Test: JWT 인증 인프라 통합 테스트

joyewon0705 · joyewon0705 · commit b269c61ce93c · 2025-09-23T11:06:58.000+09:00
diff --git a/src/test/java/com/back/JwtSecurityIntegrationTest.java b/src/test/java/com/back/JwtSecurityIntegrationTest.java
@@ -0,0 +1,70 @@
+package com.back;
+
+import com.back.global.security.JwtTokenProvider;
+import org.junit.jupiter.api.DisplayName;
+import org.junit.jupiter.api.Test;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.test.web.servlet.MockMvc;
+
+import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
+
+@SpringBootTest
+@AutoConfigureMockMvc
+class JwtSecurityIntegrationTest {
+
+    @Autowired
+    private MockMvc mockMvc;
+
+    @Autowired
+    private JwtTokenProvider jwtTokenProvider;
+
+//    @Test
+//    @DisplayName("public 엔드포인트 접근 시 200 OK 반환")
+//    void givenNoToken_whenAccessPublic_thenReturn200() throws Exception {
+//        mockMvc.perform(get("/api/test/public"))
+//                .andExpect(status().isOk());
+//    }
+
+    @Test
+    @DisplayName("일반 유저가 /me 접근 시 200 OK 반환")
+    void givenUserToken_whenAccessMe_thenReturn200() throws Exception {
+        // ROLE_USER 토큰 발급
+        String userToken = jwtTokenProvider.createAccessToken(3L, "user2", "USER");
+
+        mockMvc.perform(get("/api/test/me")
+                        .header("Authorization", "Bearer " + userToken))
+                .andExpect(status().isOk());
+    }
+
+    @Test
+    @DisplayName("토큰 없이 /me 접근 시 401 Unauthorized 반환")
+    void givenNoToken_whenAccessMe_thenReturn401() throws Exception {
+        mockMvc.perform(get("/api/test/me"))
+                .andExpect(status().isUnauthorized());
+    }
+
+    @Test
+    @DisplayName("관리자가 /admin 접근 시 200 OK 반환")
+    void givenAdminToken_whenAccessAdmin_thenReturn200() throws Exception {
+        // ROLE_ADMIN 토큰 발급
+        String adminToken = jwtTokenProvider.createAccessToken(2L, "admin1", "ADMIN");
+
+        mockMvc.perform(get("/api/test/admin")
+                        .header("Authorization", "Bearer " + adminToken))
+                .andExpect(status().isOk());
+    }
+
+    @Test
+    @DisplayName("일반 유저가 /admin 접근 시 403 Forbidden 반환")
+    void givenUserToken_whenAccessAdmin_thenReturn403() throws Exception {
+        // ROLE_USER 토큰 발급
+        String userToken = jwtTokenProvider.createAccessToken(1L, "user1", "USER");
+
+        mockMvc.perform(get("/api/test/admin")
+                        .header("Authorization", "Bearer " + userToken))
+                .andExpect(status().isForbidden());
+    }
+}
diff --git a/src/test/java/com/back/api/TestController.java b/src/test/java/com/back/api/TestController.java
@@ -0,0 +1,29 @@
+package com.back.api;
+
+import com.back.global.security.CustomUserDetails;
+import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.security.core.annotation.AuthenticationPrincipal;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+@RestController
+@RequestMapping("/api/test")
+public class TestController {
+
+//    @GetMapping("/public")
+//    public String publicApi() {
+//        return "누구나 접근 가능";
+//    }
+
+    @GetMapping("/me")
+    public String me(@AuthenticationPrincipal CustomUserDetails user) {
+        return "내 정보: " + user.getUsername() + " (id=" + user.getUserId() + ")";
+    }
+
+    @GetMapping("/admin")
+    @PreAuthorize("hasRole('ADMIN')")
+    public String adminOnly() {
+        return "관리자 전용 API";
+    }
+}
