diff --git a/src/main/java/com/drinkeg/drinkeg/jwt/JWTException.java b/src/main/java/com/drinkeg/drinkeg/jwt/JWTException.java index f8336761..06e0a713 100644 --- a/src/main/java/com/drinkeg/drinkeg/jwt/JWTException.java +++ b/src/main/java/com/drinkeg/drinkeg/jwt/JWTException.java @@ -14,6 +14,8 @@ public class JWTException { public static void jwtExceptionHandler(HttpServletResponse response, ErrorStatus errorStatus) { + System.out.println("----------jwt exception handler---------------"); + response.setStatus(errorStatus.getHttpStatus().value()); response.setContentType("application/json"); response.setCharacterEncoding("UTF-8"); diff --git a/src/main/java/com/drinkeg/drinkeg/jwt/JWTFilter.java b/src/main/java/com/drinkeg/drinkeg/jwt/JWTFilter.java index 351d4d8d..90eeb628 100644 --- a/src/main/java/com/drinkeg/drinkeg/jwt/JWTFilter.java +++ b/src/main/java/com/drinkeg/drinkeg/jwt/JWTFilter.java @@ -50,7 +50,6 @@ protected void doFilterInternal(HttpServletRequest request, HttpServletResponse System.out.println("cookie = " + cookie.getName() + "= " + cookie.getValue()); if (cookie.getName().equals("accessToken")) { - accessToken = cookie.getValue(); } } @@ -60,7 +59,6 @@ protected void doFilterInternal(HttpServletRequest request, HttpServletResponse if (accessToken == null) { filterChain.doFilter(request, response); //조건이 해당되면 메소드 종료 (필수) - response.setStatus(HttpServletResponse.SC_UNAUTHORIZED); return ; } @@ -69,7 +67,6 @@ protected void doFilterInternal(HttpServletRequest request, HttpServletResponse System.out.println("token expired"); filterChain.doFilter(request, response); - response.setStatus(HttpServletResponse.SC_UNAUTHORIZED); //조건이 해당되면 메소드 종료 (필수) return; } @@ -77,7 +74,6 @@ protected void doFilterInternal(HttpServletRequest request, HttpServletResponse //토큰이 access 토큰인지 확인 String category = jwtUtil.getCategory(accessToken); if(!category.equals("access")){ - response.setStatus(HttpServletResponse.SC_UNAUTHORIZED); return; } @@ -100,7 +96,6 @@ protected void doFilterInternal(HttpServletRequest request, HttpServletResponse //스프링 시큐리티 인증 토큰 생성 Authentication authToken = new UsernamePasswordAuthenticationToken(principalDetail, null, principalDetail.getAuthorities()); - //세션에 사용자 등록 SecurityContextHolder.getContext().setAuthentication(authToken); filterChain.doFilter(request, response); } diff --git a/src/main/java/com/drinkeg/drinkeg/jwt/LoginFilter.java b/src/main/java/com/drinkeg/drinkeg/jwt/LoginFilter.java index 127d70d9..7ea6daae 100644 --- a/src/main/java/com/drinkeg/drinkeg/jwt/LoginFilter.java +++ b/src/main/java/com/drinkeg/drinkeg/jwt/LoginFilter.java @@ -39,6 +39,7 @@ public class LoginFilter extends UsernamePasswordAuthenticationFilter { @Override public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException { + // 클라이언트 요청에서 username, password 추출 ObjectMapper objectMapper = new ObjectMapper(); Map requestBody; @@ -88,8 +89,8 @@ protected void successfulAuthentication(HttpServletRequest request, HttpServletR // 토큰을 쿠키에 저장하여 응답 (access 의 경우 추후 프론트와 협의하여 헤더에 넣어서 반환할 예정) - response.addCookie(tokenService.createCookie("accessToken", accessToken)); - response.addCookie(tokenService.createCookie("refreshToken", refreshToken)); + tokenService.createCookie(response, "accessToken", accessToken); // Access Token 쿠키 추가 + tokenService.createCookie(response, "refreshToken", refreshToken); // refresh token 쿠키 추가 response.setStatus(HttpStatus.OK.value()); // redis에 refresh 토큰 저장 diff --git a/src/main/java/com/drinkeg/drinkeg/oauth2/CustomSuccessHandler.java b/src/main/java/com/drinkeg/drinkeg/oauth2/CustomSuccessHandler.java index b90015d4..0b119454 100644 --- a/src/main/java/com/drinkeg/drinkeg/oauth2/CustomSuccessHandler.java +++ b/src/main/java/com/drinkeg/drinkeg/oauth2/CustomSuccessHandler.java @@ -49,8 +49,8 @@ public void onAuthenticationSuccess(HttpServletRequest request, HttpServletRespo // 토큰을 쿠키에 저장하여 응답 (access 의 경우 추후 프론트와 협의하여 헤더에 넣어서 반환할 예정) - response.addCookie(tokenService.createCookie("accessToken", accessToken)); - response.addCookie(tokenService.createCookie("refreshToken", refreshToken)); + tokenService.createCookie(response, "accessToken", accessToken); // Access Token 쿠키 추가 + tokenService.createCookie(response, "refreshToken", refreshToken); // refresh token 쿠키 추가 response.setStatus(HttpStatus.OK.value()); // redis에 refresh 토큰 저장 diff --git a/src/main/java/com/drinkeg/drinkeg/service/loginService/AppleLoginService.java b/src/main/java/com/drinkeg/drinkeg/service/loginService/AppleLoginService.java index 22dd3bae..4ea89ecf 100644 --- a/src/main/java/com/drinkeg/drinkeg/service/loginService/AppleLoginService.java +++ b/src/main/java/com/drinkeg/drinkeg/service/loginService/AppleLoginService.java @@ -85,8 +85,8 @@ public void jwtProvider(Member member, HttpServletResponse response) { String refreshToken = jwtUtil.createJwt("refresh",member.getUsername(), member.getRole(),864000000L); // 토큰을 쿠키에 저장하여 응답 - response.addCookie(tokenService.createCookie("accessToken", accessToken)); - response.addCookie(tokenService.createCookie("refreshToken", refreshToken)); + tokenService.createCookie(response, "accessToken", accessToken); // Access Token 쿠키 추가 + tokenService.createCookie(response, "refreshToken", refreshToken); // refresh token 쿠키 추가 response.setStatus(HttpStatus.OK.value()); // redis에 refresh 토큰 저장 diff --git a/src/main/java/com/drinkeg/drinkeg/service/loginService/TokenService.java b/src/main/java/com/drinkeg/drinkeg/service/loginService/TokenService.java index 78f0a9ff..fbb80a0e 100644 --- a/src/main/java/com/drinkeg/drinkeg/service/loginService/TokenService.java +++ b/src/main/java/com/drinkeg/drinkeg/service/loginService/TokenService.java @@ -14,6 +14,7 @@ import jakarta.servlet.http.HttpServletResponse; import lombok.RequiredArgsConstructor; import org.springframework.http.HttpStatus; +import org.springframework.http.ResponseCookie; import org.springframework.stereotype.Service; import org.springframework.util.StringUtils; @@ -29,17 +30,20 @@ public class TokenService { private final JWTUtil jwtUtil; private final RedisClient redisClient; - public Cookie createCookie(String key, String value) { + public void createCookie(HttpServletResponse response, String key, String value) { - Cookie cookie = new Cookie(key, value); - cookie.setMaxAge(24*60*60); - //cookie.setSecure(true); //https를 사용할 경우 - cookie.setPath("/"); // 쿠키가 적용될 경로 - cookie.setHttpOnly(true); + ResponseCookie cookie = ResponseCookie.from(key, value) + .httpOnly(true) + .secure(true) // HTTPS만 허용 + .path("/") + .sameSite("Strict") // SameSite 설정 + .maxAge(24 * 60 * 60) // 1일 + .build(); + response.addHeader("Set-Cookie", cookie.toString()); - return cookie; } + public void reissueRefreshToken(HttpServletRequest request, HttpServletResponse response) { //get refresh token @@ -99,8 +103,8 @@ public void reissueRefreshToken(HttpServletRequest request, HttpServletResponse redisClient.setValue(username, newRefresh, 864000000L); //response - response.addCookie(createCookie("accessToken", newAccess)); - response.addCookie(createCookie("refreshToken", newRefresh)); + createCookie(response, "accessToken", newAccess); // Access Token 쿠키 추가 + createCookie(response, "refreshToken", newRefresh); // refresh token 쿠키 추가 response.setStatus(HttpStatus.OK.value()); }