fix[member]: JWT 토큰 내용 변경과 기능 별 인가 오류 해결 및 에러메시지 반환 코드 추가

Author: asowjdan

backend/src/main/java/com/ai/lawyer/domain/member/controller/MemberController.java

@@ -3,7 +3,6 @@
 import com.ai.lawyer.domain.member.dto.MemberLoginRequest;
 import com.ai.lawyer.domain.member.dto.MemberResponse;
 import com.ai.lawyer.domain.member.dto.MemberSignupRequest;
-import com.ai.lawyer.domain.member.entity.Member;
 import com.ai.lawyer.domain.member.service.MemberService;
 import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.responses.ApiResponse;
@@ -37,14 +36,9 @@ public class MemberController {
     public ResponseEntity<MemberResponse> signup(@Valid @RequestBody MemberSignupRequest request) {
         log.info("회원가입 요청: email={}, name={}", request.getLoginId(), request.getName());
 
-        try {
-            MemberResponse response = memberService.signup(request);
-            log.info("회원가입 성공: memberId={}", response.getMemberId());
-            return ResponseEntity.status(HttpStatus.CREATED).body(response);
-        } catch (IllegalArgumentException e) {
-            log.warn("회원가입 실패: {}", e.getMessage());
-            return ResponseEntity.badRequest().build();
-        }
+        MemberResponse response = memberService.signup(request);
+        log.info("회원가입 성공: memberId={}", response.getMemberId());
+        return ResponseEntity.status(HttpStatus.CREATED).body(response);
     }
 
     @PostMapping("/login")
@@ -57,14 +51,9 @@ public ResponseEntity<MemberResponse> login(@Valid @RequestBody MemberLoginReque
                                               HttpServletResponse response) {
         log.info("로그인 요청: email={}", request.getLoginId());
 
-        try {
-            MemberResponse memberResponse = memberService.login(request, response);
-            log.info("로그인 성공: memberId={}", memberResponse.getMemberId());
-            return ResponseEntity.ok(memberResponse);
-        } catch (IllegalArgumentException e) {
-            log.warn("로그인 실패: {}", e.getMessage());
-            return ResponseEntity.status(HttpStatus.UNAUTHORIZED).build();
-        }
+        MemberResponse memberResponse = memberService.login(request, response);
+        log.info("로그인 성공: memberId={}", memberResponse.getMemberId());
+        return ResponseEntity.ok(memberResponse);
     }
 
     @PostMapping("/logout")
@@ -102,18 +91,12 @@ public ResponseEntity<MemberResponse> refreshToken(HttpServletRequest request,
         String refreshToken = extractRefreshTokenFromCookies(request);
 
         if (refreshToken == null) {
-            log.warn("리프레시 토큰이 없음");
-            return ResponseEntity.status(HttpStatus.UNAUTHORIZED).build();
+            throw new com.ai.lawyer.domain.member.exception.MemberAuthenticationException("리프레시 토큰이 없습니다.");
         }
 
-        try {
-            MemberResponse memberResponse = memberService.refreshToken(refreshToken, response);
-            log.info("토큰 재발급 성공: memberId={}", memberResponse.getMemberId());
-            return ResponseEntity.ok(memberResponse);
-        } catch (IllegalArgumentException e) {
-            log.warn("토큰 재발급 실패: {}", e.getMessage());
-            return ResponseEntity.status(HttpStatus.UNAUTHORIZED).build();
-        }
+        MemberResponse memberResponse = memberService.refreshToken(refreshToken, response);
+        log.info("토큰 재발급 성공: memberId={}", memberResponse.getMemberId());
+        return ResponseEntity.ok(memberResponse);
     }
 
     @DeleteMapping("/withdraw")
@@ -124,25 +107,18 @@ public ResponseEntity<MemberResponse> refreshToken(HttpServletRequest request,
             @ApiResponse(responseCode = "404", description = "존재하지 않는 회원")
     })
     public ResponseEntity<Void> withdraw(Authentication authentication, HttpServletResponse response) {
-        if (authentication == null || authentication.getName() == null) {
-            log.warn("인증되지 않은 회원탈퇴 요청");
-            return ResponseEntity.status(HttpStatus.UNAUTHORIZED).build();
+        if (authentication == null || authentication.getPrincipal() == null) {
+            throw new com.ai.lawyer.domain.member.exception.MemberAuthenticationException("인증이 필요합니다.");
         }
 
