Merge pull request #363 from agree0002/refactor/#350

[refactor/#350] 스프링부트3 마이그레이션

Author: agree0002

build.gradle

@@ -1,8 +1,13 @@
 plugins {
-    id 'org.springframework.boot' version '3.3.5'
+    id 'org.springframework.boot' version '3.5.7'
     id 'io.spring.dependency-management' version '1.1.6'
     id 'java-library'
-    id 'com.diffplug.spotless' version '6.25.0'
+    id 'com.diffplug.spotless' version '6.23.3'
+}
+
+ext {
+    set('springCloudVersion', "2025.0.0")
+    set('querydslVersion', "5.1.0")
 }
 
 spotless {
@@ -64,11 +69,9 @@ subprojects {
         }
     }
 
-    testing {
-        suites {
-            test {
-                useJUnitJupiter()
-            }
+    dependencyManagement {
+        imports {
+            mavenBom "org.springframework.cloud:spring-cloud-dependencies:${springCloudVersion}"
         }
     }
 
@@ -78,19 +81,20 @@ subprojects {
                 'org.springframework.boot:spring-boot-configuration-processor',
                 'jakarta.persistence:jakarta.persistence-api',
                 'jakarta.annotation:jakarta.annotation-api',
-                'com.querydsl:querydsl-apt:5.0.0:jakarta'
+                "com.querydsl:querydsl-apt:${querydslVersion}:jakarta"
         )
 
         implementation (
                 'org.springframework.boot:spring-boot-starter-web',
                 'org.springframework.boot:spring-boot-starter-validation',
-                'org.springdoc:springdoc-openapi-starter-webmvc-ui:2.6.0',
+                'org.springdoc:springdoc-openapi-starter-webmvc-ui:2.7.0',
                 'com.google.code.findbugs:jsr305:3.0.2',
+                'io.awspring.cloud:spring-cloud-starter-aws:2.4.4',
 
                 // cloud config
-                'org.springframework.cloud:spring-cloud-starter-config:4.1.4',
+                'org.springframework.cloud:spring-cloud-starter-config',
                 'org.springframework.boot:spring-boot-starter-actuator',
-                'org.springframework.cloud:spring-cloud-starter-bootstrap:4.1.4',
+                'org.springframework.cloud:spring-cloud-starter-bootstrap',
 
                 // mail
                 'org.springframework.boot:spring-boot-starter-mail',
@@ -111,6 +115,10 @@ subprojects {
         )
     }
 
+    test {
+        useJUnitPlatform()
+    }
+
 }
 
 project(':module-jpa') {
@@ -120,8 +128,8 @@ project(':module-jpa') {
     dependencies {
         api (
                 'org.springframework.boot:spring-boot-starter-data-jpa',
-                'com.querydsl:querydsl-jpa:5.0.0:jakarta',
-                'com.jcraft:jsch:0.1.55',
+                "com.querydsl:querydsl-jpa:${querydslVersion}:jakarta",
+                'com.jcraft:jsch:0.1.55',  // 로컬 개발용 db ssh tunneling, https://mavenlibs.com/maven/dependency/com.jcraft/jsch
 //                'org.mariadb.jdbc:mariadb-java-client',
                 'com.mysql:mysql-connector-j',
                 'com.h2database:h2'
@@ -136,18 +144,17 @@ project(':module-auth') {
     dependencies {
         api project(':module-jpa')
         // jwt
-        api 'io.jsonwebtoken:jjwt-api:0.11.5'
-        runtimeOnly 'io.jsonwebtoken:jjwt-impl:0.11.5',
+        api 'io.jsonwebtoken:jjwt-api:0.11.2'
+        runtimeOnly 'io.jsonwebtoken:jjwt-impl:0.11.2',
                 // Uncomment the next line if you want to use RSASSA-PSS (PS256, PS384, PS512) algorithms:
                 //'org.bouncycastle:bcprov-jdk15on:1.60',
-                'io.jsonwebtoken:jjwt-jackson:0.11.5'
+                'io.jsonwebtoken:jjwt-jackson:0.11.2' // or 'io.jsonwebtoken:jjwt-gson:0.11.2' for gson
 
         // security
         api 'org.springframework.boot:spring-boot-starter-security'
         api 'org.springframework.boot:spring-boot-starter-oauth2-client'
-        api 'jakarta.xml.bind:jakarta.xml.bind-api:4.0.2'
         testImplementation 'org.springframework.security:spring-security-test'
-        testImplementation 'org.mockito:mockito-inline:5.2.0'
+        testImplementation 'org.mockito:mockito-inline:2.13.0'
     }
 }
 
@@ -158,10 +165,8 @@ project(':module-fileStorage') {
     dependencies {
         api project(':module-jpa')
 
-        api 'jakarta.xml.bind:jakarta.xml.bind-api:4.0.2'
-        implementation 'com.amazonaws:aws-java-sdk-s3:1.12.188'
         testImplementation 'org.springframework.security:spring-security-test'
-        testImplementation 'org.mockito:mockito-inline:5.2.0'
+        testImplementation 'org.mockito:mockito-inline:2.13.0'
     }
 }
 
