feat : Security Config 설정 및 OAuth 구현#2

seungwookc97 · seungwookc97 · commit 1ae6022cb5a5 · 2025-09-19T09:29:24.000+09:00
diff --git a/build.gradle.kts b/build.gradle.kts
@@ -28,14 +28,13 @@ dependencies {
     implementation("org.springframework.boot:spring-boot-starter-data-jpa")
     implementation("org.springframework.boot:spring-boot-starter-validation")
     implementation("org.springframework.boot:spring-boot-starter-web")
-
+    implementation("io.github.cdimascio:java-dotenv:5.2.2")
     implementation("org.springframework.boot:spring-boot-starter-security")
     implementation("org.springframework.boot:spring-boot-starter-oauth2-client")
     implementation("org.springdoc:springdoc-openapi-starter-webmvc-ui:2.6.0")
     implementation("io.jsonwebtoken:jjwt-api:0.12.3")
     runtimeOnly("io.jsonwebtoken:jjwt-impl:0.12.3")
     runtimeOnly("io.jsonwebtoken:jjwt-jackson:0.12.3")
-    implementation("me.paulschwarz:spring-dotenv:4.0.0")
     compileOnly("org.projectlombok:lombok")
     developmentOnly("org.springframework.boot:spring-boot-devtools")
     runtimeOnly("com.h2database:h2")
diff --git a/src/main/java/com/back/BackApplication.java b/src/main/java/com/back/BackApplication.java
@@ -1,5 +1,6 @@
 package com.back;
 
+import io.github.cdimascio.dotenv.Dotenv;
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 import org.springframework.scheduling.annotation.EnableScheduling;
@@ -9,6 +10,11 @@
 public class BackApplication {
 
     public static void main(String[] args) {
+        Dotenv dotenv = Dotenv.load();
+        System.out.println("KAKAO_OAUTH2_CLIENT_ID: " + dotenv.get("KAKAO_OAUTH2_CLIENT_ID"));
+        System.out.println("GOOGLE_OAUTH2_CLIENT_ID: " + dotenv.get("GOOGLE_OAUTH2_CLIENT_ID"));
+        System.out.println("NAVER_OAUTH2_CLIENT_ID: " + dotenv.get("NAVER_OAUTH2_CLIENT_ID"));
+
         SpringApplication.run(BackApplication.class, args);
     }
 
diff --git a/src/main/java/com/back/domain/user/service/UserService.java b/src/main/java/com/back/domain/user/service/UserService.java
@@ -23,7 +23,7 @@ public User findById(Long id) {
                 .orElseThrow(() -> new IllegalArgumentException("User not found. id=" + id));
     }
 
-  // 소셜로그인으로 회원가입 & 회원 정보 수정
+    // 소셜로그인으로 회원가입 & 회원 정보 수정
     public RsData<User> modifyOrJoin(String oauthId, String email, String nickname) {
 
         //oauthId로 기존 회원인지 확인
@@ -46,11 +46,15 @@ public User joinSocial(String oauthId, String email, String nickname){
                     throw new ServiceException(409, "이미 존재하는 계정입니다.");
                 });
 
+        // 고유한 닉네임 생성
+        String uniqueNickname = generateUniqueNickname(nickname);
+
         User user = User.builder()
                 .email(email)
+                .nickname(uniqueNickname)
                 .profileImgUrl(null)
                 .abvDegree(0.0)
-                .role("USER") //기본 권한 USER. 관리자면 "ADMIN"으로 설정하시면 됩니다
+                .role("USER")
                 .oauthId(oauthId)
                 .build();
 
@@ -66,17 +70,17 @@ public RsData<User> findOrCreateOAuthUser(String oauthId, String email, String n
         Optional<User> existingUser = userRepository.findByOauthId(oauthId);
 
         if (existingUser.isPresent()) {
-            // 기존 사용자 업데이트 (이메일, 닉네임 변경 가능)
+            // 기존 사용자 업데이트 (이메일만 업데이트)
             User user = existingUser.get();
             user.setEmail(email);
-            user.setNickname(nickname);
             return RsData.of(200, "기존 사용자 정보 업데이트", userRepository.save(user));
         } else {
-            // 새 사용자 생성
+            // 새 사용자 생성 - 고유한 닉네임 생성
+            String uniqueNickname = generateUniqueNickname(nickname);
             User newUser = User.builder()
                     .oauthId(oauthId)
                     .email(email)
-                    .nickname(nickname)
+                    .nickname(uniqueNickname)
                     .provider(provider)
                     .role("USER")
                     .createdAt(LocalDateTime.now())
@@ -85,4 +89,22 @@ public RsData<User> findOrCreateOAuthUser(String oauthId, String email, String n
         }
     }
 
