Feature/42 Jwt (Auth, Filter, Exception) 기능

src/main/java/com/somemore/auth/jwt/exception/JwtErrorType.java

@@ -0,0 +1,15 @@
+package com.somemore.auth.jwt.exception;
+
+import lombok.Getter;
+import lombok.RequiredArgsConstructor;
+
+@Getter
+@RequiredArgsConstructor
+public enum JwtErrorType {
+    MISSING_TOKEN("JWT 토큰이 없습니다."),
+    INVALID_TOKEN("JWT 서명이 유효하지 않습니다."),
+    EXPIRED_TOKEN("JWT 토큰이 만료되었습니다."),
+    UNKNOWN_ERROR("알 수 없는 JWT 처리 오류가 발생했습니다.");
+
+    private final String message;
+}

src/main/java/com/somemore/auth/jwt/exception/JwtException.java

@@ -0,0 +1,14 @@
+package com.somemore.auth.jwt.exception;
+
+import lombok.Getter;
+
+@Getter
+public class JwtException extends RuntimeException {
+    private final JwtErrorType errorType;
+
+    public JwtException(JwtErrorType errorType) {
+        super(errorType.getMessage());
+        this.errorType = errorType;
+    }
+
+}

src/main/java/com/somemore/auth/jwt/filter/JwtAuthFilter.java

@@ -0,0 +1,68 @@
+package com.somemore.auth.jwt.filter;
+
+import com.somemore.auth.UserRole;
+import com.somemore.auth.jwt.domain.EncodedToken;
+import com.somemore.auth.jwt.exception.JwtErrorType;
+import com.somemore.auth.jwt.exception.JwtException;
+import com.somemore.auth.jwt.usecase.JwtUseCase;
+import io.jsonwebtoken.Claims;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.stereotype.Component;
+import org.springframework.web.filter.OncePerRequestFilter;
+
+import java.io.IOException;
+import java.util.List;
+
+@RequiredArgsConstructor
+@Slf4j
+@Component
+public class JwtAuthFilter extends OncePerRequestFilter {
+
+    private final JwtUseCase jwtUseCase;
+
+    @Override
+    protected boolean shouldNotFilter(HttpServletRequest request) {
+        return true; // 개발 중 모든 요청 허용
+//        return httpServletRequest.getRequestURI().contains("token");
+    }
+
+    @Override
+    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
+        EncodedToken accessToken = getAccessToken(request);
+        jwtUseCase.processAccessToken(accessToken, response);
+
+        Claims claims = jwtUseCase.getClaims(accessToken);
+        Authentication auth = createAuthenticationToken(claims, accessToken);
+
+        SecurityContextHolder.getContext().setAuthentication(auth);
+        filterChain.doFilter(request, response);
+    }
+
+    private JwtAuthenticationToken createAuthenticationToken(Claims claims, EncodedToken accessToken) {
+        String userId = claims.get("id", String.class);
+        UserRole role = claims.get("role", UserRole.class);
+
+        return new JwtAuthenticationToken(
+                userId,
+                accessToken,
+                List.of(new SimpleGrantedAuthority(role.name()))
+        );
+    }
+
+    private EncodedToken getAccessToken(HttpServletRequest request) {
+        String accessToken = request.getHeader("Authorization");
+        if (accessToken == null || accessToken.isEmpty()) {
+            throw new JwtException(JwtErrorType.MISSING_TOKEN);
+        }
+        return new EncodedToken(accessToken);
+    }
+
+}

src/main/java/com/somemore/auth/jwt/filter/JwtAuthenticationToken.java

@@ -0,0 +1,31 @@
+package com.somemore.auth.jwt.filter;
+
+import org.springframework.security.authentication.AbstractAuthenticationToken;
+import org.springframework.security.core.GrantedAuthority;
+
+import java.io.Serializable;
+import java.util.Collection;
+
+public class JwtAuthenticationToken extends AbstractAuthenticationToken {
+    private final Serializable principal;
+    private final transient Object credentials;
+
+    public JwtAuthenticationToken(Serializable principal,
+                                  Object credentials,
+                                  Collection<? extends GrantedAuthority> authorities) {
+        super(authorities);
+        this.principal = principal;
+        this.credentials = credentials;
+        setAuthenticated(true);
+    }
+
+    @Override
+    public Object getCredentials() {
+        return credentials;
+    }
+
+    @Override
+    public Object getPrincipal() {
+        return principal;
+    }
+}