@@ -171,15 +176,14 @@ project(':resource-server') {
         api project(':module-auth')
         api project(':module-fileStorage')
         api 'org.springframework.boot:spring-boot-starter-security'
-        implementation 'com.amazonaws:aws-java-sdk-s3:1.12.188'
         testImplementation 'org.springframework.security:spring-security-test'
     }
 
     clean {
         delete file('src/main/generated')
     }
 
-    tasks.register('cleanGeneratedDir', Delete) {
+    task cleanGeneratedDir(type: Delete) {
         delete file('src/main/generated')
     }
 }

gradle/wrapper/gradle-wrapper.properties

@@ -1,5 +1,5 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-8.7-bin.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.14-bin.zip
 zipStoreBase=GRADLE_USER_HOME
 zipStorePath=wrapper/dists

module-auth/src/main/java/com/inhabas/api/auth/config/AuthBeansConfig.java

@@ -4,7 +4,6 @@
 
 import lombok.RequiredArgsConstructor;
 
-import org.springframework.boot.ApplicationRunner;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
@@ -36,11 +35,6 @@ public class AuthBeansConfig {
   private final AuthProperties authProperties;
   private final RefreshTokenRepository refreshTokenRepository;
 
-  @Bean
-  public ApplicationRunner jwtSecretKeyStrengthChecker(JwtTokenUtil jwtTokenUtil) {
-    return args -> jwtTokenUtil.validateSecretKeyStrength();
-  }
-
   @Bean
   public HttpCookieOAuth2AuthorizationRequestRepository
       httpCookieOAuth2AuthorizationRequestRepository() {

module-auth/src/main/java/com/inhabas/api/auth/config/AuthSecurityConfig.java

@@ -8,7 +8,6 @@
 import org.springframework.core.annotation.Order;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
 import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.oauth2.client.OAuth2AuthorizedClientService;
 import org.springframework.security.web.SecurityFilterChain;
@@ -20,8 +19,8 @@
 import com.inhabas.api.auth.domain.oauth2.handler.Oauth2AuthenticationSuccessHandler;
 
 @Order(0) // 인증 관련 security filter chain 은 우선순위가 가장 높아야 함.
-@EnableWebSecurity
 @Configuration
+@EnableWebSecurity
 @RequiredArgsConstructor
 @Profile({"dev1", "dev2", "local", "prod1", "prod2"}) // 테스트에는 포함시키지 않음.
 public class AuthSecurityConfig {
@@ -33,25 +32,44 @@ public class AuthSecurityConfig {
   private final HttpCookieOAuth2AuthorizationRequestRepository
       httpCookieOAuth2AuthorizationRequestRepository;
 
+  /**
+   * 소셜 로그인 api <br>
+   * <br>
+   * 진행과정은 아래와 같다.<br>
+   *
+   * <ol>
+   *   <li>사용자가 소셜로그인 시작. (프론트에서 redirect_url 보내줘야함.)
+   *   <li>OAuth2 인증 진행 -> 기존 회원인지 검사
+   *       <ol style="list-style-type:lower-alpha">
+   *         <li>성공 -> OAuth2AuthenticationSuccessHandler
+   *             <ol>
+   *               <li>프론트에서 보내준 redirect_url 검증 (-> 실패하면 failure handler 에서 처리)
+   *               <li>jwt 토큰 발급 및 로그인 처리
+   *               <li>리다이렉트
+   *             </ol>
+   *         <li>실패 -> OAuth2AuthenticationFailureHandler
+   *       </ol>
+   * </ol>
+   *
+   * 회원가입이나, jwt 토큰 발급을 위한 url 로 함부로 접근할 수 없게 하기 위해 jwt 토근이 발급되기 이전까지는 OAuth2 인증 결과를 세션을 통해서 유지함.
+   * 따라서 critical 한 url 에 대해서 OAuth2 인증이 완료된 세션에 한해서만 허용.
+   */
   @Bean
-  @Order(0)
-  public SecurityFilterChain authSecurityFilterChain(HttpSecurity http) throws Exception {
+  public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 
-    http
-        // /login/** 경로에만 이 보안 체인 적용
-        .securityMatcher("/login/**")
+    http.securityMatcher("/login/**")
         // 세션 생성 금지
         .sessionManagement(
             session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
-        .cors(cors -> {})
-        .csrf(AbstractHttpConfigurer::disable)
+        .cors(cors -> cors.disable())
         .authorizeHttpRequests(
             authorize ->
                 authorize
-                    .requestMatchers(request -> CorsUtils.isPreFlightRequest(request))
+                    .requestMatchers(CorsUtils::isPreFlightRequest)
                     .permitAll()
                     .anyRequest()
                     .permitAll())
+        .csrf(csrf -> csrf.disable())
         // Oauth 로그인 설정
         .oauth2Login(
             oauth2 ->
@@ -63,6 +81,7 @@ public SecurityFilterChain authSecurityFilterChain(HttpSecurity http) throws Exc
                                 .baseUri("/login/oauth2/authorization")
                                 .authorizationRequestRepository(
                                     httpCookieOAuth2AuthorizationRequestRepository))
+                    // 사용자 정보를 가져오는 엔드포인트에 대한 설정
                     .userInfoEndpoint(userInfo -> userInfo.userService(customOAuth2UserService))
                     .failureHandler(oauth2AuthenticationFailureHandler)
                     .successHandler(oauth2AuthenticationSuccessHandler));