f-lab-edu · sangyunpark99 · Apr 19, 2025 · Apr 10, 2025 · Apr 10, 2025 · Apr 11, 2025
diff --git a/.idea/gradle.xml b/.idea/gradle.xml
diff --git a/.idea/inspectionProfiles/Project_Default.xml b/.idea/inspectionProfiles/Project_Default.xml
diff --git a/auth/build.gradle b/auth/build.gradle
@@ -24,8 +24,6 @@ repositories {
 dependencies {
 	implementation 'org.springframework.boot:spring-boot-starter-data-jpa'
 	implementation 'org.springframework.boot:spring-boot-starter-data-redis'
-	implementation 'org.springframework.boot:spring-boot-starter-oauth2-client'
-	implementation 'org.springframework.boot:spring-boot-starter-security'
 	implementation 'org.springframework.boot:spring-boot-starter-web'
 	implementation 'io.jsonwebtoken:jjwt-api:0.11.5'
 	implementation 'org.springframework.boot:spring-boot-starter-validation'
@@ -36,7 +34,6 @@ dependencies {
 	annotationProcessor 'org.projectlombok:lombok'
 
 	testImplementation 'org.springframework.boot:spring-boot-starter-test'
-	testImplementation 'org.springframework.security:spring-security-test'
 
 	testCompileOnly 'org.projectlombok:lombok'
 	testAnnotationProcessor 'org.projectlombok:lombok'

diff --git a/auth/src/main/java/com/sangyunpark/auth/application/AuthService.java b/auth/src/main/java/com/sangyunpark/auth/application/AuthService.java
@@ -9,7 +9,6 @@
 import com.sangyunpark.auth.exception.BusinessException;
 import com.sangyunpark.auth.infrastructure.repository.RedisTokenRepository;
 import com.sangyunpark.auth.jwt.TokenProvider;
-import com.sangyunpark.auth.jwt.UserPrincipal;
 import com.sangyunpark.auth.presentation.dto.request.LoginRequestDto;
 import com.sangyunpark.auth.presentation.dto.response.TokenResponseDto;
 import lombok.RequiredArgsConstructor;
@@ -33,11 +32,10 @@ public TokenResponseDto login(final LoginRequestDto loginRequestDto) {
         return new TokenResponseDto(token);
     }
 
-    public TokenResponseDto reissue(final String refreshToken, final UserPrincipal userPrincipal) {
-        final String email = userPrincipal.getEmail();
+    public TokenResponseDto reissue(final String refreshToken, final String email, final String userType, final String userStatus) {
         tokenProvider.validateToken(refreshToken);
         validateStoredRefreshToken(email, refreshToken);
-        Token newToken = generateAndStoreToken(email, userPrincipal.getUserType(), userPrincipal.getUserStatus());
+        Token newToken = generateAndStoreToken(email, UserType.valueOf(userType), UserStatus.valueOf(userStatus));
         return new TokenResponseDto(newToken);
     }
 

diff --git a/auth/src/main/java/com/sangyunpark/auth/config/SecurityConfig.java b/auth/src/main/java/com/sangyunpark/auth/config/SecurityConfig.java
@@ -1,46 +1,14 @@
 package com.sangyunpark.auth.config;
 
-import com.fasterxml.jackson.databind.ObjectMapper;
-import com.sangyunpark.auth.global.filter.JwtAuthenticationFilter;
-import com.sangyunpark.auth.global.security.JwtAccessDeniedHandler;
-import com.sangyunpark.auth.jwt.TokenProvider;
-import com.sangyunpark.auth.jwt.TokenValidator;
 import lombok.RequiredArgsConstructor;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
-import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
-import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.crypto.password.PasswordEncoder;
-import org.springframework.security.web.SecurityFilterChain;
-import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
 
 @Configuration
 @RequiredArgsConstructor
 public class SecurityConfig {
-
-    private final TokenProvider tokenProvider;
-    private final TokenValidator tokenValidator;
-    private final ObjectMapper objectMapper;
-    private final JwtAccessDeniedHandler accessDeniedHandler;
-
-    @Bean
-    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
-        return http
-                .csrf(AbstractHttpConfigurer::disable)
-                .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
-                .authorizeHttpRequests(auth -> auth
-                        .requestMatchers("/api/v1/auth/login", "/api/v1/auth/reissue").permitAll()
-                        .requestMatchers("/api/v1/admin/**").hasAuthority("ADMIN")
-                        .anyRequest().authenticated()
-                )
-                .exceptionHandling(handler ->
-                        handler.accessDeniedHandler(accessDeniedHandler))
-                .addFilterBefore(new JwtAuthenticationFilter(tokenProvider, tokenValidator, objectMapper), UsernamePasswordAuthenticationFilter.class)
-                .build();
-    }
-
     @Bean
     public PasswordEncoder passwordEncoder() {
         return new BCryptPasswordEncoder();

diff --git a/auth/src/main/java/com/sangyunpark/auth/global/filter/JwtAuthenticationFilter.java b/auth/src/main/java/com/sangyunpark/auth/global/filter/JwtAuthenticationFilter.java
diff --git a/auth/src/main/java/com/sangyunpark/auth/global/handler/GlobalExceptionHandler.java b/auth/src/main/java/com/sangyunpark/auth/global/handler/GlobalExceptionHandler.java
@@ -4,7 +4,6 @@
 import com.sangyunpark.auth.exception.BusinessException;
 import com.sangyunpark.auth.presentation.dto.response.ErrorResponse;
 import feign.FeignException;
-import org.springframework.cloud.client.circuitbreaker.NoFallbackAvailableException;
 import org.springframework.http.ResponseEntity;
 import org.springframework.web.bind.MethodArgumentNotValidException;
 import org.springframework.web.bind.annotation.ExceptionHandler;