-        String loginId = authentication.getName();
-        log.info("회원탈퇴 요청: email={}", loginId);
-
-        try {
-            // loginId로 Member를 조회하여 실제 memberId 사용
-            Member member = memberService.findByLoginId(loginId);
-            memberService.withdraw(member.getMemberId());
-            memberService.logout(loginId, response); // 탈퇴 후 로그아웃 처리
-            log.info("회원탈퇴 성공: email={}, memberId={}", loginId, member.getMemberId());
-            return ResponseEntity.ok().build();
-        } catch (IllegalArgumentException e) {
-            log.warn("회원탈퇴 실패: {}", e.getMessage());
-            return ResponseEntity.notFound().build();
-        }
+        Long memberId = (Long) authentication.getPrincipal();
+        String loginId = (String) authentication.getDetails();
+        log.info("회원탈퇴 요청: memberId={}, email={}", memberId, loginId);
+
+        memberService.withdraw(memberId);
+        memberService.logout(loginId, response); // 탈퇴 후 로그아웃 처리
+        log.info("회원탈퇴 성공: memberId={}, email={}", memberId, loginId);
+        return ResponseEntity.ok().build();
     }
 
     @GetMapping("/me")
@@ -152,24 +128,16 @@ public ResponseEntity<Void> withdraw(Authentication authentication, HttpServletR
             @ApiResponse(responseCode = "401", description = "인증되지 않은 사용자")
     })
     public ResponseEntity<MemberResponse> getMyInfo(Authentication authentication) {
-        if (authentication == null || authentication.getName() == null) {
-            log.warn("인증되지 않은 정보 조회 요청");
-            return ResponseEntity.status(HttpStatus.UNAUTHORIZED).build();
+        if (authentication == null || authentication.getPrincipal() == null) {
+            throw new com.ai.lawyer.domain.member.exception.MemberAuthenticationException("인증이 필요합니다.");
         }
 
-        String loginId = authentication.getName();
-        log.info("내 정보 조회 요청: email={}", loginId);
-
-        try {
-            // loginId로 Member를 조회하여 실제 memberId 사용
-            Member member = memberService.findByLoginId(loginId);
-            MemberResponse response = memberService.getMemberById(member.getMemberId());
-            log.info("내 정보 조회 성공: memberId={}", response.getMemberId());
-            return ResponseEntity.ok(response);
-        } catch (IllegalArgumentException e) {
-            log.warn("내 정보 조회 실패: {}", e.getMessage());
-            return ResponseEntity.notFound().build();
-        }
+        Long memberId = (Long) authentication.getPrincipal();
+        log.info("내 정보 조회 요청: memberId={}", memberId);
+
+        MemberResponse response = memberService.getMemberById(memberId);
+        log.info("내 정보 조회 성공: memberId={}", response.getMemberId());
+        return ResponseEntity.ok(response);
     }
 
     private String extractRefreshTokenFromCookies(HttpServletRequest request) {

backend/src/main/java/com/ai/lawyer/domain/member/dto/MemberErrorResponse.java

@@ -0,0 +1,19 @@
+package com.ai.lawyer.domain.member.dto;
+
+import lombok.AllArgsConstructor;
+import lombok.Getter;
+
+import java.time.LocalDateTime;
+
+@Getter
+@AllArgsConstructor
+public class MemberErrorResponse {
+    private final String message;
+    private final int status;
+    private final String error;
+    private final LocalDateTime timestamp;
+
+    public static MemberErrorResponse of(String message, int status, String error) {
+        return new MemberErrorResponse(message, status, error, LocalDateTime.now());
+    }
+}

backend/src/main/java/com/ai/lawyer/domain/member/exception/MemberAuthenticationException.java

