[Feat] 기본적인 Auth 기능 구현

build.gradle

@@ -46,6 +46,13 @@ dependencies {
     implementation 'org.springdoc:springdoc-openapi-starter-webmvc-ui:2.8.13'
     implementation 'org.springdoc:springdoc-openapi-starter-webmvc-api:2.8.13'
 
+    // Spring Security
+    implementation 'org.springframework.boot:spring-boot-starter-security'
+
+    // JWT
+    implementation 'io.jsonwebtoken:jjwt-api:0.12.6'
+    runtimeOnly 'io.jsonwebtoken:jjwt-impl:0.12.6'
+    runtimeOnly 'io.jsonwebtoken:jjwt-jackson:0.12.6'
 }
 
 tasks.named('test') {

src/main/java/ssurent/ssurentbe/SsurentbeApplication.java

@@ -2,7 +2,9 @@
 
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.data.jpa.repository.config.EnableJpaAuditing;
 
+@EnableJpaAuditing
 @SpringBootApplication
 public class SsurentbeApplication {
 

src/main/java/ssurent/ssurentbe/common/base/BaseResponse.java

@@ -0,0 +1,29 @@
+package ssurent.ssurentbe.common.base;
+
+import com.fasterxml.jackson.annotation.JsonInclude;
+import lombok.AllArgsConstructor;
+import lombok.Getter;
+import ssurent.ssurentbe.common.status.ErrorStatus;
+import ssurent.ssurentbe.common.status.SuccessStatus;
+
+@Getter
+@AllArgsConstructor
+@JsonInclude(JsonInclude.Include.NON_NULL)
+public class BaseResponse<T> {
+
+    private final String code;
+    private final String message;
+    private final T data;
+
+    public static <T> BaseResponse<T> success(SuccessStatus status, T data) {
+        return new BaseResponse<>(status.getCode(), status.getMessage(), data);
+    }
+
+    public static <T> BaseResponse<T> success(SuccessStatus status) {
+        return new BaseResponse<>(status.getCode(), status.getMessage(), null);
+    }
+
+    public static <T> BaseResponse<T> error(ErrorStatus status) {
+        return new BaseResponse<>(status.getCode(), status.getMessage(), null);
+    }
+}

src/main/java/ssurent/ssurentbe/common/config/SecurityConfig.java

@@ -0,0 +1,48 @@
+package ssurent.ssurentbe.common.config;
+
+import lombok.RequiredArgsConstructor;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.http.SessionCreationPolicy;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+import ssurent.ssurentbe.common.jwt.JwtAuthenticationFilter;
+
+@Configuration
+@EnableWebSecurity
+@RequiredArgsConstructor
+public class SecurityConfig {
+
+    private final JwtAuthenticationFilter jwtAuthenticationFilter;
+
+    @Bean
+    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
+        http
+                .csrf(csrf -> csrf.disable())
+                .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
+                .authorizeHttpRequests(auth -> auth
+                        .requestMatchers("/api/auth/**").permitAll()
+                        .requestMatchers("/swagger-ui/**", "/api-docs/**", "/swagger-ui.html").permitAll()
+                        .anyRequest().authenticated()
+                )
+                .addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class);
+
+        return http.build();
+    }
+
+    @Bean
+    public PasswordEncoder passwordEncoder() {
+        return new BCryptPasswordEncoder();
+    }
+
+    @Bean
+    public AuthenticationManager authenticationManager(AuthenticationConfiguration authenticationConfiguration) throws Exception {
+        return authenticationConfiguration.getAuthenticationManager();
+    }
+}

src/main/java/ssurent/ssurentbe/common/exception/GeneralException.java

@@ -0,0 +1,15 @@
+package ssurent.ssurentbe.common.exception;
+
+import lombok.Getter;
+import ssurent.ssurentbe.common.base.BaseStatus;
+
+@Getter
+public class GeneralException extends RuntimeException {
+
+    private final BaseStatus status;
+
+    public GeneralException(BaseStatus status) {
+        super(status.getMessage());
+        this.status = status;
+    }
+}