diff --git a/auth/src/main/java/com/sangyunpark/auth/global/security/JwtAccessDeniedHandler.java b/auth/src/main/java/com/sangyunpark/auth/global/security/JwtAccessDeniedHandler.java
diff --git a/auth/src/main/java/com/sangyunpark/auth/infrastructure/repository/RedisTokenRepository.java b/auth/src/main/java/com/sangyunpark/auth/infrastructure/repository/RedisTokenRepository.java
@@ -10,6 +10,8 @@
 @Repository
 public class RedisTokenRepository {
 
+    private static final String BLACK_LIST_KEY = "black_list:";
+
     private final StringRedisTemplate redisTemplate;
     private final long refreshTokenExpireTime;
 
@@ -35,10 +37,10 @@ public boolean exists(final String email) {
     }
 
     public void saveLogOutToken(final String accessToken, final long remainingTime) {
-        redisTemplate.opsForValue().set(accessToken, "logout", remainingTime, TimeUnit.MILLISECONDS);
+        redisTemplate.opsForValue().set(BLACK_LIST_KEY + accessToken,"", remainingTime, TimeUnit.MILLISECONDS);
     }
 
     public boolean isLogOutToken(final String accessToken) {
-        return Boolean.TRUE.equals(redisTemplate.hasKey(accessToken));
+        return Boolean.TRUE.equals(redisTemplate.hasKey(BLACK_LIST_KEY + accessToken));
     }
 }
diff --git a/auth/src/main/java/com/sangyunpark/auth/jwt/TokenProvider.java b/auth/src/main/java/com/sangyunpark/auth/jwt/TokenProvider.java
@@ -77,10 +77,6 @@ public String getUserType(final String token) {
         return parseClaims(token).get(USER_TYPE, String.class);
     }
 
-    public String getUserStatus(final String token) {
-        return parseClaims(token).get(USER_STATUS, String.class);
-    }
-
     public long getRemainingExpiration(final String accessToken) {
         Date expiration = parseClaims(accessToken).getExpiration();
         return expiration.getTime() - System.currentTimeMillis();

diff --git a/auth/src/main/java/com/sangyunpark/auth/jwt/TokenValidator.java b/auth/src/main/java/com/sangyunpark/auth/jwt/TokenValidator.java
diff --git a/auth/src/main/java/com/sangyunpark/auth/jwt/UserPrincipal.java b/auth/src/main/java/com/sangyunpark/auth/jwt/UserPrincipal.java
diff --git a/auth/src/main/java/com/sangyunpark/auth/presentation/AuthController.java b/auth/src/main/java/com/sangyunpark/auth/presentation/AuthController.java
@@ -1,12 +1,10 @@
 package com.sangyunpark.auth.presentation;
 
 import com.sangyunpark.auth.application.AuthService;
-import com.sangyunpark.auth.jwt.UserPrincipal;
 import com.sangyunpark.auth.presentation.dto.request.LoginRequestDto;
 import com.sangyunpark.auth.presentation.dto.response.TokenResponseDto;
 import jakarta.validation.Valid;
 import lombok.RequiredArgsConstructor;
-import org.springframework.security.core.annotation.AuthenticationPrincipal;
 import org.springframework.web.bind.annotation.*;
 
 @RestController
@@ -15,6 +13,9 @@
 public class AuthController {
 
     private static final String HEADER_REFRESH_TOKEN = "X-Refresh-Token";
+    private static final String HEADER_USER_EMAIL = "X-User-Email";
+    private static final String HEADER_USER_TYPE = "X-User-Type";
+    private static final String HEADER_USER_STATUS = "X-User-Status";
     private static final String HEADER_AUTHORIZATION = "Authorization";
 
     private final AuthService authService;
@@ -25,8 +26,13 @@ public TokenResponseDto login(@Valid @RequestBody LoginRequestDto loginRequestDt
     }
 
     @PostMapping("/reissue")
-    public TokenResponseDto reissue(@RequestHeader(HEADER_REFRESH_TOKEN) final String refreshToken, @AuthenticationPrincipal UserPrincipal userPrincipal) {
-        return authService.reissue(refreshToken, userPrincipal);
+    public TokenResponseDto reissue(
+            @RequestHeader(HEADER_REFRESH_TOKEN) final String refreshToken,
+            @RequestHeader(HEADER_USER_EMAIL) final String email,
+            @RequestHeader(HEADER_USER_TYPE) final String userType,
+            @RequestHeader(HEADER_USER_STATUS) final String userStatus
+    ) {
+        return authService.reissue(refreshToken, email, userType, userStatus);
     }
 
     @PostMapping("/logout")

diff --git a/auth/src/main/resources/application.yml b/auth/src/main/resources/application.yml
@@ -7,6 +7,11 @@ spring:
     username: root
     password:
 
+  data:
+    redis:
+      host: localhost
+      port: 6379
+
   jpa:
     hibernate:
       ddl-auto: update