+    private String generateUniqueNickname(String baseNickname) {
+        // null이거나 빈 문자열인 경우 기본값 설정
+        if (baseNickname == null || baseNickname.trim().isEmpty()) {
+            baseNickname = "User";
+        }
+
+        String nickname = baseNickname;
+        int counter = 1;
+
+        // 중복 체크 및 고유한 닉네임 생성
+        while (userRepository.findByNickname(nickname).isPresent()) {
+            nickname = baseNickname + counter;
+            counter++;
+        }
+
+        return nickname;
+    }
+
 }
diff --git a/src/main/java/com/back/global/security/CustomAuthenticationFilter.java b/src/main/java/com/back/global/security/CustomAuthenticationFilter.java
@@ -55,9 +55,9 @@ private void work(HttpServletRequest request, HttpServletResponse response, Filt
         if (
             //추후 로그인 필요한 api 추가 설정
                 uri.startsWith("/h2-console") ||
-                        uri.startsWith("/api/login/oauth2/") ||
-                        (method.equals("GET") && uri.equals("api/~~")) ||
-                        (method.equals("POST") && uri.equals("/api/user/login"))
+                        uri.startsWith("/login/oauth2/") ||
+                        (method.equals("GET") && uri.equals("/api/~~")) ||
+                        (method.equals("POST") && uri.equals("/api/~"))
 
         ) {
             filterChain.doFilter(request, response);
diff --git a/src/main/java/com/back/global/security/CustomOAuth2UserService.java b/src/main/java/com/back/global/security/CustomOAuth2UserService.java
@@ -35,11 +35,9 @@ public OAuth2User loadUser(OAuth2UserRequest userRequest) throws OAuth2Authentic
             case "KAKAO" -> {
                 Map<String, Object> attributes = oAuth2User.getAttributes();
                 Map<String, Object> attributesProperties = (Map<String, Object>) attributes.get("properties");
-                Map<String, Object> kakaoAccount = (Map<String, Object>) attributes.get("kakao_account");
 
                 oauthUserId = oAuth2User.getName();
                 nickname = (String) attributesProperties.get("nickname");
-                email = (String) kakaoAccount.get("email");
             }
             case "GOOGLE" -> {
                 oauthUserId = oAuth2User.getName();
@@ -59,13 +57,25 @@ public OAuth2User loadUser(OAuth2UserRequest userRequest) throws OAuth2Authentic
         // OAuth ID를 제공자와 함께 저장 (예: kakao_123456789)
         String uniqueOauthId = providerTypeCode.toLowerCase() + "_" + oauthUserId;
 
+        log.debug("OAuth2 user info - oauthUserId: {}, email: {}, nickname: {}, provider: {}",
+                  oauthUserId, email, nickname, providerTypeCode);
+
         User user = userService.findOrCreateOAuthUser(uniqueOauthId, email, nickname, providerTypeCode).data();
 
+        log.debug("User from DB - id: {}, email: {}, nickname: {}",
+                  user.getId(), user.getEmail(), user.getNickname());
+
+        // null 체크 및 기본값 설정
+        String userEmail = user.getEmail() != null && !user.getEmail().trim().isEmpty()
+                          ? user.getEmail() : "unknown@example.com";
+        String userNickname = user.getNickname() != null && !user.getNickname().trim().isEmpty()
+                             ? user.getNickname() : "Unknown User";
+
         // securityContext
         return new SecurityUser(
                 user.getId(),
-                user.getEmail(),
-                user.getNickname(),
+                userEmail,
+                userNickname,
                 user.getAuthorities(),
                 oAuth2User.getAttributes()
         );
diff --git a/src/main/java/com/back/global/security/SecurityConfig.java b/src/main/java/com/back/global/security/SecurityConfig.java
@@ -21,13 +21,16 @@ public class SecurityConfig {
     private final CustomOAuth2UserService customOAuth2UserService;
     private final CustomOAuth2LoginSuccessHandler oauth2SuccessHandler;
     private final CustomOAuth2LoginFailureHandler oauth2FailureHandler;
+    private final CustomOAuth2AuthorizationRequestResolver customOAuth2AuthorizationRequestResolver;
 
     public SecurityConfig(CustomOAuth2UserService customOAuth2UserService,
                          CustomOAuth2LoginSuccessHandler oauth2SuccessHandler,
-                          CustomOAuth2LoginFailureHandler oauth2FailureHandler) {
+                          CustomOAuth2LoginFailureHandler oauth2FailureHandler,
+                          CustomOAuth2AuthorizationRequestResolver customOAuth2AuthorizationRequestResolver) {
         this.customOAuth2UserService = customOAuth2UserService;
         this.oauth2SuccessHandler = oauth2SuccessHandler;
         this.oauth2FailureHandler = oauth2FailureHandler;
+        this.customOAuth2AuthorizationRequestResolver = customOAuth2AuthorizationRequestResolver;
     }
 
