[FEATURE] 액세스 토큰 클레임 추가 (역할 아이디) (#309)

* feat: accessToken claims 추가를 위한 레코드

* feat(user): userId 기준 roleId 조회 기능 추가

* feat(userIdentity): jwt accessToken에 roleId 추가를 위한 수정

- 가독성을 위한 리팩토링 포함.

* test(jwt): 프로덕션 코드 수정에 따라서 테스트 코드 수정

- jwt claims에서 UUID 추출이 불가능해서 String으로 추출 후, UUID로 변경

* test: 유저 아이디 기준 봉사자, 기관 조회 테스트 추가

* feat(annotation): userId, roleId 추출 어노테이션 추가

* feat(annotation): userId, roleId 추출 예외 및 핸들링 기능 추가

- 예외가 클라이언트에게 전달되지 않도록 처리, 로그로 기록.

* feat(annotation): config 등록

* refactor: 개행 문제 해결

* feat(userIdentity): 직렬화 가능하도록 수정

* refactor: 불필요한 파라미터 제거

Author: m-a-king

src/main/java/com/somemore/center/service/NEWCenterQueryService.java

@@ -0,0 +1,31 @@
+package com.somemore.center.service;
+
+import com.somemore.center.domain.NEWCenter;
+import com.somemore.center.repository.NEWCenterRepository;
+import com.somemore.center.usecase.NEWCenterQueryUseCase;
+import com.somemore.global.exception.ExceptionMessage;
+import com.somemore.global.exception.NoSuchElementException;
+import lombok.RequiredArgsConstructor;
+import org.springframework.stereotype.Service;
+import org.springframework.transaction.annotation.Transactional;
+
+import java.util.UUID;
+
+@Service
+@RequiredArgsConstructor
+@Transactional(readOnly = true)
+public class NEWCenterQueryService implements NEWCenterQueryUseCase {
+
+    private final NEWCenterRepository centerRepository;
+
+    @Override
+    public NEWCenter getByUserId(UUID userId) {
+        return centerRepository.findByUserId(userId)
+                .orElseThrow(() -> new NoSuchElementException(ExceptionMessage.NOT_EXISTS_CENTER));
+    }
+
+    @Override
+    public UUID getIdByUserId(UUID userId) {
+        return getByUserId(userId).getId();
+    }
+}

src/main/java/com/somemore/center/usecase/NEWCenterQueryUseCase.java

@@ -0,0 +1,12 @@
+package com.somemore.center.usecase;
+
+import com.somemore.center.domain.NEWCenter;
+
+import java.util.UUID;
+
+public interface NEWCenterQueryUseCase {
+
+    NEWCenter getByUserId(UUID userId);
+
+    UUID getIdByUserId(UUID userId);
+}

src/main/java/com/somemore/global/auth/annotation/RoleId.java

@@ -0,0 +1,11 @@
+package com.somemore.global.auth.annotation;
+
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+
+@Retention(RetentionPolicy.RUNTIME)
+@Target(ElementType.PARAMETER)
+public @interface RoleId {
+}

src/main/java/com/somemore/global/auth/annotation/RoleIdArgumentResolver.java

@@ -0,0 +1,40 @@
+package com.somemore.global.auth.annotation;
+
+import com.somemore.global.auth.authentication.UserIdentity;
+import com.somemore.global.exception.InvalidAuthenticationException;
+import org.springframework.core.MethodParameter;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.stereotype.Component;
+import org.springframework.web.bind.support.WebDataBinderFactory;
+import org.springframework.web.context.request.NativeWebRequest;
+import org.springframework.web.method.support.HandlerMethodArgumentResolver;
+import org.springframework.web.method.support.ModelAndViewContainer;
+
+import static com.somemore.global.exception.ExceptionMessage.AUTHENTICATION_MISSING;
+import static com.somemore.global.exception.ExceptionMessage.INVALID_PRINCIPAL_TYPE;
+
+@Component
+public class RoleIdArgumentResolver implements HandlerMethodArgumentResolver {
+
+    @Override
+    public boolean supportsParameter(MethodParameter parameter) {
+        return parameter.hasParameterAnnotation(RoleId.class);
+    }
+
+    @Override
+    public Object resolveArgument(MethodParameter parameter, ModelAndViewContainer mavContainer,
+                                  NativeWebRequest webRequest, WebDataBinderFactory binderFactory) throws Exception {
+        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
+
+        if (authentication == null) {
+            throw new InvalidAuthenticationException(AUTHENTICATION_MISSING);
+        }
+
+        if (authentication.getPrincipal() instanceof UserIdentity principal) {
+            return principal.roleId();
+        }
+
+        throw new InvalidAuthenticationException(INVALID_PRINCIPAL_TYPE);
+    }
+}

src/main/java/com/somemore/global/auth/annotation/UserId.java

@@ -0,0 +1,11 @@
+package com.somemore.global.auth.annotation;
+
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+
+@Retention(RetentionPolicy.RUNTIME)
+@Target(ElementType.PARAMETER)
+public @interface UserId {
+}

