Merge pull request #40 from 28delivery/enhancement/35-enhancement-login-jwtathentificationfilter-개선

🩹 fix: login jwtathentificationfilter 개선

Author: zzangkkmin

src/main/java/com/sparta/spring_deep/_delivery/config/WebSecurityConfig.java

@@ -1,9 +1,10 @@
 package com.sparta.spring_deep._delivery.config;
 
-import com.sparta.spring_deep._delivery.config.security.JwtAuthenticationFilter;
-import com.sparta.spring_deep._delivery.config.security.JwtAuthorizationFilter;
+import com.sparta.spring_deep._delivery.domain.user.jwt.JwtAuthenticationFilter;
+import com.sparta.spring_deep._delivery.domain.user.jwt.JwtAuthorizationFilter;
 import com.sparta.spring_deep._delivery.domain.user.details.UserDetailsServiceImpl;
-import com.sparta.spring_deep._delivery.util.JwtUtil;
+import com.sparta.spring_deep._delivery.domain.user.jwt.JwtUtil;
+import com.sparta.spring_deep._delivery.domain.user.repository.UserRepository;
 import lombok.RequiredArgsConstructor;
 import org.springframework.boot.autoconfigure.security.servlet.PathRequest;
 import org.springframework.context.annotation.Bean;
@@ -15,6 +16,7 @@
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
 
@@ -24,6 +26,7 @@
 public class WebSecurityConfig {
 
     private final JwtUtil jwtUtil;
+    private final UserRepository userRepository;
     private final UserDetailsServiceImpl userDetailsService;
     private final AuthenticationConfiguration authenticationConfiguration;
 

src/main/java/com/sparta/spring_deep/_delivery/domain/user/controller/UserController.java

@@ -7,7 +7,7 @@
 import com.sparta.spring_deep._delivery.domain.user.dto.UserDto;
 import com.sparta.spring_deep._delivery.domain.user.entity.User;
 import com.sparta.spring_deep._delivery.domain.user.service.UserService;
-import com.sparta.spring_deep._delivery.util.JwtUtil;
+import com.sparta.spring_deep._delivery.domain.user.jwt.JwtUtil;
 import jakarta.validation.Valid;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
@@ -53,21 +53,6 @@ public ResponseEntity<?> signup(@RequestBody UserDto userDto, BindingResult bind
         return new ResponseEntity<>(newUser, HttpStatus.CREATED);
     }
 
-    @PostMapping("/login")
-    public ResponseEntity<?> login(@Valid @RequestBody LoginRequestDto loginRequestDto,
-        BindingResult bindingResult) {
-        if (bindingResult.hasErrors()) {
-            String errorMsg = bindingResult.getFieldError("username") != null ?
-                bindingResult.getFieldError("username").getDefaultMessage() : "Invalid input";
-            logger.error("Login validation failed: {}", errorMsg);
-            return ResponseEntity.status(HttpStatus.BAD_REQUEST).body(errorMsg);
-        }
-
-        LoginResponseDto loginResponseDto = userService.login(loginRequestDto);
-        logger.info("User logged in successfully: {}", loginResponseDto.getUsername());
-        return ResponseEntity.ok(loginResponseDto);
-    }
-
     @PostMapping("/logout")
     public ResponseEntity<?> logout(@RequestHeader(value = "Authorization") String token) {
         // 클라이언트쪽에서 JWT 토큰 무효화해야 함!

…ig/security/JwtAuthenticationFilter.java …in/user/jwt/JwtAuthenticationFilter.javasrc/main/java/com/sparta/spring_deep/_delivery/config/security/JwtAuthenticationFilter.java renamed to src/main/java/com/sparta/spring_deep/_delivery/domain/user/jwt/JwtAuthenticationFilter.java src/main/java/com/sparta/spring_deep/_delivery/config/security/JwtAuthenticationFilter.java renamed to src/main/java/com/sparta/spring_deep/_delivery/domain/user/jwt/JwtAuthenticationFilter.java

@@ -1,10 +1,9 @@
-package com.sparta.spring_deep._delivery.config.security;
+package com.sparta.spring_deep._delivery.domain.user.jwt;
 
 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.sparta.spring_deep._delivery.domain.user.details.UserDetailsImpl;
 import com.sparta.spring_deep._delivery.domain.user.dto.LoginRequestDto;
 import com.sparta.spring_deep._delivery.domain.user.entity.UserRole;
-import com.sparta.spring_deep._delivery.util.JwtUtil;
 import jakarta.servlet.FilterChain;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
@@ -35,6 +34,7 @@ public Authentication attemptAuthentication(HttpServletRequest request,
             LoginRequestDto requestDto = new ObjectMapper().readValue(request.getInputStream(),
                 LoginRequestDto.class);
 
+
             return getAuthenticationManager().authenticate(
                 new UsernamePasswordAuthenticationToken(
                     requestDto.getUsername(),
@@ -50,15 +50,16 @@ public Authentication attemptAuthentication(HttpServletRequest request,
 
     @Override
     protected void successfulAuthentication(HttpServletRequest request,
-        HttpServletResponse response, FilterChain chain, Authentication authResult) {
+        HttpServletResponse response, FilterChain chain, Authentication authResult)
+        throws IOException {
 
-        String username = ((UserDetailsImpl) authResult.getPrincipal()).getUsername();
-        UserRole role = ((UserDetailsImpl) authResult.getPrincipal()).getUser().getRole();
+        UserDetailsImpl userDetails = (UserDetailsImpl) authResult.getPrincipal();
+        String username = userDetails.getUsername();
+        UserRole role = userDetails.getUser().getRole();
 