     @Bean
@@ -37,25 +40,46 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
                 .cors(cors -> cors.configurationSource(corsConfigurationSource()))
                 .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
                 .authorizeHttpRequests(auth -> auth
-                        .requestMatchers("/","/api/**").permitAll()
+                        .requestMatchers("/").permitAll()
                         .requestMatchers("/h2-console/**").permitAll()
                         .requestMatchers("/oauth2/**").permitAll()
+                        .requestMatchers("/login/oauth2/**").permitAll()
                         .requestMatchers("/swagger-ui/**", "/api-docs/**").permitAll()
+                        .requestMatchers("/api/user/**").permitAll()
+                        .requestMatchers("/api/cocktail/**").permitAll()
+
+
+                        // 회원 or 인증된 사용자만 가능
+                        .requestMatchers("/api/admin/**").hasRole("ADMIN")
+//                        .requestMatchers("/api/cocktail/detail~~").authenticated()
+
+                        //그 외에는 인증해야함
                         .anyRequest().authenticated()
                 )
+                .formLogin(AbstractHttpConfigurer::disable)
+                .httpBasic(AbstractHttpConfigurer::disable)
                 .oauth2Login(oauth2 -> oauth2
                         .authorizationEndpoint(authorization -> authorization
-                                .baseUri("/api/oauth2/authorization")
-                        )
-                        .redirectionEndpoint(redirection -> redirection
-                                .baseUri("/api/login/oauth2/code/*")
+                                .authorizationRequestResolver(customOAuth2AuthorizationRequestResolver)
                         )
                         .userInfoEndpoint(userInfo -> userInfo
                                 .userService(customOAuth2UserService)
                         )
                         .successHandler(oauth2SuccessHandler)
                         .failureHandler(oauth2FailureHandler)
                 )
+                .exceptionHandling(exceptionHandling -> exceptionHandling
+                        .authenticationEntryPoint((request, response, authException) -> {
+                            response.setContentType("application/json;charset=UTF-8");
+                            response.setStatus(401);
+                            response.getWriter().write("{\"code\":401,\"message\":\"로그인 후 이용해주세요.\"}");
+                        })
+                        .accessDeniedHandler((request, response, accessDeniedException) -> {
+                            response.setContentType("application/json;charset=UTF-8");
+                            response.setStatus(403);
+                            response.getWriter().write("{\"code\":403,\"message\":\"권한이 없습니다.\"}");
+                        })
+                )
                 .headers(headers -> headers.frameOptions(HeadersConfigurer.FrameOptionsConfig::sameOrigin));
 
         return http.build();
diff --git a/src/main/resources/application.yml b/src/main/resources/application.yml
@@ -2,6 +2,9 @@ spring:
   profiles:
     active: dev
 
+  config:
+    import: optional:file:.env[.properties]
+
   security:
     oauth2:
       client:
@@ -11,11 +14,11 @@ spring:
             scope: profile_nickname # 카카오 닉네임만 가져옴
             client-name: Kakao
             authorization-grant-type: authorization_code
-            redirect-uri: '${BASE_URL}/api/{action}/oauth2/code/{registrationId}'
+            redirect-uri: '${BASE_URL}/{action}/oauth2/code/{registrationId}'
           google:
             client-id: ${GOOGLE_OAUTH2_CLIENT_ID}
             client-secret: ${GOOGLE_OAUTH2_CLIENT_SECRET}
-            redirect-uri: '${BASE_URL}/api/{action}/oauth2/code/{registrationId}'
+            redirect-uri: '${BASE_URL}/{action}/oauth2/code/{registrationId}'
             client-name: Google
             scope: profile
           naver:
@@ -24,7 +27,7 @@ spring:
             scope: profile_nickname # 네이버 닉네임만 가져옴
             client-name: Naver
             authorization-grant-type: authorization_code
-            redirect-uri: '${BASE_URL}/api/{action}/oauth2/code/{registrationId}'
+            redirect-uri: '${BASE_URL}/{action}/oauth2/code/{registrationId}'
         provider:
           kakao:
             authorization-uri: https://kauth.kakao.com/oauth/authorize