src/main/java/com/somemore/global/auth/annotation/UserIdArgumentResolver.java

@@ -0,0 +1,40 @@
+package com.somemore.global.auth.annotation;
+
+import com.somemore.global.auth.authentication.UserIdentity;
+import com.somemore.global.exception.InvalidAuthenticationException;
+import org.springframework.core.MethodParameter;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.stereotype.Component;
+import org.springframework.web.bind.support.WebDataBinderFactory;
+import org.springframework.web.context.request.NativeWebRequest;
+import org.springframework.web.method.support.HandlerMethodArgumentResolver;
+import org.springframework.web.method.support.ModelAndViewContainer;
+
+import static com.somemore.global.exception.ExceptionMessage.AUTHENTICATION_MISSING;
+import static com.somemore.global.exception.ExceptionMessage.INVALID_PRINCIPAL_TYPE;
+
+@Component
+public class UserIdArgumentResolver implements HandlerMethodArgumentResolver {
+
+    @Override
+    public boolean supportsParameter(MethodParameter parameter) {
+        return parameter.hasParameterAnnotation(UserId.class);
+    }
+
+    @Override
+    public Object resolveArgument(MethodParameter parameter, ModelAndViewContainer mavContainer,
+                                  NativeWebRequest webRequest, WebDataBinderFactory binderFactory) throws Exception {
+        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
+
+        if (authentication == null) {
+            throw new InvalidAuthenticationException(AUTHENTICATION_MISSING);
+        }
+
+        if (authentication.getPrincipal() instanceof UserIdentity principal) {
+            return principal.userId();
+        }
+
+        return new InvalidAuthenticationException(INVALID_PRINCIPAL_TYPE);
+    }
+}

src/main/java/com/somemore/global/auth/authentication/JwtAuthenticationToken.java

@@ -1,22 +1,20 @@
 package com.somemore.global.auth.authentication;
 
 import com.somemore.global.auth.jwt.domain.EncodedToken;
-import com.somemore.user.domain.User;
 import lombok.EqualsAndHashCode;
 import org.springframework.security.authentication.AbstractAuthenticationToken;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
 
-import java.io.Serializable;
 import java.util.Collection;
 import java.util.List;
 
 @EqualsAndHashCode(callSuper = true)
 public class JwtAuthenticationToken extends AbstractAuthenticationToken {
-    private final Serializable principal;
+    private final UserIdentity principal;
     private final transient Object credentials;
 
-    public JwtAuthenticationToken(Serializable principal,
+    public JwtAuthenticationToken(UserIdentity principal,
                                   Object credentials,
                                   Collection<? extends GrantedAuthority> authorities) {
         super(authorities);
@@ -35,19 +33,11 @@ public Object getPrincipal() {
         return principal;
     }
 
-    public static JwtAuthenticationToken of(User user, EncodedToken accessToken) {
+    public static JwtAuthenticationToken of(UserIdentity userIdentity, EncodedToken accessToken) {
         return new JwtAuthenticationToken(
-                user.getId(),
+                userIdentity,
                 accessToken,
-                List.of(new SimpleGrantedAuthority(user.getRole().getAuthority()))
-        );
-    }
-
-    public static JwtAuthenticationToken of(String userId, String role, EncodedToken accessToken) {
-        return new JwtAuthenticationToken(
-                userId,
-                accessToken,
-                List.of(new SimpleGrantedAuthority(role))
+                List.of(new SimpleGrantedAuthority(userIdentity.role().getAuthority()))
         );
     }
 }

src/main/java/com/somemore/global/auth/authentication/UserIdentity.java

@@ -0,0 +1,27 @@
+package com.somemore.global.auth.authentication;
+
+import com.somemore.user.domain.UserRole;
+import io.jsonwebtoken.Claims;
+
+import java.io.Serializable;
+import java.util.UUID;
+
+public record UserIdentity(
+        UUID userId,
+        UUID roleId,
+        UserRole role
+) implements Serializable {
+
+    public static UserIdentity of(UUID userId, UUID roleId, UserRole role) {
+        return new UserIdentity(userId, roleId, role);
+    }
+
+    public static UserIdentity from(Claims claims) {
+        UUID userId = UUID.fromString(claims.get("userId", String.class));
+        UUID roleId = UUID.fromString(claims.get("roleId", String.class));
+        UserRole role = UserRole.from(
+                claims.get("role", String.class));
+
+        return new UserIdentity(userId, roleId, role);
+    }
+}

src/main/java/com/somemore/global/auth/idpw/filter/IdPwAuthFilter.java

@@ -1,9 +1,9 @@
 package com.somemore.global.auth.idpw.filter;
 
 import com.fasterxml.jackson.databind.ObjectMapper;
+import com.somemore.global.auth.authentication.UserIdentity;
 import com.somemore.global.auth.jwt.domain.EncodedToken;
 import com.somemore.global.auth.jwt.usecase.GenerateTokensOnLoginUseCase;
-import com.somemore.user.domain.UserRole;
 import jakarta.servlet.FilterChain;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
@@ -16,19 +16,16 @@
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
-import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
 
 import java.io.IOException;
-import java.util.UUID;
 
