[FIX] google auth 수정 및 헤더에 오던 토큰 응답을 body로 변경 - front가 유연한 리다이렉트 하도록 책임 변경

Author: hyunbin1

src/main/java/com/example/ai_tutor/domain/auth/application/AuthService.java

@@ -7,7 +7,6 @@
 import com.example.ai_tutor.domain.auth.dto.AuthRes;
 import com.example.ai_tutor.domain.auth.dto.RefreshTokenReq;
 import com.example.ai_tutor.domain.auth.dto.TokenMapping;
-import com.example.ai_tutor.domain.professor.domain.Professor;
 import com.example.ai_tutor.domain.professor.domain.repository.ProfessorRepository;
 import com.example.ai_tutor.domain.user.domain.User;
 import com.example.ai_tutor.domain.user.domain.repository.UserRepository;
@@ -23,7 +22,6 @@
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContextHolder;
-import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
 
@@ -34,7 +32,7 @@
 @Transactional(readOnly = true)
 public class AuthService {
 
-    private final CustomTokenProviderService customTokenProviderService;
+    private final JwtUtil jwtUtil;
     private final AuthenticationManager authenticationManager;
 
     private final TokenRepository tokenRepository;
@@ -49,17 +47,17 @@ public ResponseEntity<?> refresh(RefreshTokenReq tokenRefreshRequest){
 
         Token token = tokenRepository.findByRefreshToken(tokenRefreshRequest.getRefreshToken())
                 .orElseThrow(InvalidTokenException::new);
-        Authentication authentication = customTokenProviderService.getAuthenticationByEmail(token.getUserEmail());
+        Authentication authentication = jwtUtil.getAuthenticationByEmail(token.getUserEmail());
 
         //refresh token 정보 값을 업데이트 한다.
         //시간 유효성 확인
         TokenMapping tokenMapping;
 
-        Long expirationTime = customTokenProviderService.getExpiration(tokenRefreshRequest.getRefreshToken());
+        Long expirationTime = jwtUtil.getExpiration(tokenRefreshRequest.getRefreshToken());
         if(expirationTime > 0){
-            tokenMapping = customTokenProviderService.refreshToken(authentication, token.getRefreshToken());
+            tokenMapping = jwtUtil.refreshToken(authentication, token.getRefreshToken());
         }else{
-            tokenMapping = customTokenProviderService.createToken(authentication);
+            tokenMapping = jwtUtil.createToken(authentication);
         }
 
         Token updateToken = token.updateRefreshToken(tokenMapping.getRefreshToken());
@@ -95,15 +93,15 @@ public ResponseEntity<?> signOut(UserPrincipal userPrincipal){
     private boolean valid(String refreshToken){
 
         //1. 토큰 형식 물리적 검증
-        boolean validateCheck = customTokenProviderService.validateToken(refreshToken);
+        boolean validateCheck = jwtUtil.validateToken(refreshToken);
         DefaultAssert.isTrue(validateCheck, "Token 검증에 실패하였습니다.");
 
         //2. refresh token 값을 불러온다.
         Optional<Token> token = tokenRepository.findByRefreshToken(refreshToken);
         DefaultAssert.isTrue(token.isPresent(), "탈퇴 처리된 회원입니다.");
 
         //3. email 값을 통해 인증값을 불러온다
-        Authentication authentication = customTokenProviderService.getAuthenticationByEmail(token.get().getUserEmail());
+        Authentication authentication = jwtUtil.getAuthenticationByEmail(token.get().getUserEmail());
         DefaultAssert.isTrue(token.get().getUserEmail().equals(authentication.getName()), "사용자 인증에 실패하였습니다.");
 
         return true;
@@ -122,7 +120,7 @@ public ResponseEntity<?> signIn(SignInReq signInReq) {
         );
         SecurityContextHolder.getContext().setAuthentication(authentication);
 
-        TokenMapping tokenMapping = customTokenProviderService.createToken(authentication);
+        TokenMapping tokenMapping = jwtUtil.createToken(authentication);
         Token token = Token.builder()
                 .refreshToken(tokenMapping.getRefreshToken())
                 .userEmail(tokenMapping.getUserEmail())

src/main/java/com/example/ai_tutor/domain/auth/application/CustomDefaultOAuth2UserService.java

@@ -27,7 +27,6 @@
 public class CustomDefaultOAuth2UserService extends DefaultOAuth2UserService {
 
     private final UserRepository userRepository;
-    private PasswordEncoder passwordEncoder;
 
     @Override
     public OAuth2User loadUser(OAuth2UserRequest oAuth2UserRequest) throws OAuth2AuthenticationException {
@@ -59,22 +58,20 @@ private OAuth2User processOAuth2User(OAuth2UserRequest oAuth2UserRequest, OAuth2
             log.info("New user registered: {}", user);
         }
 
