feat(SecurityConfig): IdPwAuthFilter 추가 및 의존성 처리 개선

- authenticationManager Bean 명시적 처리
- passwordEncoder Bean 추가
- idPwAuthFilter의 필터 경로 설정 및 SecurityConfig에서 생성 후 사용
- idPwAuthFilter 의존성 주입 처리
  - authenticationManager와의 순환 참조 문제 해결을 위해 idPwAuthFilter를 Component로 관리하지 않고 SecurityConfig에서 직접 생성

Author: m-a-king

src/main/java/com/somemore/global/configure/SecurityConfig.java

@@ -1,18 +1,26 @@
 package com.somemore.global.configure;
 
+import com.fasterxml.jackson.databind.ObjectMapper;
+import com.somemore.auth.cookie.CookieUseCase;
+import com.somemore.auth.idpw.filter.IdPwAuthFilter;
 import com.somemore.auth.jwt.filter.JwtAuthFilter;
 import com.somemore.auth.jwt.filter.JwtExceptionFilter;
+import com.somemore.auth.jwt.usecase.GenerateTokensOnLoginUseCase;
 import com.somemore.auth.oauth.handler.failure.CustomOAuthFailureHandler;
 import com.somemore.auth.oauth.handler.success.CustomOAuthSuccessHandler;
 import com.somemore.auth.oauth.service.CustomOAuth2UserService;
 import lombok.RequiredArgsConstructor;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
 import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
 import org.springframework.security.config.http.SessionCreationPolicy;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
 
@@ -29,7 +37,20 @@ public class SecurityConfig {
     private final JwtExceptionFilter jwtExceptionFilter;
 
     @Bean
-    public SecurityFilterChain securityFilterChain(HttpSecurity httpSecurity) throws Exception {
+    public AuthenticationManager authenticationManager(AuthenticationConfiguration authenticationConfiguration) throws Exception {
+        return authenticationConfiguration.getAuthenticationManager();
+    }
+
+    @Bean
+    public SecurityFilterChain securityFilterChain(HttpSecurity httpSecurity,
+                                                   AuthenticationManager authenticationManager,
+                                                   GenerateTokensOnLoginUseCase generateTokensOnLoginUseCase,
+                                                   CookieUseCase cookieUseCase,
+                                                   ObjectMapper objectMapper) throws Exception {
+
+        IdPwAuthFilter idPwAuthFilter = new IdPwAuthFilter(authenticationManager, generateTokensOnLoginUseCase, cookieUseCase, objectMapper);
+        idPwAuthFilter.setFilterProcessesUrl("/api/center/sign-in");
+
         httpSecurity
                 .csrf(AbstractHttpConfigurer::disable)
                 .httpBasic(AbstractHttpConfigurer::disable)
@@ -41,6 +62,7 @@ public SecurityFilterChain securityFilterChain(HttpSecurity httpSecurity) throws
                 .authorizeHttpRequests(request ->
                                 request
                                         .requestMatchers(
+                                                "/api/center/sign-in",
                                                 "/**"
 //                                        "/login",
 //                                        "/oauth2/**",
@@ -64,8 +86,14 @@ public SecurityFilterChain securityFilterChain(HttpSecurity httpSecurity) throws
 
 
         return httpSecurity
+                .addFilterBefore(idPwAuthFilter, UsernamePasswordAuthenticationFilter.class)
                 .addFilterBefore(jwtAuthFilter, UsernamePasswordAuthenticationFilter.class)
                 .addFilterBefore(jwtExceptionFilter, JwtAuthFilter.class)
                 .build();
     }
+
+    @Bean
+    public PasswordEncoder passwordEncoder() {
+        return new BCryptPasswordEncoder();
+    }
 }