@@ -0,0 +1,7 @@
+package com.ai.lawyer.domain.member.exception;
+
+public class MemberAuthenticationException extends RuntimeException {
+    public MemberAuthenticationException(String message) {
+        super(message);
+    }
+}

backend/src/main/java/com/ai/lawyer/domain/member/exception/MemberExceptionHandler.java

@@ -0,0 +1,48 @@
+package com.ai.lawyer.domain.member.exception;
+
+import com.ai.lawyer.domain.member.dto.MemberErrorResponse;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.ResponseEntity;
+import org.springframework.web.bind.MethodArgumentNotValidException;
+import org.springframework.web.bind.annotation.ExceptionHandler;
+import org.springframework.web.bind.annotation.RestControllerAdvice;
+
+@RestControllerAdvice(basePackages = "com.ai.lawyer.domain.member")
+@Slf4j
+public class MemberExceptionHandler {
+
+    @ExceptionHandler(IllegalArgumentException.class)
+    public ResponseEntity<MemberErrorResponse> handleMemberIllegalArgumentException(IllegalArgumentException e) {
+        log.warn("Member 도메인 IllegalArgumentException: {}", e.getMessage());
+        MemberErrorResponse errorResponse = MemberErrorResponse.of(
+                e.getMessage(),
+                HttpStatus.BAD_REQUEST.value(),
+                "잘못된 요청"
+        );
+        return ResponseEntity.badRequest().body(errorResponse);
+    }
+
+    @ExceptionHandler(MemberAuthenticationException.class)
+    public ResponseEntity<MemberErrorResponse> handleMemberAuthenticationException(MemberAuthenticationException e) {
+        log.warn("Member 도메인 AuthenticationException: {}", e.getMessage());
+        MemberErrorResponse errorResponse = MemberErrorResponse.of(
+                e.getMessage(),
+                HttpStatus.UNAUTHORIZED.value(),
+                "인증 실패"
+        );
+        return ResponseEntity.status(HttpStatus.UNAUTHORIZED).body(errorResponse);
+    }
+
+    @ExceptionHandler(MethodArgumentNotValidException.class)
+    public ResponseEntity<MemberErrorResponse> handleMemberValidationException(MethodArgumentNotValidException e) {
+        String message = e.getBindingResult().getAllErrors().getFirst().getDefaultMessage();
+        log.warn("Member 도메인 유효성 검증 실패: {}", message);
+        MemberErrorResponse errorResponse = MemberErrorResponse.of(
+                message,
+                HttpStatus.BAD_REQUEST.value(),
+                "유효성 검증 실패"
+        );
+        return ResponseEntity.badRequest().body(errorResponse);
+    }
+}

backend/src/main/java/com/ai/lawyer/domain/member/service/MemberService.java

@@ -57,10 +57,12 @@ public MemberResponse login(MemberLoginRequest request, HttpServletResponse resp
     }
 
     public void logout(String loginId, HttpServletResponse response) {
-        // Redis에서 리프레시 토큰 삭제
-        tokenProvider.deleteRefreshToken(loginId);
+        // loginId가 있는 경우에만 Redis에서 리프레시 토큰 삭제
+        if (loginId != null && !loginId.trim().isEmpty()) {
+            tokenProvider.deleteRefreshToken(loginId);
+        }
 
-        // 쿠키 삭제
+        // 쿠키는 항상 클리어 (인증 정보가 없어도 클라이언트의 쿠키는 삭제해야 함)
         cookieUtil.clearTokenCookies(response);
     }
 

backend/src/main/java/com/ai/lawyer/global/jwt/JwtAuthenticationFilter.java

@@ -45,15 +45,22 @@ protected void doFilterInternal(@Nullable HttpServletRequest request, @Nullable
 
     private void setAuthentication(String token) {
         try {
-            // TODO: 실제 JWT 구현 시 토큰에서 사용자 정보 추출
-            // 현재는 임시로 토큰에서 사용자명 추출
-            String username = tokenProvider.getUsernameFromToken(token);
+            // 토큰에서 사용자 정보 추출
+            Long memberId = tokenProvider.getMemberIdFromToken(token);
+            String role = tokenProvider.getRoleFromToken(token);
 
