.5'
+    implementation 'org.springframework.boot:spring-boot-starter-security'
     compileOnly 'org.projectlombok:lombok'
     runtimeOnly 'org.postgresql:postgresql'
     annotationProcessor 'org.projectlombok:lombok'

src/main/java/team05/integrated_feed_backend/common/BaseEntity.java → src/main/java/team05/integrated_feed_backend/common/entity/BaseEntity.java

@@ -1,4 +1,4 @@
-package team05.integrated_feed_backend.common;
+package team05.integrated_feed_backend.common.entity;
 
 import com.fasterxml.jackson.annotation.JsonFormat;
 import jakarta.persistence.Column;

src/main/java/team05/integrated_feed_backend/core/config/SecurityConfig.java

@@ -0,0 +1,61 @@
+package team05.integrated_feed_backend.core.config;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.http.SessionCreationPolicy;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+
+import lombok.RequiredArgsConstructor;
+import team05.integrated_feed_backend.module.auth.jwt.JwtAuthenticationFilter;
+import team05.integrated_feed_backend.module.auth.jwt.JwtUtil;
+
+@Configuration
+@EnableWebSecurity
+@RequiredArgsConstructor
+public class SecurityConfig {
+
+	private final JwtUtil jwtUtil;
+	private final UserDetailsService userDetailsService;
+
+	@Bean
+	public JwtAuthenticationFilter jwtAuthenticationFilter() {
+		return new JwtAuthenticationFilter(jwtUtil, userDetailsService);
+	}
+
+	@Bean
+	public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
+
+		http
+			.csrf(csrf -> csrf.disable()) // CSRF 보호를 비활성화 (JWT를 사용하기 때문에)
+			.sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS)) // 세션 사용X
+			.authorizeHttpRequests(authorize -> authorize
+				.requestMatchers("/auth/**").permitAll() // 인증 없이 접근할 수 있는 경로 설정하기 (회원가입, 로그인 등)
+				.anyRequest().authenticated() // 그 외의 모든 요청 인증 필요
+			)
+			.addFilterBefore(jwtAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class); // JWT 필터 추가
+
+		return http.build();
+	}
+
+	@Bean
+	public PasswordEncoder passwordEncoder() {
+		return new BCryptPasswordEncoder();
+	}
+
+	@Bean
+	public AuthenticationManager authenticationManager(HttpSecurity http) throws Exception {
+		AuthenticationManagerBuilder authManagerBuilder = http.getSharedObject(AuthenticationManagerBuilder.class);
+		authManagerBuilder
+			.userDetailsService(userDetailsService)
+			.passwordEncoder(passwordEncoder());
+		return authManagerBuilder.build();
+	}
+}

src/main/java/team05/integrated_feed_backend/exception/GlobalExceptionHandler.java

@@ -8,6 +8,7 @@
 import org.springframework.context.support.DefaultMessageSourceResolvable;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.converter.HttpMessageNotReadableException;
+import org.springframework.security.core.userdetails.UsernameNotFoundException;
 import org.springframework.web.bind.MethodArgumentNotValidException;
 import org.springframework.web.bind.annotation.ExceptionHandler;
 import org.springframework.web.bind.annotation.ResponseStatus;
@@ -147,6 +148,18 @@ public BaseApiResponse<Void> handleUnknownException(Exception e) {
 		return BaseApiResponse.of(statusCode);
 	}
 
+	/**
+	 * 요청된 사용자를 찾을 수 없는 경우
+	 * ex) 로그인 시 존재하지 않는 사용자를 입력한 경우
+	 **/
+	@ResponseStatus(NOT_FOUND)
+	@ExceptionHandler({UsernameNotFoundException.class})
+	public BaseApiResponse<Void> handleUsernameNotFoundException(UsernameNotFoundException e) {
+		log.warn(e.getMessage(), e);
+
+		return BaseApiResponse.of(StatusCode.USER_NOT_FOUND);
+	}
+
 	/**
 	 * validation 검사 실패한 항목 에러 메세지 만드는 메서드
 	 */
@@ -192,4 +205,5 @@ private static StatusCode getStatusCodeFromException(BusinessException e) {
 
 		return e.getStatusCode();
 	}
+
 }

src/main/java/team05/integrated_feed_backend/exception/code/StatusCode.java

@@ -17,6 +17,7 @@ public enum StatusCode {
 	 * 400 번대 CODE
 	 **/
 	METHOD_NOT_ALLOWED(HttpStatus.METHOD_NOT_ALLOWED, "요청 경로가 지원되지 않습니다."),
+	USER_NOT_FOUND(HttpStatus.NOT_FOUND, "요청된 사용자를 찾을 수 없습니다."),
 