-        log.debug("OAuth2 user processed: {}", user);
+        log.info("OAuth2 user processed: {}", user);
         return UserPrincipal.create(user, oAuth2User.getAttributes());
     }
 
     private User registerNewUser(OAuth2UserRequest oAuth2UserRequest, OAuth2UserInfo oAuth2UserInfo) {
         User user = User.builder()
                 .name(oAuth2UserInfo.getName())
                 .email(oAuth2UserInfo.getEmail())
-                .password(passwordEncoder.encode(oAuth2UserInfo.getId()))
+                .password("oauth-only")
                 .provider(Provider.valueOf(oAuth2UserRequest.getClientRegistration().getRegistrationId()))
                 .providerId(oAuth2UserInfo.getId())
                 .build();
 
-        User savedUser = userRepository.save(user);
-        log.debug("New user registered: {}", savedUser);
-        return savedUser;
+        return userRepository.save(user);
     }
 
     private User updateExistingUser(User user, OAuth2UserInfo oAuth2UserInfo) {

…lication/CustomTokenProviderService.java …tor/domain/auth/application/JwtUtil.javasrc/main/java/com/example/ai_tutor/domain/auth/application/CustomTokenProviderService.java renamed to src/main/java/com/example/ai_tutor/domain/auth/application/JwtUtil.java src/main/java/com/example/ai_tutor/domain/auth/application/CustomTokenProviderService.java renamed to src/main/java/com/example/ai_tutor/domain/auth/application/JwtUtil.java

@@ -8,7 +8,6 @@
 import io.jsonwebtoken.security.Keys;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.beans.factory.annotation.Value;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.core.Authentication;
@@ -19,48 +18,55 @@
 
 @Slf4j
 @Service
-public class CustomTokenProviderService {
+public class JwtUtil {
 
     @Autowired
     private OAuth2Config oAuth2Config;
 
     @Autowired
     private CustomUserDetailsService customUserDetailsService;
 
-    public TokenMapping refreshToken(Authentication authentication, String refreshToken) {
+
+
+    public TokenMapping createToken(Authentication authentication) {
         UserPrincipal userPrincipal = (UserPrincipal) authentication.getPrincipal();
+
         Date now = new Date();
 
         Date accessTokenExpiresIn = new Date(now.getTime() + oAuth2Config.getAuth().getAccessTokenExpirationMsec());
+        Date refreshTokenExpiresIn = new Date(now.getTime() + oAuth2Config.getAuth().getRefreshTokenExpirationMsec());
 
         String secretKey = oAuth2Config.getAuth().getTokenSecret();
+
         byte[] keyBytes = Decoders.BASE64.decode(secretKey);
         Key key = Keys.hmacShaKeyFor(keyBytes);
 
         String accessToken = Jwts.builder()
-                .setSubject(Long.toString(userPrincipal.getId()))
+                .setSubject(userPrincipal.getEmail())
                 .setIssuedAt(new Date())
                 .setExpiration(accessTokenExpiresIn)
                 .signWith(key, SignatureAlgorithm.HS512)
                 .compact();
 
+        String refreshToken = Jwts.builder()
+                .setExpiration(refreshTokenExpiresIn)
+                .signWith(key, SignatureAlgorithm.HS512)
+                .compact();
+
         return TokenMapping.builder()
                 .userEmail(userPrincipal.getEmail())
                 .accessToken(accessToken)
                 .refreshToken(refreshToken)
                 .build();
     }
 
-    public TokenMapping createToken(Authentication authentication) {
+    public TokenMapping refreshToken(Authentication authentication, String refreshToken) {
         UserPrincipal userPrincipal = (UserPrincipal) authentication.getPrincipal();
-
         Date now = new Date();
 
         Date accessTokenExpiresIn = new Date(now.getTime() + oAuth2Config.getAuth().getAccessTokenExpirationMsec());
-        Date refreshTokenExpiresIn = new Date(now.getTime() + oAuth2Config.getAuth().getRefreshTokenExpirationMsec());
 
         String secretKey = oAuth2Config.getAuth().getTokenSecret();
-
         byte[] keyBytes = Decoders.BASE64.decode(secretKey);
         Key key = Keys.hmacShaKeyFor(keyBytes);
 
@@ -71,11 +77,6 @@ public TokenMapping createToken(Authentication authentication) {
                 .signWith(key, SignatureAlgorithm.HS512)
                 .compact();
 
