From 03abfbd565cdb6f51ac6f7466815e70d3ae6dcc7 Mon Sep 17 00:00:00 2001 From: hyeon48165 Date: Thu, 27 Nov 2025 21:17:36 +0900 Subject: [PATCH 1/2] =?UTF-8?q?fix:=20=EB=A1=9C=EA=B7=B8=EC=95=84=EC=9B=83?= =?UTF-8?q?=20=EC=98=A4=EB=A5=98=20=EC=88=98=EC=A0=95=20#11?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - logout 시, login 리다이렉트 차단 --- build.gradle | 7 +-- .../userservice/config/SecurityConfig.java | 44 +++++++++++++++++++ .../smartlogis/userservice/domain/UserId.java | 2 +- src/main/resources/application.yml | 4 +- src/main/resources/logback.xml | 2 +- 5 files changed, 49 insertions(+), 10 deletions(-) create mode 100644 src/main/java/com/smartlogis/userservice/config/SecurityConfig.java diff --git a/build.gradle b/build.gradle index 253b43d..94c809f 100644 --- a/build.gradle +++ b/build.gradle @@ -54,9 +54,4 @@ dependencies { tasks.named('test') { useJUnitPlatform() -} - -def querydslDir = 'build/generated/sources/annotationProcessor/java/main' -sourceSets { - main.java.srcDirs += [querydslDir] -} +} \ No newline at end of file diff --git a/src/main/java/com/smartlogis/userservice/config/SecurityConfig.java b/src/main/java/com/smartlogis/userservice/config/SecurityConfig.java new file mode 100644 index 0000000..5277142 --- /dev/null +++ b/src/main/java/com/smartlogis/userservice/config/SecurityConfig.java @@ -0,0 +1,44 @@ +package com.smartlogis.userservice.config; + +import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.security.config.annotation.web.builders.HttpSecurity; +import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer; +import org.springframework.security.config.http.SessionCreationPolicy; +import org.springframework.security.web.SecurityFilterChain; +import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; + +import com.smartlogis.common.infrastructure.security.HeaderAuthenticationFilter; +import com.smartlogis.common.infrastructure.security.RestAccessDeniedHandler; +import com.smartlogis.common.infrastructure.security.RestAuthenticationEntryPoint; + +import lombok.RequiredArgsConstructor; +import lombok.extern.slf4j.Slf4j; + +@Slf4j +@Configuration +@RequiredArgsConstructor +public class SecurityConfig { + + private final HeaderAuthenticationFilter headerAuthenticationFilter; + private final RestAuthenticationEntryPoint restAuthenticationEntryPoint; + private final RestAccessDeniedHandler restAccessDeniedHandler; + + @Bean + @ConditionalOnMissingBean + public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { + return http.csrf(AbstractHttpConfigurer::disable) + .formLogin(AbstractHttpConfigurer::disable) + .logout(AbstractHttpConfigurer::disable) + .authorizeHttpRequests(auth -> auth.anyRequest().permitAll()) + .addFilterBefore(headerAuthenticationFilter, UsernamePasswordAuthenticationFilter.class) + .sessionManagement(c -> c.sessionCreationPolicy(SessionCreationPolicy.STATELESS)) + .exceptionHandling(c -> { + c.authenticationEntryPoint(restAuthenticationEntryPoint); + c.accessDeniedHandler(restAccessDeniedHandler); + }) + .build(); + } + +} diff --git a/src/main/java/com/smartlogis/userservice/domain/UserId.java b/src/main/java/com/smartlogis/userservice/domain/UserId.java index 32f5a26..bf89cc9 100644 --- a/src/main/java/com/smartlogis/userservice/domain/UserId.java +++ b/src/main/java/com/smartlogis/userservice/domain/UserId.java @@ -15,7 +15,7 @@ @NoArgsConstructor(access = AccessLevel.PROTECTED) public class UserId { - @Column(name = "user_id") + @Column private UUID id; protected UserId(UUID id) { this.id = id;} diff --git a/src/main/resources/application.yml