fix: security context를 session에 담아 filter chain으로 인한 401 문제 해결

Author: dlsrks1021

backend/src/main/java/io/f1/backend/domain/user/app/TestUserService.java

@@ -14,6 +14,8 @@
 import lombok.RequiredArgsConstructor;
 
 import org.springframework.context.annotation.Profile;
+import org.springframework.security.core.context.SecurityContext;
+import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
 
@@ -30,7 +32,9 @@ public void login(Long userId, HttpSession session) {
                 userRepository
                         .findById(userId)
                         .orElseThrow(() -> new CustomException(UserErrorCode.USER_NOT_FOUND));
-        session.setAttribute(USER, AuthenticationUser.from(user));
+        
         SecurityUtils.setAuthentication(user);
+        SecurityContext context = SecurityContextHolder.getContext();
+        session.setAttribute("SPRING_SECURITY_CONTEXT", context);
     }
 }

backend/src/test/java/io/f1/backend/domain/user/TestUserBrowserTest.java

@@ -3,24 +3,27 @@
 import static io.f1.backend.domain.user.constants.SessionKeys.USER;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
 
 import com.github.database.rider.core.api.dataset.DataSet;
 
 import io.f1.backend.domain.user.dto.AuthenticationUser;
+import io.f1.backend.domain.user.dto.UserPrincipal;
 import io.f1.backend.global.template.BrowserTestTemplate;
 
 import org.junit.jupiter.api.DisplayName;
 import org.junit.jupiter.api.Test;
 import org.springframework.mock.web.MockHttpSession;
+import org.springframework.security.core.context.SecurityContext;
 import org.springframework.test.web.servlet.ResultActions;
 
 public class TestUserBrowserTest extends BrowserTestTemplate {
 
     @Test
     @DataSet("datasets/user.yml")
-    @DisplayName("테스트 유저가 로그인하면 세션에 유저 정보가 저장된다")
+    @DisplayName("테스트 유저가 로그인하면 세션에 SecurityContext가 저장된다")
     void testUserLogin() throws Exception {
         // given
         MockHttpSession session = new MockHttpSession();
@@ -30,11 +33,30 @@ void testUserLogin() throws Exception {
 
         // then
         result.andExpect(status().isOk());
-        assertThat(session.getAttribute(USER)).isNotNull();
+        assertThat(session.getAttribute("SPRING_SECURITY_CONTEXT")).isNotNull();
+
+        SecurityContext context = (SecurityContext) session.getAttribute("SPRING_SECURITY_CONTEXT");
+        assertThat(context.getAuthentication().getPrincipal()).isInstanceOf(UserPrincipal.class);
+        
+        UserPrincipal userPrincipal = (UserPrincipal) context.getAuthentication().getPrincipal();
+        assertThat(userPrincipal.getUserId()).isEqualTo(1L);
+        assertThat(userPrincipal.getUserNickname()).isEqualTo("USER1");
+    }
+
+    @Test
+    @DataSet("datasets/stat/one-user-stat.yml")
+    @DisplayName("테스트 유저가 로그인하면 마이페이지에 접근이 가능하다")
+    void testUserLoginSecurityContext() throws Exception {
+        // given
+        MockHttpSession session = new MockHttpSession();
+
+        // when
+        ResultActions beforeLogin = mockMvc.perform(get("/user/me").session(session));
+        mockMvc.perform(post("/user/test/login/1").session(session));
+        ResultActions afterLogin = mockMvc.perform(get("/user/me").session(session));
 
-        AuthenticationUser authenticationUser = (AuthenticationUser) session.getAttribute(USER);
-        assertThat(authenticationUser.userId()).isEqualTo(1L);
-        assertThat(authenticationUser.nickname()).isEqualTo("USER1");
-        assertThat(authenticationUser.providerId()).isEqualTo("kakao1");
+        // then
+        beforeLogin.andExpect(status().isUnauthorized());
+        afterLogin.andExpect(status().isOk());
     }
 }