 	/**
 	 * 500 번대 CODE

src/main/java/team05/integrated_feed_backend/module/auth/entity/VerificationCode.java

@@ -2,8 +2,8 @@
 
 import jakarta.persistence.*;
 import lombok.*;
-import team05.integrated_feed_backend.common.BaseEntity;
-import team05.integrated_feed_backend.module.user.entity.Member;
+import team05.integrated_feed_backend.common.entity.BaseEntity;
+import team05.integrated_feed_backend.module.member.entity.Member;
 
 import java.time.LocalDateTime;
 

src/main/java/team05/integrated_feed_backend/module/auth/jwt/JwtAuthenticationFilter.java

@@ -0,0 +1,49 @@
+package team05.integrated_feed_backend.module.auth.jwt;
+
+import java.io.IOException;
+
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
+import org.springframework.web.filter.OncePerRequestFilter;
+
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+
+@Slf4j
+@RequiredArgsConstructor
+public class JwtAuthenticationFilter extends OncePerRequestFilter {
+
+	private final JwtUtil jwtUtil;
+	private final UserDetailsService userDetailsService;
+
+	@Override
+	protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
+		throws ServletException, IOException {
+
+		String token = jwtUtil.resolveToken(request);
+
+		if (token != null && jwtUtil.validateToken(token)) {
+			String account = jwtUtil.getAccount(token);
+
+			// UserDetailsService를 통해 UserDetails를 로드
+			var userDetails = userDetailsService.loadUserByUsername(account);
+
+			// 토큰이 유효한 경우 Authentication 생성
+			UsernamePasswordAuthenticationToken authentication = (UsernamePasswordAuthenticationToken)jwtUtil.getAuthentication(
+				token, userDetails);
+			authentication.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
+
+			// SecurityContext에 객체 설정
+			SecurityContextHolder.getContext().setAuthentication(authentication);
+
+			// 다음 필터로 요청 전달
+			filterChain.doFilter(request, response);
+		}
+	}
+}

src/main/java/team05/integrated_feed_backend/module/auth/jwt/JwtUtil.java

@@ -0,0 +1,111 @@
+package team05.integrated_feed_backend.module.auth.jwt;
+
+import java.security.Key;
+import java.util.Base64;
+import java.util.Date;
+
+import javax.crypto.spec.SecretKeySpec;
+
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.stereotype.Component;
+
+import io.jsonwebtoken.Claims;
+import io.jsonwebtoken.Jwts;
+import io.jsonwebtoken.SignatureAlgorithm;
+import jakarta.servlet.http.HttpServletRequest;
+import lombok.extern.slf4j.Slf4j;
+import team05.integrated_feed_backend.module.auth.security.CustomUserDetails;
+
+@Slf4j
+@Component
+public class JwtUtil {
+
+	private final Key secretKey;
+
+	//jjwt: String secretKey -> Key 객체 방식으로 대체됨
+	public JwtUtil(@Value("${jwt.secret}") String secret) {
+		byte[] keyBytes = Base64.getDecoder().decode(secret);
+		this.secretKey = new SecretKeySpec(keyBytes, SignatureAlgorithm.HS256.getJcaName());
+	}
+
+	@Value("${jwt.token-validity-in-seconds}")
+	private long tokenValidityInseconds;
+
+	// JWT 토큰 생성
+	public String generateToken(Authentication authentication) {
+		CustomUserDetails userDetails = (CustomUserDetails)authentication.getPrincipal();
+		Long memberId = userDetails.getMemberId();
+		String account = userDetails.getUsername();
+
+		// JWT 토큰에 포함되는 정보(페이로드): jwt의 주체 memberId로
+		Claims claims = Jwts.claims().setSubject(String.valueOf(memberId));
+		claims.put("memberId", memberId);
+		claims.put("account", account);
+
+		Date now = new Date();
+		Date validity = new Date(now.getTime() + tokenValidityInseconds * 1000);
+
+		String token = Jwts.builder()
+			.setClaims(claims)
+			.setIssuedAt(now)   // 발급 시간
+			.setExpiration(validity)    // 만료 시간
+			.signWith(secretKey, SignatureAlgorithm.HS256)  // 서명
+			.compact();
+
+		log.info("JWT 토큰 생성: 사용자 계정 = {}, 만료시간 = {}", account, validity);
+		return token;
+	}
+
+	// HTTP 요청 헤더에서 JWT 토큰을 추출
+	public String resolveToken(HttpServletRequest request) {
+		String bearerToken = request.getHeader("Authorization");
+		if (bearerToken != null && bearerToken.startsWith("Bearer ")) {
+			return bearerToken.substring(7);  // "Bearer " 이후의 토큰 실제부분만 추출
+		}
+		return null;
+	}
+
+	public Authentication getAuthentication(String token, UserDetails userDetails) {
+		return new UsernamePasswordAuthenticationToken(
+			userDetails, null, userDetails.getAuthorities());
+	}
+
+	// jjwt : parser() 메서드가 parserBuilder()로 대체됨
+	// JWT 토큰에서 memberId 추출 (Body: 페이로드)
+	public Long getMemberId(String token) {
+		return Long.parseLong(Jwts.parserBuilder()
+			.setSigningKey(secretKey)
+			.build()
+			.parseClaimsJws(token)
+			.getBody()
+			.getSubject());
+	}
+
+	// JWT 토큰에서 account 추출
+	public String getAccount(String token) {
+		return Jwts.parserBuilder()
+			.setSigningKey(secretKey)
+			.build()
+			.parseClaimsJws(token)
+			.getBody()
+			.get("account", String.class);
+	}
+
+	// JWT 토큰 유효성 검증
+	public boolean validateToken(String token) {
+		try {
+			Jwts.parserBuilder()
+				.setSigningKey(secretKey)
+				.build()
+				.parseClaimsJws(token);
+			log.debug("JWT 토큰 유효성 검사 통과: {}", token);
+			return true;
+		} catch (Exception e) {
+			log.error("JWT 토큰 유효성 검사 실패: {}", token, e);
+			return false;
+		}
+	}
+}