src/main/java/com/somemore/auth/jwt/filter/JwtExceptionFilter.java

@@ -0,0 +1,52 @@
+package com.somemore.auth.jwt.filter;
+
+import com.fasterxml.jackson.databind.ObjectMapper;
+import com.somemore.auth.jwt.exception.JwtException;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.MediaType;
+import org.springframework.http.ProblemDetail;
+import org.springframework.stereotype.Component;
+import org.springframework.web.filter.OncePerRequestFilter;
+
+import java.io.IOException;
+import java.net.URI;
+
+@RequiredArgsConstructor
+@Slf4j
+@Component
+public class JwtExceptionFilter extends OncePerRequestFilter {
+
+    private final ObjectMapper objectMapper;
+
+    @Override
+    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
+        try {
+            filterChain.doFilter(request, response);
+        } catch (JwtException e) {
+            ProblemDetail problemDetail = buildUnauthorizedProblemDetail(e);
+            configureUnauthorizedResponse(response);
+
+            objectMapper.writeValue(response.getWriter(), problemDetail);
+        }
+    }
+
+    private void configureUnauthorizedResponse(HttpServletResponse response) {
+        response.setStatus(HttpStatus.UNAUTHORIZED.value());
+        response.setContentType(MediaType.APPLICATION_PROBLEM_JSON_VALUE);
+        response.setCharacterEncoding("UTF-8");
+    }
+
+    private ProblemDetail buildUnauthorizedProblemDetail(JwtException e) {
+        ProblemDetail problemDetail = ProblemDetail.forStatusAndDetail(HttpStatus.UNAUTHORIZED, e.getMessage());
+        problemDetail.setTitle("Authentication Error");
+        problemDetail.setType(URI.create("http://프론트엔드주소/errors/unauthorized"));
+        problemDetail.setProperty("timestamp", System.currentTimeMillis());
+        return problemDetail;
+    }
+}

src/main/java/com/somemore/auth/jwt/generator/HmacJwtGenerator.java

@@ -11,6 +11,7 @@
 import javax.crypto.SecretKey;
 import java.time.Instant;
 import java.util.Date;
+import java.util.UUID;
 
 @Component
 @RequiredArgsConstructor
@@ -23,9 +24,11 @@ public EncodedToken generateToken(String userId, String role, TokenType tokenTyp
         Claims claims = buildClaims(userId, role);
         Instant now = Instant.now();
         Instant expiration = now.plusMillis(tokenType.getPeriod());
+        String uniqueId = UUID.randomUUID().toString(); // JTI
 
         return new EncodedToken(Jwts.builder()
                 .claims(claims)
+                .id(uniqueId)
                 .issuedAt(Date.from(now))
                 .expiration(Date.from(expiration))
                 .signWith(secretKey, ALGORITHM)

src/main/java/com/somemore/auth/jwt/parser/DefaultJwtParser.java

@@ -1,8 +1,12 @@
 package com.somemore.auth.jwt.parser;
 
 import com.somemore.auth.jwt.domain.EncodedToken;
+import com.somemore.auth.jwt.exception.JwtErrorType;
+import com.somemore.auth.jwt.exception.JwtException;
 import io.jsonwebtoken.Claims;
+import io.jsonwebtoken.ExpiredJwtException;
 import io.jsonwebtoken.Jwts;
+import io.jsonwebtoken.security.SignatureException;
 import lombok.RequiredArgsConstructor;
 import org.springframework.stereotype.Component;
 
@@ -14,11 +18,21 @@ public class DefaultJwtParser implements JwtParser {
 
     private final SecretKey secretKey;
 
+    @Override
     public Claims parseToken(EncodedToken token) {
-        return Jwts.parser()
-                .verifyWith(secretKey)
-                .build()
-                .parseSignedClaims(token.value())
-                .getPayload();
+        try {
+            return Jwts.parser()
+                    .verifyWith(secretKey)
+                    .build()
+                    .parseSignedClaims(token.value())
+                    .getPayload();
+
+        } catch (SignatureException e) {
+            throw new JwtException(JwtErrorType.INVALID_TOKEN);
+        } catch (ExpiredJwtException e) {
+            throw new JwtException(JwtErrorType.EXPIRED_TOKEN);
+        } catch (Exception e) {
+            throw new JwtException(JwtErrorType.UNKNOWN_ERROR);
+        }
     }
 }

src/main/java/com/somemore/auth/jwt/refresh/manager/RedisRefreshTokenManager.java

@@ -1,9 +1,10 @@
 package com.somemore.auth.jwt.refresh.manager;
 
 import com.somemore.auth.jwt.domain.EncodedToken;
+import com.somemore.auth.jwt.exception.JwtErrorType;
+import com.somemore.auth.jwt.exception.JwtException;
 import com.somemore.auth.jwt.refresh.domain.RefreshToken;
 import com.somemore.auth.jwt.refresh.repository.RefreshTokenRepository;
-import jakarta.persistence.EntityNotFoundException;
 import lombok.RequiredArgsConstructor;
 import org.springframework.stereotype.Service;
 
@@ -16,19 +17,18 @@ public class RedisRefreshTokenManager implements RefreshTokenManager {
     @Override
     public RefreshToken findRefreshToken(EncodedToken accessToken) {
         return refreshTokenRepository.findByAccessToken(accessToken.value())
-                .orElseThrow(EntityNotFoundException::new);
+                .orElseThrow(() -> new JwtException(JwtErrorType.EXPIRED_TOKEN));
     }
 
     @Override
     public void save(RefreshToken refreshToken) {
         refreshTokenRepository.save(refreshToken);
     }
 
