[refactor/OPS-310] redirect url 변경 (#53)

Kimgooner · web-flow · commit 0ccb44675ada · 2025-09-25T15:20:29.000+09:00
* refactor/OPS-310 : redirect-url 변경. * refactor/OPS-310 : 작은 수정. * refactor/OPS-310 : 또 하나의 작은 수정. * refactor/OPS-310 : 큰 수정. * refactor/OPS-310 : 테스트 * refactor/OPS-310 : 요청 사항 반영. * refactor/OPS-310 : 요청 사항 반영 #2
diff --git a/src/main/java/org/tuna/zoopzoop/backend/domain/auth/handler/OAuth2FailureHandler.java b/src/main/java/org/tuna/zoopzoop/backend/domain/auth/handler/OAuth2FailureHandler.java
@@ -0,0 +1,36 @@
+package org.tuna.zoopzoop.backend.domain.auth.handler;
+
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import lombok.RequiredArgsConstructor;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.web.authentication.AuthenticationFailureHandler;
+import org.springframework.stereotype.Component;
+
+import java.io.IOException;
+import java.net.URLEncoder;
+
+@Component
+@RequiredArgsConstructor
+public class OAuth2FailureHandler implements AuthenticationFailureHandler {
+    @Value("${front.redirect_domain}")
+    private String redirect_domain;
+
+    @Override
+    public void onAuthenticationFailure(HttpServletRequest request,
+                                        HttpServletResponse response,
+                                        AuthenticationException exception) throws IOException, ServletException {
+
+        // 프론트로 리다이렉트
+        // 필요하면 쿼리 파라미터로 에러 정보 전달
+
+        String redirectUrl =
+                redirect_domain + "/auth/callback"
+                + "?success=false"
+                + "&error=" + URLEncoder.encode(exception.getMessage(), "UTF-8");
+
+        response.sendRedirect(redirectUrl);
+    }
+}
diff --git a/src/main/java/org/tuna/zoopzoop/backend/domain/auth/handler/OAuth2SuccessHandler.java b/src/main/java/org/tuna/zoopzoop/backend/domain/auth/handler/OAuth2SuccessHandler.java
@@ -3,6 +3,7 @@
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
 import lombok.RequiredArgsConstructor;
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.ResponseCookie;
 import org.springframework.security.core.Authentication;
@@ -17,6 +18,7 @@
 import org.tuna.zoopzoop.backend.global.security.jwt.JwtUtil;
 
 import java.io.IOException;
+import java.net.URLEncoder;
 
 @Component
 @RequiredArgsConstructor
@@ -27,6 +29,12 @@ public class OAuth2SuccessHandler extends SimpleUrlAuthenticationSuccessHandler
     private final MemberRepository memberRepository;
     private final MemberService memberService;
 
+    @Value("${front.redirect_domain}")
+    private String redirect_domain;
+
+    @Value("${spring.profiles.active:dev}")
+    private String activeProfile;
+
     @Override
     public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
                                         Authentication authentication) throws IOException {
@@ -53,32 +61,49 @@ public void onAuthenticationSuccess(HttpServletRequest request, HttpServletRespo
         String accessToken = jwtUtil.generateToken(member);
         String refreshToken = jwtUtil.generateRefreshToken(member);
 