         String token = jwtUtil.createJwt(username, role);
-        System.out.println(token);
-        response.addHeader(JwtUtil.AUTHORIZATION_HEADER, token);
 
+        response.addHeader(JwtUtil.AUTHORIZATION_HEADER, token);
     }
 
     @Override

…fig/security/JwtAuthorizationFilter.java …ain/user/jwt/JwtAuthorizationFilter.javasrc/main/java/com/sparta/spring_deep/_delivery/config/security/JwtAuthorizationFilter.java renamed to src/main/java/com/sparta/spring_deep/_delivery/domain/user/jwt/JwtAuthorizationFilter.java src/main/java/com/sparta/spring_deep/_delivery/config/security/JwtAuthorizationFilter.java renamed to src/main/java/com/sparta/spring_deep/_delivery/domain/user/jwt/JwtAuthorizationFilter.java

@@ -1,7 +1,6 @@
-package com.sparta.spring_deep._delivery.config.security;
+package com.sparta.spring_deep._delivery.domain.user.jwt;
 
 import com.sparta.spring_deep._delivery.domain.user.details.UserDetailsServiceImpl;
-import com.sparta.spring_deep._delivery.util.JwtUtil;
 import io.jsonwebtoken.Claims;
 import jakarta.servlet.FilterChain;
 import jakarta.servlet.ServletException;

…elivery/util/JwtBlacklistRepository.java …ain/user/jwt/JwtBlacklistRepository.javasrc/main/java/com/sparta/spring_deep/_delivery/util/JwtBlacklistRepository.java renamed to src/main/java/com/sparta/spring_deep/_delivery/domain/user/jwt/JwtBlacklistRepository.java src/main/java/com/sparta/spring_deep/_delivery/util/JwtBlacklistRepository.java renamed to src/main/java/com/sparta/spring_deep/_delivery/domain/user/jwt/JwtBlacklistRepository.java

@@ -1,4 +1,4 @@
-package com.sparta.spring_deep._delivery.util;
+package com.sparta.spring_deep._delivery.domain.user.jwt;
 
 import java.util.concurrent.ConcurrentHashMap;
 import org.springframework.stereotype.Component;

…/spring_deep/_delivery/util/JwtUtil.java …p/_delivery/domain/user/jwt/JwtUtil.javasrc/main/java/com/sparta/spring_deep/_delivery/util/JwtUtil.java renamed to src/main/java/com/sparta/spring_deep/_delivery/domain/user/jwt/JwtUtil.java src/main/java/com/sparta/spring_deep/_delivery/util/JwtUtil.java renamed to src/main/java/com/sparta/spring_deep/_delivery/domain/user/jwt/JwtUtil.java

@@ -1,4 +1,4 @@
-package com.sparta.spring_deep._delivery.util;
+package com.sparta.spring_deep._delivery.domain.user.jwt;
 
 import com.sparta.spring_deep._delivery.domain.user.entity.UserRole;
 import io.jsonwebtoken.Claims;

src/main/java/com/sparta/spring_deep/_delivery/domain/user/repository/UserRepository.java

@@ -1,13 +1,16 @@
 package com.sparta.spring_deep._delivery.domain.user.repository;
 
 import com.sparta.spring_deep._delivery.domain.user.entity.User;
+import java.util.List;
 import java.util.Optional;
 import org.springframework.data.jpa.repository.JpaRepository;
 import org.springframework.stereotype.Repository;
 
 @Repository
 public interface UserRepository extends JpaRepository<User, String>, UserRepositoryCustom {
 
+    Optional<User> findByUsername(String username);
+    
     Optional<User> findByUsernameAndIsDeletedFalse(String username);
 
     Optional<User> findByEmail(String email);

src/main/java/com/sparta/spring_deep/_delivery/domain/user/service/UserService.java

@@ -10,7 +10,7 @@
 import com.sparta.spring_deep._delivery.domain.user.entity.UserRole;
 import com.sparta.spring_deep._delivery.domain.user.repository.UserRepository;
 import com.sparta.spring_deep._delivery.exception.DuplicateResourceException;
-import com.sparta.spring_deep._delivery.util.JwtUtil;
+import com.sparta.spring_deep._delivery.domain.user.jwt.JwtUtil;
 import java.time.LocalDateTime;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
@@ -69,26 +69,6 @@ public User registerUser(UserDto userDto) {
         return user;
     }
 
-    public LoginResponseDto login(LoginRequestDto loginRequestDto) {
-        Authentication authentication = authenticationManager.authenticate(
-            new UsernamePasswordAuthenticationToken(loginRequestDto.getUsername(),
-                loginRequestDto.getPassword())
-        );
-
-        SecurityContextHolder.getContext().setAuthentication(authentication);
-        UserDetailsImpl userDetails = (UserDetailsImpl) authentication.getPrincipal();
-
-        User user = userDetails.getUser();
-        String username = userDetails.getUsername();
-        String email = user.getEmail();
-        IsPublic isPublic = user.getIsPublic();
-        UserRole userRole = user.getRole();
-
-        String jwt = jwtUtil.createJwt(username, userRole);
-
-        return new LoginResponseDto(jwt, username, email, userRole, isPublic);
-    }
-
     public User updateUser(String userName, UserDto userDto) {
         User user = userRepository.findByUsernameAndIsDeletedFalse(userName)
             .orElseThrow(() -> new RuntimeException("User not found!"));