-        String refreshToken = Jwts.builder()
-                .setExpiration(refreshTokenExpiresIn)
-                .signWith(key, SignatureAlgorithm.HS512)
-                .compact();
-
         return TokenMapping.builder()
                 .userEmail(userPrincipal.getEmail())
                 .accessToken(accessToken)

src/main/java/com/example/ai_tutor/global/config/security/SecurityConfig.java

@@ -6,14 +6,13 @@
 import com.example.ai_tutor.global.config.security.handler.CustomSimpleUrlAuthenticationFailureHandler;
 import com.example.ai_tutor.global.config.security.handler.CustomSimpleUrlAuthenticationSuccessHandler;
 import com.example.ai_tutor.global.config.security.token.CustomAuthenticationEntryPoint;
-import com.example.ai_tutor.global.config.security.token.CustomOncePerRequestFilter;
+import com.example.ai_tutor.global.config.security.token.JwtAuthenticationFilter;
 import lombok.RequiredArgsConstructor;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.http.HttpMethod;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
-import org.springframework.security.config.Customizer;
 import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
@@ -30,8 +29,6 @@
 import java.util.Arrays;
 import java.util.List;
 
-import static org.springframework.security.config.Customizer.withDefaults;
-
 @RequiredArgsConstructor
 @Configuration
 @EnableWebSecurity
@@ -49,8 +46,8 @@ public PasswordEncoder passwordEncoder() {
     }
 
     @Bean
-    public CustomOncePerRequestFilter customOncePerRequestFilter() {
-        return new CustomOncePerRequestFilter();
+    public JwtAuthenticationFilter customOncePerRequestFilter() {
+        return new JwtAuthenticationFilter();
     }
 
     @Bean

src/main/java/com/example/ai_tutor/global/config/security/handler/CustomSimpleUrlAuthenticationFailureHandler.java

@@ -7,30 +7,39 @@
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
 import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
 import org.springframework.stereotype.Component;
 import org.springframework.web.util.UriComponentsBuilder;
 
 import java.io.IOException;
+import java.util.Arrays;
 
 import static com.example.ai_tutor.domain.auth.domain.repository.CustomAuthorizationRequestRepository.REDIRECT_URI_PARAM_COOKIE_NAME;
 
 @RequiredArgsConstructor
 @Component
+@Slf4j
 public class CustomSimpleUrlAuthenticationFailureHandler extends SimpleUrlAuthenticationFailureHandler {
     private final CustomAuthorizationRequestRepository customAuthorizationRequestRepository;
 
     @Override
     public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, AuthenticationException exception) throws IOException, ServletException {
+        log.error("OAuth2 로그인 실패: {}", exception.getMessage());
+
+        log.info("Request URI: {}", request.getRequestURI());
+        log.info("Query String: {}", request.getQueryString());
+        log.info("Cookies: {}", Arrays.toString(request.getCookies()));
+
         String targetUrl = CustomCookie.getCookie(request, REDIRECT_URI_PARAM_COOKIE_NAME)
                 .map(Cookie::getValue)
                 .orElse(("/"));
 
         targetUrl = UriComponentsBuilder.fromUriString(targetUrl)
-                .queryParam("error", exception.getLocalizedMessage())
-                .build().toUriString();
-
+                .queryParam("error", "invalid_request")
+                .build()
+                .toUriString();
         customAuthorizationRequestRepository.removeAuthorizationRequestCookies(request, response);
 
         getRedirectStrategy().sendRedirect(request, response, targetUrl);

src/main/java/com/example/ai_tutor/global/config/security/handler/CustomSimpleUrlAuthenticationSuccessHandler.java

@@ -1,6 +1,6 @@
 package com.example.ai_tutor.global.config.security.handler;
 
-import com.example.ai_tutor.domain.auth.application.CustomTokenProviderService;
+import com.example.ai_tutor.domain.auth.application.JwtUtil;
 import com.example.ai_tutor.domain.auth.domain.Token;
 import com.example.ai_tutor.domain.auth.domain.repository.CustomAuthorizationRequestRepository;
 import com.example.ai_tutor.domain.auth.domain.repository.TokenRepository;
@@ -13,6 +13,7 @@
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
 import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler;
 import org.springframework.stereotype.Component;
@@ -24,65 +25,66 @@
 
 import static com.example.ai_tutor.domain.auth.domain.repository.CustomAuthorizationRequestRepository.REDIRECT_URI_PARAM_COOKIE_NAME;
 
+@Slf4j
 @RequiredArgsConstructor
 @Component
 public class CustomSimpleUrlAuthenticationSuccessHandler extends SimpleUrlAuthenticationSuccessHandler {
 
