Feat: JWT 기반 인증 기능 추가

joyewon0705 · joyewon0705 · commit e713c9387961 · 2025-09-23T12:45:24.000+09:00
diff --git a/src/main/java/com/back/global/security/CustomUserDetails.java b/src/main/java/com/back/global/security/CustomUserDetails.java
@@ -0,0 +1,58 @@
+package com.back.global.security;
+
+import lombok.AllArgsConstructor;
+import lombok.Getter;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
+import org.springframework.security.core.userdetails.UserDetails;
+
+import java.util.Collection;
+import java.util.List;
+
+/**
+ * Spring Security에서 사용하는 사용자 인증 정보 클래스
+ * - JWT에서 파싱한 사용자 정보를 담고 있음
+ */
+@Getter
+@AllArgsConstructor
+public class CustomUserDetails implements UserDetails {
+    private Long userId;
+    private String username;
+    private String role;
+
+    @Override
+    public Collection<SimpleGrantedAuthority> getAuthorities() {
+        // Spring Security 권한 체크는 "ROLE_" prefix 필요
+        return List.of(new SimpleGrantedAuthority("ROLE_" + role));
+    }
+
+    @Override
+    public String getPassword() {
+        // JWT 인증에서는 비밀번호를 사용하지 않음
+        return null;
+    }
+
+    @Override
+    public String getUsername() {
+        return username;
+    }
+
+    @Override
+    public boolean isAccountNonExpired() {
+        return true;
+    }
+
+    @Override
+    public boolean isAccountNonLocked() {
+        return true;
+    }
+
+    @Override
+    public boolean isCredentialsNonExpired() {
+        return true;
+    }
+
+    @Override
+    public boolean isEnabled() {
+        return true;
+    }
+}
diff --git a/src/main/java/com/back/global/security/JwtAuthenticationFilter.java b/src/main/java/com/back/global/security/JwtAuthenticationFilter.java
@@ -0,0 +1,54 @@
+package com.back.global.security;
+
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import lombok.RequiredArgsConstructor;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.web.filter.OncePerRequestFilter;
+
+import java.io.IOException;
+
+/**
+ * JWT 인증을 처리하는 필터
+ * - 모든 요청에 대해 JWT 토큰을 검사
+ * - 토큰이 유효하면 Authentication 객체를 생성하여 SecurityContext에 저장
+ */
+@RequiredArgsConstructor
+public class JwtAuthenticationFilter extends OncePerRequestFilter {
+    private final JwtTokenProvider jwtTokenProvider;
+
+    @Override
+    protected void doFilterInternal(
+            HttpServletRequest request, HttpServletResponse response, FilterChain filterChain
+    ) throws ServletException, IOException {
+
+        // Request Header에서 토큰 추출
+        String token = resolveToken(request);
+
+        // 토큰이 유효한 경우에만 Authentication 객체 생성 및 SecurityContext에 저장
+        if (token != null && jwtTokenProvider.validateToken(token)) {
+            Authentication authentication = jwtTokenProvider.getAuthentication(token);
+            SecurityContextHolder.getContext().setAuthentication(authentication);
+        }
+
+        // 다음 필터로 요청 전달
+        filterChain.doFilter(request, response);
+    }
+
+    /**
+     * Request의 Authorization 헤더에서 JWT 토큰을 추출
+     *
+     * @param request HTTP 요청 객체
+     * @return JWT 토큰 문자열 또는 null
+     */
+    private String resolveToken(HttpServletRequest request) {
+        String bearerToken = request.getHeader("Authorization");
+        if (bearerToken != null && bearerToken.startsWith("Bearer ")) {
+            return bearerToken.substring(7);
+        }
+        return null;
+    }
+}
diff --git a/src/main/java/com/back/global/security/JwtTokenProvider.java b/src/main/java/com/back/global/security/JwtTokenProvider.java
@@ -0,0 +1,142 @@
+package com.back.global.security;
+
+import com.back.global.exception.CustomException;
+import com.back.global.exception.ErrorCode;
+import io.jsonwebtoken.Claims;
+import io.jsonwebtoken.ExpiredJwtException;
+import io.jsonwebtoken.JwtException;
+import io.jsonwebtoken.Jwts;