src/main/java/team05/integrated_feed_backend/module/auth/security/CustomUserDetails.java

@@ -0,0 +1,66 @@
+package team05.integrated_feed_backend.module.auth.security;
+
+import java.util.Collection;
+import java.util.Collections;
+
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.userdetails.UserDetails;
+
+import lombok.Getter;
+import team05.integrated_feed_backend.module.member.entity.Member;
+
+@Getter
+public class CustomUserDetails implements UserDetails {
+
+	private final Member member;
+
+	public CustomUserDetails(Member member) {
+		this.member = member;
+	}
+
+	@Override
+	public String getUsername() {
+		return member.getAccount();
+	}
+
+	@Override
+	public String getPassword() {
+		return member.getPassword();
+	}
+
+	// 계정 만료 여부 확인 로직
+	@Override
+	public boolean isAccountNonExpired() {
+		return true;
+	}
+
+	// 계정 잠김 여부 확인 로직
+	@Override
+	public boolean isAccountNonLocked() {
+		return true;
+	}
+
+	// 자격 증명(비밀번호) 만료 여부 확인 로직
+	@Override
+	public boolean isCredentialsNonExpired() {
+		return true;
+	}
+
+	@Override
+	public boolean isEnabled() {
+		return "verified".equals(member.getStatus());  // 인증된 상태만 활성화
+	}
+
+	@Override
+	public Collection<? extends GrantedAuthority> getAuthorities() {
+		return Collections.emptyList();
+	}
+
+	public Long getMemberId() {
+		return member.getMemberId();
+	}
+
+	public String getEmail() {
+		return member.getEmail();
+	}
+}

src/main/java/team05/integrated_feed_backend/module/auth/security/CustomUserDetailsService.java

@@ -0,0 +1,30 @@
+package team05.integrated_feed_backend.module.auth.security;
+
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.core.userdetails.UsernameNotFoundException;
+import org.springframework.stereotype.Service;
+import org.springframework.transaction.annotation.Transactional;
+
+import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+import team05.integrated_feed_backend.exception.code.StatusCode;
+import team05.integrated_feed_backend.module.member.entity.Member;
+import team05.integrated_feed_backend.module.member.repository.MemberRepository;
+
+@Slf4j
+@Service
+@Transactional(readOnly = true)
+@RequiredArgsConstructor
+public class CustomUserDetailsService implements UserDetailsService {
+	private final MemberRepository memberRepository;
+
+	@Override
+	public UserDetails loadUserByUsername(String account) throws UsernameNotFoundException {
+		Member member = memberRepository.findByAccount(account)
+			.orElseThrow(() -> new UsernameNotFoundException(StatusCode.USER_NOT_FOUND.name()));
+
+		log.info("유저 조회 성공: {}", member.getAccount());
+		return new CustomUserDetails(member);
+	}
+}