[JWT 개선] JwtTokenValidationFilter에서 클라이언트 IP 검증 로직을 HttpUtils를 사용하도록 변경하고, Access/Refresh Token 생성 메서드를 개선하여 코드 가독성을 향상시킴. MemberDto에 Refresh Token 및 로그인 IP 설정 추가.
This commit is contained in:
@@ -1,8 +1,10 @@
|
||||
package com.bio.bio_backend.global.filter;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.time.LocalDateTime;
|
||||
import java.util.Objects;
|
||||
|
||||
import com.bio.bio_backend.domain.base.member.dto.MemberDto;
|
||||
import com.bio.bio_backend.global.utils.HttpUtils;
|
||||
import org.springframework.core.env.Environment;
|
||||
import org.springframework.http.MediaType;
|
||||
@@ -79,7 +81,7 @@ public class JwtTokenValidationFilter extends OncePerRequestFilter {
|
||||
}
|
||||
|
||||
// 2. IP 주소 검증
|
||||
if (!jwtUtils.isValidClientIp(refreshToken, request.getRemoteAddr())) {
|
||||
if (!jwtUtils.isValidClientIp(refreshToken, httpUtils.getClientIp())) {
|
||||
log.warn("클라이언트 IP 주소가 일치하지 않습니다. URI: {}, IP: {}",
|
||||
request.getRequestURI(), request.getRemoteAddr());
|
||||
sendJsonResponse(response, ApiResponseDto.fail(ApiResponseCode.INVALID_CLIENT_IP));
|
||||
@@ -89,8 +91,10 @@ public class JwtTokenValidationFilter extends OncePerRequestFilter {
|
||||
// 모든 검증을 통과한 경우 토큰 갱신 진행
|
||||
String username = jwtUtils.extractUsername(refreshToken);
|
||||
|
||||
UserDetails userDetails = memberService.loadUserByUsername(username);
|
||||
|
||||
// 새로운 Access Token 생성
|
||||
String newAccessToken = jwtUtils.generateToken(username, Long.parseLong(Objects.requireNonNull(env.getProperty("token.expiration_time_access"))));
|
||||
String newAccessToken = jwtUtils.createAccessToken(username);
|
||||
|
||||
// 새로운 Access Token을 쿠키에 설정
|
||||
jwtUtils.setAccessTokenCookie(response, newAccessToken);
|
||||
@@ -99,14 +103,16 @@ public class JwtTokenValidationFilter extends OncePerRequestFilter {
|
||||
String newRefreshToken = jwtUtils.createRefreshToken(username, httpUtils.getClientIp());
|
||||
jwtUtils.setRefreshTokenCookie(response, newRefreshToken);
|
||||
|
||||
MemberDto member = (MemberDto) userDetails;
|
||||
member.setRefreshToken(newRefreshToken);
|
||||
member.setLoginIp(httpUtils.getClientIp());
|
||||
memberService.updateMember(member);
|
||||
|
||||
// 인증 정보 설정
|
||||
UserDetails userDetails = memberService.loadUserByUsername(username);
|
||||
if (userDetails != null) {
|
||||
UsernamePasswordAuthenticationToken authentication =
|
||||
new UsernamePasswordAuthenticationToken(userDetails, null, userDetails.getAuthorities());
|
||||
authentication.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
|
||||
SecurityContextHolder.getContext().setAuthentication(authentication);
|
||||
}
|
||||
|
||||
log.info("토큰 자동 갱신 성공: {}", username);
|
||||
filterChain.doFilter(request, response);
|
||||
|
||||
@@ -113,7 +113,7 @@ springdoc.default-consumes-media-type=application/json
|
||||
|
||||
# ========================================
|
||||
# 보안 설정 - 허용할 경로
|
||||
security.permit-all-paths=/login,/members/register,/swagger-ui/**,/swagger-ui.html,/swagger-ui/index.html,/api-docs,/api-docs/**,/v3/api-docs,/v3/api-docs/**,/ws/**,/actuator/**,/actuator/health/**,/actuator/info
|
||||
security.permit-all-paths=/login,/logout,/members/register,/swagger-ui/**,/swagger-ui.html,/swagger-ui/index.html,/api-docs,/api-docs/**,/v3/api-docs,/v3/api-docs/**,/ws/**,/actuator/**,/actuator/health/**,/actuator/info
|
||||
|
||||
# 파일 업로드 설정
|
||||
# ========================================
|
||||
|
||||
Reference in New Issue
Block a user