-        ResponseCookie accessCookie = ResponseCookie.from("accessToken", accessToken)
-                .httpOnly(true)
-                .path("/")
-                .maxAge(jwtProperties.getAccessTokenValidity() / 1000)
-                // .domain() // 프론트엔드 & 백엔드 상위 도메인
-                // .secure(true) // https 필수 설정.
-                .sameSite("Lax")
-                .build();
-
-        ResponseCookie refreshCookie = ResponseCookie.from("refreshToken", refreshToken)
-                .httpOnly(true)
-                .path("/")
-                .maxAge(jwtProperties.getRefreshTokenValidity() / 1000)
-                // .domain() // 프론트엔드 & 백엔드 상위 도메인
-                // .secure(true) // https 필수 설정.
-                .sameSite("Lax")
-                .build();
-
-        // HTTP 응답에서 쿠키 값 추가.
-        response.addHeader(HttpHeaders.SET_COOKIE, accessCookie.toString());
-        response.addHeader(HttpHeaders.SET_COOKIE, refreshCookie.toString());
-
-        // 로그인 성공 후 리다이렉트.
-        // 배포 시에 프론트엔드와 조율이 필요한 부분일 듯 함.
-        response.sendRedirect("/login-success");
+        if ("server".equals(activeProfile)) {
+            // server 환경일 때: URL 파라미터로 토큰 전달
+            String redirectUrl = redirect_domain + "/auth/callback"
+                    + "?success=true"
+                    + "&accessToken=" + URLEncoder.encode(accessToken, "UTF-8")
+                    + "&refreshToken=" + URLEncoder.encode(refreshToken, "UTF-8");
+            response.sendRedirect(redirectUrl);
+        } else {
+            ResponseCookie accessCookie = ResponseCookie.from("accessToken", accessToken)
+                    .httpOnly(true)
+                    .path("/")
+                    .maxAge(jwtProperties.getAccessTokenValidity() / 1000)
+                    // .domain() // 프론트엔드 & 백엔드 상위 도메인
+                    // .secure(true) // https 필수 설정.
+                    .domain(redirect_domain)
+                    .secure(true)
+                    .sameSite("None")
+                    .build();
+
+            ResponseCookie refreshCookie = ResponseCookie.from("refreshToken", refreshToken)
+                    .httpOnly(true)
+                    .path("/")
+                    .maxAge(jwtProperties.getRefreshTokenValidity() / 1000)
+                    // .domain() // 프론트엔드 & 백엔드 상위 도메인
+                    // .secure(true) // https 필수 설정.
+                    .domain(redirect_domain)
+                    .secure(true)
+                    .sameSite("None")
+                    .build();
 
+            // HTTP 응답에서 쿠키 값 추가.
+            response.addHeader(HttpHeaders.SET_COOKIE, accessCookie.toString());
+            response.addHeader(HttpHeaders.SET_COOKIE, refreshCookie.toString());
+
+            String redirectUrl = redirect_domain + "/auth/callback"
+                    + "?success=true"
+                    + "&accessToken=" + URLEncoder.encode(accessToken, "UTF-8")
+                    + "&refreshToken=" + URLEncoder.encode(refreshToken, "UTF-8");
+
+            // 로그인 성공 후 리다이렉트.
+            // 배포 시에 프론트엔드와 조율이 필요한 부분일 듯 함.
+            response.sendRedirect(redirect_domain + "/auth/callback");
+        }
         // 보안을 좀 더 강화하고자 한다면 CSRF 토큰 같은 걸 생각해볼 수 있겠으나,
         // 일단은 구현하지 않음.(개발 과정 중에 번거로워질 수 있을 듯 함.)
     }
diff --git a/src/main/java/org/tuna/zoopzoop/backend/global/security/jwt/JwtAuthenticationFilter.java b/src/main/java/org/tuna/zoopzoop/backend/global/security/jwt/JwtAuthenticationFilter.java
@@ -67,6 +67,12 @@ private String getTokenFromRequest(HttpServletRequest request) { // Authorizatio
                 }
             }
         }
+
+        String accessTokenParam = request.getParameter("accessToken");
+        if (StringUtils.hasText(accessTokenParam)) {
+            return accessTokenParam;
+        }
+
         return null;
     }
 }

Original file line number	Diff line number	Diff line change
`@@ -67,6 +67,12 @@ private String getTokenFromRequest(HttpServletRequest request) { // Authorizatio`
`67`	`67`	`}`
`68`	`68`	`}`
`69`	`69`	`}`
	`70`	`+`
	`71`	`+ String accessTokenParam = request.getParameter("accessToken");`
	`72`	`+ if (StringUtils.hasText(accessTokenParam)) {`
	`73`	`+ return accessTokenParam;`
	`74`	`+ }`
	`75`	`+`
`70`	`76`	`return null;`
`71`	`77`	`}`
`72`	`78`	`}`