-            // 간단한 권한 설정 (실제로는 토큰에서 권한 정보도 추출)
-            List<SimpleGrantedAuthority> authorities = List.of(new SimpleGrantedAuthority("ROLE_USER"));
+            if (memberId == null) {
+                log.warn("토큰에서 memberId를 추출할 수 없습니다.");
+                return;
+            }
+
+            // 권한 설정 (토큰에서 추출한 role 사용)
+            String authority = "ROLE_" + (role != null ? role : "USER");
+            List<SimpleGrantedAuthority> authorities = List.of(new SimpleGrantedAuthority(authority));
 
+            // memberId를 principal로 사용하는 인증 객체 생성
             UsernamePasswordAuthenticationToken authentication =
-                new UsernamePasswordAuthenticationToken(username, null, authorities);
+                new UsernamePasswordAuthenticationToken(memberId, null, authorities);
 
             SecurityContextHolder.getContext().setAuthentication(authentication);
         } catch (Exception e) {
@@ -64,8 +71,10 @@ private void setAuthentication(String token) {
     @Override
     protected boolean shouldNotFilter(HttpServletRequest request) {
         String path = request.getRequestURI();
-        // 인증이 필요없는 경로들
-        return path.startsWith("/api/auth/") ||
+        // 인증이 필요없는 경로들 (구체적으로 명시)
+        return path.equals("/api/auth/signup") ||
+               path.equals("/api/auth/login") ||
+               path.equals("/api/auth/refresh") ||
                path.startsWith("/api/public/") ||
                path.startsWith("/swagger-") ||
                path.startsWith("/v3/api-docs");

backend/src/main/java/com/ai/lawyer/global/jwt/TokenProvider.java

@@ -10,6 +10,7 @@
 import org.springframework.stereotype.Component;
 
 import javax.crypto.SecretKey;
+import java.nio.charset.StandardCharsets;
 import java.time.Duration;
 import java.util.Date;
 import java.util.UUID;
@@ -26,7 +27,7 @@ public class TokenProvider {
     private static final long REFRESH_TOKEN_EXPIRE_TIME = 7 * 24 * 60 * 60; // 7일
 
     private SecretKey getSigningKey() {
-        return Keys.hmacShaKeyFor(jwtProperties.getSecretKey().getBytes());
+        return Keys.hmacShaKeyFor(jwtProperties.getSecretKey().getBytes(StandardCharsets.UTF_8));
     }
 
     public String generateAccessToken(Member member) {
@@ -38,6 +39,7 @@ public String generateAccessToken(Member member) {
                 .setIssuedAt(now)
                 .setExpiration(expiry)
                 .claim("memberId", member.getMemberId())
+                .claim("role", member.getRole().name())
                 .signWith(getSigningKey(), SignatureAlgorithm.HS256)
                 .compact();
     }
@@ -73,16 +75,30 @@ public boolean validateToken(String token) {
         return false;
     }
 
-    public String getUsernameFromToken(String token) {
+    public Long getMemberIdFromToken(String token) {
         try {
             Claims claims = Jwts.parserBuilder()
                     .setSigningKey(getSigningKey())
                     .build()
                     .parseClaimsJws(token)
                     .getBody();
-            return claims.getSubject();
+            return claims.get("memberId", Long.class);
         } catch (Exception e) {
-            log.warn("토큰에서 사용자 정보 추출 실패: {}", e.getMessage());
+            log.warn("토큰에서 회원 ID 추출 실패: {}", e.getMessage());
+            return null;
+        }
+    }
+
+    public String getRoleFromToken(String token) {
+        try {
+            Claims claims = Jwts.parserBuilder()
+                    .setSigningKey(getSigningKey())
+                    .build()
+                    .parseClaimsJws(token)
+                    .getBody();
+            return claims.get("role", String.class);
+        } catch (Exception e) {
+            log.warn("토큰에서 역할 정보 추출 실패: {}", e.getMessage());
             return null;
         }
     }