src/main/java/ssurent/ssurentbe/common/exception/GlobalExceptionHandler.java

@@ -0,0 +1,19 @@
+package ssurent.ssurentbe.common.exception;
+
+import org.springframework.http.ResponseEntity;
+import org.springframework.web.bind.annotation.ExceptionHandler;
+import org.springframework.web.bind.annotation.RestControllerAdvice;
+import ssurent.ssurentbe.common.base.BaseResponse;
+import ssurent.ssurentbe.common.status.ErrorStatus;
+
+@RestControllerAdvice
+public class GlobalExceptionHandler {
+
+    @ExceptionHandler(GeneralException.class)
+    public ResponseEntity<BaseResponse<Void>> handleGeneralException(GeneralException e) {
+        ErrorStatus status = (ErrorStatus) e.getStatus();
+        return ResponseEntity
+                .status(status.getHttpStatus())
+                .body(BaseResponse.error(status));
+    }
+}

src/main/java/ssurent/ssurentbe/common/jwt/JwtAuthenticationFilter.java

@@ -0,0 +1,65 @@
+package ssurent.ssurentbe.common.jwt;
+
+import com.fasterxml.jackson.databind.ObjectMapper;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import lombok.RequiredArgsConstructor;
+import org.springframework.http.MediaType;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.stereotype.Component;
+import org.springframework.util.StringUtils;
+import org.springframework.web.filter.OncePerRequestFilter;
+import ssurent.ssurentbe.common.base.BaseResponse;
+import ssurent.ssurentbe.common.exception.GeneralException;
+import ssurent.ssurentbe.common.status.ErrorStatus;
+
+import java.io.IOException;
+
+@Component
+@RequiredArgsConstructor
+public class JwtAuthenticationFilter extends OncePerRequestFilter {
+
+    private static final String AUTHORIZATION_HEADER = "Authorization";
+    private static final String BEARER_PREFIX = "Bearer ";
+
+    private final JwtTokenProvider jwtTokenProvider;
+    private static final ObjectMapper objectMapper = new ObjectMapper();
+
+    @Override
+    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
+            throws ServletException, IOException {
+
+        String token = resolveToken(request);
+
+        if (StringUtils.hasText(token)) {
+            try {
+                jwtTokenProvider.validateToken(token);
+                Authentication authentication = jwtTokenProvider.getAuthentication(token);
+                SecurityContextHolder.getContext().setAuthentication(authentication);
+            } catch (GeneralException e) {
+                sendErrorResponse(response, (ErrorStatus) e.getStatus());
+                return;
+            }
+        }
+
+        filterChain.doFilter(request, response);
+    }
+
+    private String resolveToken(HttpServletRequest request) {
+        String bearerToken = request.getHeader(AUTHORIZATION_HEADER);
+        if (StringUtils.hasText(bearerToken) && bearerToken.startsWith(BEARER_PREFIX)) {
+            return bearerToken.substring(BEARER_PREFIX.length());
+        }
+        return null;
+    }
+
+    private void sendErrorResponse(HttpServletResponse response, ErrorStatus status) throws IOException {
+        response.setStatus(status.getHttpStatus().value());
+        response.setContentType(MediaType.APPLICATION_JSON_VALUE);
+        response.setCharacterEncoding("UTF-8");
+        objectMapper.writeValue(response.getWriter(), BaseResponse.error(status));
+    }
+}