b/src/main/resources/application.yml index 0e61204..1d320a0 100644 --- a/src/main/resources/application.yml +++ b/src/main/resources/application.yml @@ -16,13 +16,13 @@ spring: eureka: instance: prefer-ip-address: false - hostname: localhost + hostname: localhost # code-factory.co.kr client: register-with-eureka: true fetch-registry: true service-url: - defaultZone: http://code-factory.co.kr:3150/eureka/ + defaultZone: http://${eureka.instance.hostname}:3150/eureka/ springdoc: version: '1.0.0' diff --git a/src/main/resources/logback.xml b/src/main/resources/logback.xml index 73354b3..3068062 100644 --- a/src/main/resources/logback.xml +++ b/src/main/resources/logback.xml @@ -8,7 +8,7 @@ - %d{yyyy-MM-dd HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n + %d{yyyy-MM-dd HH:mm:ss.SSS} [%thread] %highlight(%-5level) %logger{36} - %msg%n From bb083364dbdf532e2fa8154d4b02c0df1fdfcc73 Mon Sep 17 00:00:00 2001 From: hyeon48165 Date: Fri, 28 Nov 2025 00:00:00 +0900 Subject: [PATCH 2/2] =?UTF-8?q?fix:=20=EB=A1=9C=EA=B7=B8=EC=9D=B8=20?= =?UTF-8?q?=EA=B6=8C=ED=95=9C=20=EA=B2=80=EC=A6=9D=20=EC=98=A4=EB=A5=98=20?= =?UTF-8?q?=EC=88=98=EC=A0=95=20#11?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../com/smartlogis/userservice/config/SecurityConfig.java | 2 ++ .../smartlogis/userservice/presentation/UserController.java | 2 ++ src/main/resources/application.yml | 4 ++-- 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/src/main/java/com/smartlogis/userservice/config/SecurityConfig.java b/src/main/java/com/smartlogis/userservice/config/SecurityConfig.java index 5277142..ff1565b 100644 --- a/src/main/java/com/smartlogis/userservice/config/SecurityConfig.java +++ b/src/main/java/com/smartlogis/userservice/config/SecurityConfig.java @@ -3,6 +3,7 @@ import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; +import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer; import org.springframework.security.config.http.SessionCreationPolicy; @@ -18,6 +19,7 @@ @Slf4j @Configuration +@EnableMethodSecurity @RequiredArgsConstructor public class SecurityConfig { diff --git a/src/main/java/com/smartlogis/userservice/presentation/UserController.java b/src/main/java/com/smartlogis/userservice/presentation/UserController.java index f60b8f2..438239c 100644 --- a/src/main/java/com/smartlogis/userservice/presentation/UserController.java +++ b/src/main/java/com/smartlogis/userservice/presentation/UserController.java @@ -76,6 +76,7 @@ public ResponseEntity> signup(@Valid @RequestBody UserRegister } @Operation(summary = "로그인한 회원정보 조회") + @PreAuthorize("isAuthenticated()") @GetMapping public ResponseEntity> getUser(@AuthenticationPrincipal AuthenticatedUser authentication) { UserInfoResponse user = userService.getUserById(UUID.fromString(authentication.getId())); @@ -138,6 +139,7 @@ public ResponseEntity> updateUserRole( } @Operation(summary = "회원 탈퇴") + @PreAuthorize("isAuthenticated()") @DeleteMapping("/delete") public ResponseEntity> delete( @AuthenticationPrincipal AuthenticatedUser authentication diff --git a/src/main/resources/application.yml b/src/main/resources/application.yml index 1d320a0..0e61204 100644 --- a/src/main/resources/application.yml +++ b/src/main/resources/application.yml @@ -16,13 +16,13 @@ spring: eureka: instance: prefer-ip-address: false - hostname: localhost # code-factory.co.kr + hostname: localhost client: register-with-eureka: true fetch-registry: true service-url: - defaultZone: http://${eureka.instance.hostname}:3150/eureka/ + defaultZone: http://code-factory.co.kr:3150/eureka/ springdoc: version: '1.0.0'