-    private final CustomTokenProviderService customTokenProviderService;
-    private final OAuth2Config oAuth2Config;
+    private final JwtUtil jwtUtil;             // JWT 생성 유틸
     private final TokenRepository tokenRepository;
     private final CustomAuthorizationRequestRepository customAuthorizationRequestRepository;
 
     @Override
-    public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException {
-        DefaultAssert.isAuthentication(!response.isCommitted());
+    public void onAuthenticationSuccess(HttpServletRequest request,
+                                        HttpServletResponse response,
+                                        Authentication authentication) throws IOException, ServletException {
 
-        String targetUrl = determineTargetUrl(request, response, authentication);
+        // 이미 응답이 전송된 상태인지 확인
+        if (response.isCommitted()) {
+            log.warn("Response already committed.");
+            return;
+        }
 
-        TokenMapping token = customTokenProviderService.createToken(authentication);
-        CustomCookie.addCookie(response, "Authorization", "Bearer_" + token.getAccessToken(), (int) oAuth2Config.getAuth().getAccessTokenExpirationMsec());
-        CustomCookie.addCookie(response, "Refresh_Token", "Bearer_" + token.getRefreshToken(), (int) oAuth2Config.getAuth().getRefreshTokenExpirationMsec());
+        // 1) JWT 토큰 생성
+        TokenMapping tokenMapping = jwtUtil.createToken(authentication);
 
-        clearAuthenticationAttributes(request, response);
-        getRedirectStrategy().sendRedirect(request, response, targetUrl);
-    }
-
-    protected String determineTargetUrl(HttpServletRequest request, HttpServletResponse response, Authentication authentication) {
-        Optional<String> redirectUri = CustomCookie.getCookie(request, REDIRECT_URI_PARAM_COOKIE_NAME).map(Cookie::getValue);
-
-        DefaultAssert.isAuthentication( !(redirectUri.isPresent() && !isAuthorizedRedirectUri(redirectUri.get())) );
-
-        String targetUrl = redirectUri.orElse(getDefaultTargetUrl());
-
-        TokenMapping tokenMapping = customTokenProviderService.createToken(authentication);
+        // 2) RefreshToken 저장 (DB or Redis etc.)
         Token token = Token.builder()
                 .userEmail(tokenMapping.getUserEmail())
                 .refreshToken(tokenMapping.getRefreshToken())
                 .build();
         tokenRepository.save(token);
 
-        return UriComponentsBuilder.fromUriString(targetUrl)
-                .queryParam("token", tokenMapping.getAccessToken())
-                .build().toUriString();
-    }
+        // 3) JSON으로 응답
+        response.setContentType("application/json;charset=UTF-8");
+        response.setCharacterEncoding("UTF-8");
 
-    protected void clearAuthenticationAttributes(HttpServletRequest request, HttpServletResponse response) {
-        super.clearAuthenticationAttributes(request);
+        String jsonResponse = String.format(
+                "{\"accessToken\":\"%s\",\"refreshToken\":\"%s\"}",
+                tokenMapping.getAccessToken(),
+                tokenMapping.getRefreshToken()
+        );
+
+        // 4) OAuth2 인증 과정에서 사용된 쿠키/세션 정리
+        clearAuthenticationAttributes(request, response);
         customAuthorizationRequestRepository.removeAuthorizationRequestCookies(request, response);
+
+        // 5) 최종 응답
+        response.getWriter().write(jsonResponse);
+        response.getWriter().flush();
+
+        log.info("OAuth2 로그인 성공. JWT 토큰 발급 후 JSON으로 응답 완료.");
     }
 
-    private boolean isAuthorizedRedirectUri(String uri) {
-        URI clientRedirectUri = URI.create(uri);
-
-        return oAuth2Config.getOauth2().getAuthorizedRedirectUris()
-                .stream()
-                .anyMatch(authorizedRedirectUri -> {
-                    URI authorizedURI = URI.create(authorizedRedirectUri);
-                    if(authorizedURI.getHost().equalsIgnoreCase(clientRedirectUri.getHost())
-                            && authorizedURI.getPort() == clientRedirectUri.getPort()) {
-                        return true;
-                    }
-                    return false;
-                });
+    /**
+     * 원래 SimpleUrlAuthenticationSuccessHandler에는
+     * clearAuthenticationAttributes(HttpServletRequest request) 만 있으므로,
+     * 필요시 우리가 (request, response) 시그니처의 메서드로 확장.
+     * 내부에서는 부모 메서드(super) 호출해서 세션 정리만 수행.
+     */
+    protected void clearAuthenticationAttributes(HttpServletRequest request, HttpServletResponse response) {
+        // 부모 클래스가 세션의 "SPRING_SECURITY_LAST_EXCEPTION" 제거해줌
+        super.clearAuthenticationAttributes(request);
     }
 }
+