 @RequiredArgsConstructor
 @Slf4j
 public class IdPwAuthFilter extends UsernamePasswordAuthenticationFilter {
 
     private final AuthenticationManager authenticationManager;
     private final GenerateTokensOnLoginUseCase generateTokensOnLoginUseCase;
-    //    private final CookieUseCase cookieUseCase;
     private final ObjectMapper objectMapper;
 
     @Override
@@ -43,22 +40,11 @@ public Authentication attemptAuthentication(HttpServletRequest request, HttpServ
     @Override
     protected void successfulAuthentication(HttpServletRequest request, HttpServletResponse response, FilterChain chain, Authentication authResult) {
         response.setStatus(HttpServletResponse.SC_OK);
-        String userId = authResult.getName();
-        String role = extractRole(authResult);
-        EncodedToken accessToken =
-                generateTokensOnLoginUseCase.generateAuthTokensAndReturnAccessToken(
-                        UUID.fromString(userId),
-                        UserRole.from(role));
 
-        response.setHeader("Authorization", accessToken.getValueWithPrefix());
-        // cookieUseCase.setAccessToken(response, accessToken.value());
-    }
+        UserIdentity userIdentity = (UserIdentity) authResult.getPrincipal();
+        EncodedToken accessToken = generateTokensOnLoginUseCase.generateAuthTokensAndReturnAccessToken(userIdentity);
 
-    private static String extractRole(Authentication authResult) {
-        return authResult.getAuthorities().stream()
-                .findFirst()
-                .map(GrantedAuthority::getAuthority)
-                .orElseThrow(() -> new IllegalStateException("유저 권한 자체가 존재하지 않습니다."));
+        response.setHeader("Authorization", accessToken.getValueWithPrefix());
     }
 
     @Override

src/main/java/com/somemore/global/auth/idpw/provider/CustomAuthenticationProvider.java

@@ -1,11 +1,15 @@
 package com.somemore.global.auth.idpw.provider;
 
+import com.somemore.center.usecase.NEWCenterQueryUseCase;
 import com.somemore.global.auth.authentication.JwtAuthenticationToken;
+import com.somemore.global.auth.authentication.UserIdentity;
 import com.somemore.global.auth.jwt.domain.EncodedToken;
 import com.somemore.global.auth.jwt.domain.TokenType;
 import com.somemore.global.auth.jwt.usecase.JwtUseCase;
 import com.somemore.user.domain.User;
+import com.somemore.user.domain.UserRole;
 import com.somemore.user.usecase.UserQueryUseCase;
+import com.somemore.volunteer.usecase.NEWVolunteerQueryUseCase;
 import lombok.RequiredArgsConstructor;
 import org.springframework.security.authentication.AuthenticationProvider;
 import org.springframework.security.authentication.BadCredentialsException;
@@ -16,6 +20,8 @@
 import org.springframework.stereotype.Component;
 import org.springframework.transaction.annotation.Transactional;
 
+import java.util.UUID;
+
 @Component
 @RequiredArgsConstructor
 @Transactional(readOnly = true)
@@ -24,6 +30,8 @@ public class CustomAuthenticationProvider implements AuthenticationProvider {
     private final JwtUseCase jwtUseCase;
     private final PasswordEncoder passwordEncoder;
     private final UserQueryUseCase userQueryUseCase;
+    private final NEWVolunteerQueryUseCase volunteerQueryUseCase;
+    private final NEWCenterQueryUseCase centerQueryUseCase;
 
     @Override
     public Authentication authenticate(Authentication authentication) throws AuthenticationException {
@@ -34,20 +42,32 @@ public Authentication authenticate(Authentication authentication) throws Authent
 
         validatePassword(rawAccountPassword, user.getAccountPassword());
 
-        EncodedToken accessToken = generateAccessToken(user);
+        UUID userId = user.getId();
+        UserRole role = user.getRole();
+        UUID roleId = getRoleIdByUserId(role, user.getId());
+
+        UserIdentity userIdentity = UserIdentity.of(userId, roleId, role);
+
+        EncodedToken accessToken = generateAccessToken(userIdentity);
 
-        return JwtAuthenticationToken.of(user, accessToken);
+        return JwtAuthenticationToken.of(userIdentity, accessToken);
     }
 
     @Override
     public boolean supports(Class<?> authentication) {
         return UsernamePasswordAuthenticationToken.class.isAssignableFrom(authentication);
     }
 
-    private EncodedToken generateAccessToken(User user) {
+    private UUID getRoleIdByUserId(UserRole role, UUID userId) {
+        if (role.equals(UserRole.VOLUNTEER)) {
+            return volunteerQueryUseCase.getIdByUserId(userId);
+        }
+        return centerQueryUseCase.getIdByUserId(userId);
+    }
+
+    private EncodedToken generateAccessToken(UserIdentity userIdentity) {
         return jwtUseCase.generateToken(
-                user.getId().toString(),
-                user.getRole().getAuthority(),
+                userIdentity,
                 TokenType.ACCESS
         );
     }