feat/OPS-324 : session 등록을 위한 OAuth2LoginSourceFilter 클래스 추가.

Author: Kimgooner

src/main/java/org/tuna/zoopzoop/backend/domain/auth/resolver/CustomOAuth2AuthorizationRequestResolver.java renamed to src/main/java/org/tuna/zoopzoop/backend/domain/auth/global/CustomOAuth2AuthorizationRequestResolver.java

@@ -1,4 +1,4 @@
-package org.tuna.zoopzoop.backend.domain.auth.resolver;
+package org.tuna.zoopzoop.backend.domain.auth.global;
 
 import jakarta.servlet.http.HttpServletRequest;
 import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;

src/main/java/org/tuna/zoopzoop/backend/domain/auth/global/OAuth2LoginSourceFilter.java

@@ -0,0 +1,31 @@
+package org.tuna.zoopzoop.backend.domain.auth.global;
+
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import org.springframework.stereotype.Component;
+import org.springframework.web.filter.OncePerRequestFilter;
+
+import java.io.IOException;
+
+@Component
+public class OAuth2LoginSourceFilter extends OncePerRequestFilter {
+    @Override
+    protected void doFilterInternal(
+            HttpServletRequest request,
+            HttpServletResponse response,
+            FilterChain filterChain)
+            throws ServletException, IOException {
+
+        String uri = request.getRequestURI();
+        String source = request.getParameter("source");
+
+        // OAuth2 로그인 시작 URL이면 세션에 저장
+        if (uri.startsWith("/oauth2/authorization") && source != null) {
+            request.getSession().setAttribute("loginSource", source);
+        }
+
+        filterChain.doFilter(request, response);
+    }
+}

src/main/java/org/tuna/zoopzoop/backend/domain/auth/handler/OAuth2SuccessHandler.java

@@ -60,8 +60,9 @@ public void onAuthenticationSuccess(HttpServletRequest request, HttpServletRespo
         String accessToken = jwtUtil.generateToken(member);
         String refreshToken = jwtUtil.generateRefreshToken(member);
 
-        String state = request.getParameter("state");
-        boolean isExtension = state != null && state.contains("source:extension");
+        String source = (String) request.getSession().getAttribute("loginSource");
+        boolean isExtension = "extension".equals(source);
+
 
         // 확장 프로그램에서 로그인 했을 경우.
         if(isExtension){

src/main/java/org/tuna/zoopzoop/backend/global/security/SecurityConfig.java

@@ -5,10 +5,12 @@
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
+import org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter;
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+import org.tuna.zoopzoop.backend.domain.auth.global.CustomOAuth2AuthorizationRequestResolver;
+import org.tuna.zoopzoop.backend.domain.auth.global.OAuth2LoginSourceFilter;
 import org.tuna.zoopzoop.backend.domain.auth.handler.OAuth2SuccessHandler;
-import org.tuna.zoopzoop.backend.domain.auth.resolver.CustomOAuth2AuthorizationRequestResolver;
 import org.tuna.zoopzoop.backend.domain.auth.service.CustomOAuth2UserService;
 import org.tuna.zoopzoop.backend.global.security.jwt.CustomAuthenticationEntryPoint;
 import org.tuna.zoopzoop.backend.global.security.jwt.JwtAuthenticationFilter;
@@ -21,6 +23,7 @@ public class SecurityConfig {
     private final CustomOAuth2UserService customOAuth2UserService;
     private final OAuth2SuccessHandler oAuth2SuccessHandler;
     private final ClientRegistrationRepository clientRegistrationRepository;
+    private final OAuth2LoginSourceFilter oauth2LoginSourceFilter;
 
     @Bean
     public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
@@ -46,6 +49,7 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Excepti
                         ).permitAll()
                         .anyRequest().authenticated()
                 )
+                .addFilterBefore(oauth2LoginSourceFilter, OAuth2AuthorizationRequestRedirectFilter.class)
                 .oauth2Login(oauth2 -> oauth2
                         .authorizationEndpoint(authorization -> authorization
                                 .authorizationRequestResolver(
@@ -68,7 +72,8 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Excepti
                 .exceptionHandling(ex -> ex
                         .authenticationEntryPoint(customAuthenticationEntryPoint)
                 )
-                .addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class);;
+                .addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class);
+
         return http.build();
     }
 }