src/main/java/ssurent/ssurentbe/common/jwt/JwtTokenProvider.java

@@ -0,0 +1,108 @@
+package ssurent.ssurentbe.common.jwt;
+
+import io.jsonwebtoken.*;
+import io.jsonwebtoken.io.Decoders;
+import io.jsonwebtoken.security.Keys;
+import io.jsonwebtoken.security.SignatureException;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.context.annotation.Lazy;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.stereotype.Component;
+import ssurent.ssurentbe.common.exception.GeneralException;
+import ssurent.ssurentbe.common.status.ErrorStatus;
+
+import javax.crypto.SecretKey;
+import java.util.Date;
+
+@Component
+public class JwtTokenProvider {
+
+    private final SecretKey secretKey;
+    private final long accessTokenValidity;
+    private final long refreshTokenValidity;
+    private final UserDetailsService userDetailsService;
+
+    public JwtTokenProvider(
+            @Value("${jwt.secret}") String secret,
+            @Value("${jwt.access-token-validity}") long accessTokenValidity,
+            @Value("${jwt.refresh-token-validity}") long refreshTokenValidity,
+            @Lazy UserDetailsService userDetailsService) {
+        this.secretKey = Keys.hmacShaKeyFor(Decoders.BASE64.decode(secret));
+        this.accessTokenValidity = accessTokenValidity;
+        this.refreshTokenValidity = refreshTokenValidity;
+        this.userDetailsService = userDetailsService;
+    }
+
+    public String createAccessToken(String studentNum) {
+        return createToken(studentNum, accessTokenValidity, "access");
+    }
+
+    public String createRefreshToken(String studentNum) {
+        return createToken(studentNum, refreshTokenValidity, "refresh");
+    }
+
+    private String createToken(String studentNum, long validity, String tokenType) {
+        Date now = new Date();
+        Date expiration = new Date(now.getTime() + validity);
+
+        return Jwts.builder()
+                .subject(studentNum)
+                .claim("type", tokenType)
+                .issuedAt(now)
+                .expiration(expiration)
+                .signWith(secretKey)
+                .compact();
+    }
+
+    public Authentication getAuthentication(String token) {
+        String studentNum = getStudentNum(token);
+        UserDetails userDetails = userDetailsService.loadUserByUsername(studentNum);
+        return new UsernamePasswordAuthenticationToken(userDetails, "", userDetails.getAuthorities());
+    }
+
+    public String getStudentNum(String token) {
+        return Jwts.parser()
+                .verifyWith(secretKey)
+                .build()
+                .parseSignedClaims(token)
+                .getPayload()
+                .getSubject();
+    }
+
+    public boolean validateToken(String token) {
+        try {
+            Jwts.parser()
+                    .verifyWith(secretKey)
+                    .build()
+                    .parseSignedClaims(token);
+            return true;
+        } catch (SignatureException e) {
+            throw new GeneralException(ErrorStatus.JWT_INVALID_SIGNATURE);
+        } catch (MalformedJwtException e) {
+            throw new GeneralException(ErrorStatus.JWT_MALFORMED);
+        } catch (ExpiredJwtException e) {
+            throw new GeneralException(ErrorStatus.JWT_EXPIRED);
+        } catch (UnsupportedJwtException e) {
+            throw new GeneralException(ErrorStatus.JWT_UNSUPPORTED);
+        } catch (IllegalArgumentException e) {
+            throw new GeneralException(ErrorStatus.JWT_INVALID);
+        }
+    }
+
+    public boolean isRefreshToken(String token) {
+        try {
+            String type = Jwts.parser()
+                    .verifyWith(secretKey)
+                    .build()
+                    .parseSignedClaims(token)
+                    .getPayload()
+                    .get("type", String.class);
+            return "refresh".equals(type);
+        } catch (JwtException | IllegalArgumentException e) {
+            return false;
+        }
+    }
+}

src/main/java/ssurent/ssurentbe/common/security/CustomUserDetailsService.java

@@ -0,0 +1,33 @@
+package ssurent.ssurentbe.common.security;
+
+import lombok.RequiredArgsConstructor;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
+import org.springframework.security.core.userdetails.User;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.core.userdetails.UsernameNotFoundException;
+import org.springframework.stereotype.Service;
+import ssurent.ssurentbe.common.status.ErrorStatus;
+import ssurent.ssurentbe.domain.users.entity.Users;
+import ssurent.ssurentbe.domain.users.repository.UserRepository;
+
+import java.util.Collections;
+
+@Service
+@RequiredArgsConstructor
+public class CustomUserDetailsService implements UserDetailsService {
+
+    private final UserRepository userRepository;
+
+    @Override
+    public UserDetails loadUserByUsername(String studentNum) throws UsernameNotFoundException {
+        Users user = userRepository.findByStudentNum(studentNum)
+                .orElseThrow(() -> new UsernameNotFoundException(ErrorStatus.USER_NOT_FOUND.getMessage()));
+
+        return new User(
+                user.getStudentNum(),
+                user.getPassword(),
+                Collections.singletonList(new SimpleGrantedAuthority("ROLE_" + user.getRole().name()))
+        );
+    }
+}