-    // TODO 로그아웃에 사용
     @Override
     public void removeRefreshToken(EncodedToken accessToken) {
         RefreshToken refreshToken = refreshTokenRepository.findByAccessToken(accessToken.value())
-                .orElseThrow(EntityNotFoundException::new);
+                .orElseThrow(() -> new JwtException(JwtErrorType.EXPIRED_TOKEN));
 
         refreshTokenRepository.delete(refreshToken);
     }

src/main/java/com/somemore/auth/jwt/refresh/refresher/DefaultJwtRefresher.java

@@ -25,23 +25,16 @@ public class DefaultJwtRefresher implements JwtRefresher {
     @Override
     public EncodedToken refreshAccessToken(EncodedToken accessToken) {
         RefreshToken refreshToken = refreshTokenManager.findRefreshToken(accessToken);
-        validateToken(refreshToken);
+        EncodedToken refreshTokenValue = new EncodedToken(refreshToken.getRefreshToken());
+        jwtValidator.validateToken(refreshTokenValue);
 
-        Claims claims = jwtParser.parseToken(accessToken);
+        Claims claims = jwtParser.parseToken(refreshTokenValue);
         refreshToken.updateAccessToken(generateAccessToken(claims));
         refreshTokenManager.save(refreshToken);
 
         return new EncodedToken(refreshToken.getAccessToken());
     }
 
-    private void validateToken(RefreshToken refreshToken) {
-        if (jwtValidator.validateToken(new EncodedToken(refreshToken.getAccessToken()))) {
-            // TODO Security Context (JwtFilter) 구현 시 예외 처리 구체화
-            log.error("리프레시 토큰이 만료되었습니다. 로그인을 다시 해야합니다");
-            throw new RuntimeException();
-        }
-    }
-
     private EncodedToken generateAccessToken(Claims claims) {
         return jwtGenerator.generateToken(
                 claims.get("id", String.class),

src/main/java/com/somemore/auth/jwt/service/JwtService.java

@@ -1,12 +1,17 @@
 package com.somemore.auth.jwt.service;
 
+import com.somemore.auth.cookie.SetCookieUseCase;
 import com.somemore.auth.jwt.domain.EncodedToken;
 import com.somemore.auth.jwt.domain.TokenType;
+import com.somemore.auth.jwt.exception.JwtErrorType;
+import com.somemore.auth.jwt.exception.JwtException;
 import com.somemore.auth.jwt.generator.JwtGenerator;
 import com.somemore.auth.jwt.parser.JwtParser;
 import com.somemore.auth.jwt.refresh.refresher.JwtRefresher;
 import com.somemore.auth.jwt.usecase.JwtUseCase;
 import com.somemore.auth.jwt.validator.JwtValidator;
+import io.jsonwebtoken.Claims;
+import jakarta.servlet.http.HttpServletResponse;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.stereotype.Service;
@@ -19,23 +24,33 @@ public class JwtService implements JwtUseCase {
     private final JwtParser jwtParser;
     private final JwtValidator jwtValidator;
     private final JwtRefresher jwtRefresher;
+    private final SetCookieUseCase setCookieUseCase;
 
     @Override
     public EncodedToken generateToken(String userId, String role, TokenType tokenType) {
         return jwtGenerator.generateToken(userId, role, tokenType);
     }
 
     @Override
-    public void verifyToken(EncodedToken token) {
-        if (jwtValidator.validateToken(token)) {
-            return;
+    public void processAccessToken(EncodedToken accessToken, HttpServletResponse response) {
+        try {
+            jwtValidator.validateToken(accessToken);
+        } catch (JwtException e) {
+            handleJwtExpiredException(e, accessToken, response);
         }
-        EncodedToken accessToken = jwtRefresher.refreshAccessToken(token);
-        // TODO Security Context (JwtFilter) 구현 시 setCookie(accessToken) 구체화
     }
 
     @Override
-    public String getClaimByKey(EncodedToken token, String key) {
-        return jwtParser.parseToken(token).get(key, String.class);
+    public Claims getClaims(EncodedToken token) {
+        return jwtParser.parseToken(token);
+    }
+
+    private void handleJwtExpiredException(JwtException e, EncodedToken accessToken, HttpServletResponse response) {
+        if (e.getErrorType() == JwtErrorType.EXPIRED_TOKEN) {
+            EncodedToken refreshedToken = jwtRefresher.refreshAccessToken(accessToken);
+            setCookieUseCase.setToken(response, refreshedToken.value(), TokenType.ACCESS);
+            return;
+        }
+        throw e;
     }
 }

src/main/java/com/somemore/auth/jwt/usecase/JwtUseCase.java

@@ -2,11 +2,14 @@
 
 import com.somemore.auth.jwt.domain.EncodedToken;
 import com.somemore.auth.jwt.domain.TokenType;
+import io.jsonwebtoken.Claims;
+import jakarta.servlet.http.HttpServletResponse;
 
 public interface JwtUseCase {
     EncodedToken generateToken(String userId, String role, TokenType tokenType);
 
-    void verifyToken(EncodedToken token);
+    void processAccessToken(EncodedToken token, HttpServletResponse response);
+
+    Claims getClaims(EncodedToken token);
 
-    String getClaimByKey(EncodedToken token, String key);
 }