+import io.jsonwebtoken.security.Keys;
+import jakarta.annotation.PostConstruct;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
+import org.springframework.stereotype.Component;
+
+import javax.crypto.SecretKey;
+import java.util.Date;
+import java.util.List;
+
+/**
+ * JWT 생성 및 검증을 담당하는 Provider 클래스
+ * - Access Token, Refresh Token 생성
+ * - 토큰 검증 및 파싱
+ * - Authentication 객체 생성 (Spring Security 연동)
+ */
+@Component
+public class JwtTokenProvider {
+
+    @Value("${jwt.secret}")
+    private String secretKey;
+
+    @Value("${jwt.access-token-expiration}")
+    private long accessTokenExpirationInSeconds;
+
+    @Value("${jwt.refresh-token-expiration}")
+    private long refreshTokenExpirationInSeconds;
+
+    private SecretKey key;
+
+    @PostConstruct
+    public void init() {
+        this.key = Keys.hmacShaKeyFor(secretKey.getBytes());
+    }
+
+    /**
+     * Access Token 생성
+     *
+     * @param userId   사용자 PK
+     * @param username 로그인 ID
+     * @param role     권한
+     * @return JWT Access Token 문자열
+     */
+    public String createAccessToken(Long userId, String username, String role) {
+        Date now = new Date();
+        Date expiryDate = new Date(now.getTime() + accessTokenExpirationInSeconds * 1000);
+
+        return Jwts.builder()
+                .subject(username)
+                .claim("userId", userId)
+                .claim("role", role)
+                .issuedAt(now)
+                .expiration(expiryDate)
+                .signWith(key)
+                .compact();
+    }
+
+    /**
+     * Refresh Token 생성
+     *
+     * @param userId 사용자 PK
+     * @return JWT Refresh Token 문자열
+     */
+    public String createRefreshToken(Long userId) {
+        Date now = new Date();
+        Date expiryDate = new Date(now.getTime() + refreshTokenExpirationInSeconds * 1000);
+
+        return Jwts.builder()
+                .subject(String.valueOf(userId))
+                .issuedAt(now)
+                .expiration(expiryDate)
+                .signWith(key)
+                .compact();
+    }
+
+    /**
+     * JWT 토큰에서 인증 정보 추출
+     *
+     * @param token JWT Access Token
+     * @return 인증 정보가 담긴 Authentication 객체
+     */
+    public Authentication getAuthentication(String token) {
+        Claims claims = parseClaims(token);
+        Long userId = claims.get("userId", Long.class);
+        String username = claims.getSubject();
+        String role = claims.get("role", String.class);
+
+        SimpleGrantedAuthority authority = new SimpleGrantedAuthority("ROLE_" + role);
+        CustomUserDetails principal = new CustomUserDetails(userId, username, role);
+
+        return new UsernamePasswordAuthenticationToken(principal, token, List.of(authority));
+    }
+
+    /**
+     * JWT 토큰 검증
+     *
+     * @param token JWT Access Token
+     * @return 유효한 토큰이면 true, 그렇지 않으면 false
+     */
+    public boolean validateToken(String token) {
+        try {
+            Jwts.parser()
+                    .verifyWith(key)
+                    .build()
+                    .parseSignedClaims(token);
+            return true;
+        } catch (JwtException e) {
+            return false;
+        }
+    }
+
+    /**
+     * JWT 파싱
+     *
+     * @param token JWT 토큰
+     * @return 토큰의 Claims
+     * @throws CustomException 토큰이 유효하지 않은 경우
+     */
+    private Claims parseClaims(String token) {
+        try {
+            return Jwts.parser()
+                    .verifyWith(key)
+                    .build()
+                    .parseSignedClaims(token)
+                    .getPayload();
+        } catch (ExpiredJwtException e) {
+            return e.getClaims();
+        } catch (JwtException e) {
+            throw new CustomException(ErrorCode.INVALID_TOKEN);
+        }
+    }
+}
