🐛 Bug - Security Filter를 리팩토링하여 액세스 토큰 재발급 로직에서 발생하는 오류를 수정한다

🐛 Bug - Security Filter를 리팩토링하여 액세스 토큰 재발급 로직에서 발생하는 오류를 수정한다

Author: oOccasio

src/main/java/sopt/comfit/auth/controller/AuthController.java

@@ -61,7 +61,13 @@ public LoginResponseDto kakaoCallback(
             HttpServletResponse response
     ) {
         LoginQueryDto loginQueryDto = kakaoAuthService.getKakaoUserInfoByCode(code);
-        response.addCookie(new Cookie("refreshToken", loginQueryDto.jwtDto().refreshToken()));
+
+        Cookie cookie = new Cookie("refreshToken", loginQueryDto.jwtDto().refreshToken());
+        cookie.setPath("/");
+        cookie.setHttpOnly(true);
+        cookie.setMaxAge(7 * 24 * 60 * 60); // 7일 (refreshToken 만료와 맞춰서 조정)
+        response.addCookie(cookie);
+
         return LoginResponseDto.of(loginQueryDto);
     }
 }

src/main/java/sopt/comfit/global/security/config/SecurityConfig.java

@@ -14,7 +14,6 @@
 import sopt.comfit.global.security.exception.CustomAccessDeniedHandler;
 import sopt.comfit.global.security.exception.CustomAuthenticationEntryPointerHandler;
 import sopt.comfit.global.security.filter.JwtAuthenticationFilter;
-import sopt.comfit.global.security.filter.JwtExceptionFilter;
 
 @Configuration
 @EnableWebSecurity
@@ -24,7 +23,6 @@ public class SecurityConfig {
     private final CustomAuthenticationEntryPointerHandler customAuthenticationEntryPointerHandler;
     private final CustomAccessDeniedHandler customAccessDeniedHandler;
     private final JwtAuthenticationFilter jwtAuthenticationFilter;
-    private final JwtExceptionFilter jwtExceptionFilter;
 
 
     @Bean
@@ -54,10 +52,6 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
                         jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class
                 )
 
-                .addFilterBefore(
-                        jwtExceptionFilter, JwtAuthenticationFilter.class
-                )
-
                 .getOrBuild();
 
     }

src/main/java/sopt/comfit/global/security/filter/JwtAuthenticationFilter.java

@@ -1,18 +1,25 @@
 package sopt.comfit.global.security.filter;
 
 import io.jsonwebtoken.Claims;
+import io.jsonwebtoken.ExpiredJwtException;
+import io.jsonwebtoken.JwtException;
+import io.jsonwebtoken.MalformedJwtException;
+import io.jsonwebtoken.UnsupportedJwtException;
 import jakarta.servlet.FilterChain;
 import jakarta.servlet.ServletException;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
+import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException;
 import org.springframework.security.core.context.SecurityContext;
 import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.core.userdetails.UsernameNotFoundException;
 import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
 import org.springframework.stereotype.Component;
 import org.springframework.web.filter.OncePerRequestFilter;
 import sopt.comfit.global.constants.Constants;
+import sopt.comfit.global.exception.CommonErrorCode;
 import sopt.comfit.global.logging.MdcUtils;
 import sopt.comfit.global.security.info.JwtAuthenticationToken;
 import sopt.comfit.global.security.info.JwtUserInfo;
@@ -30,11 +37,16 @@ public class JwtAuthenticationFilter extends OncePerRequestFilter {
     private final JwtAuthenticationManager jwtAuthenticationManager;
     private final JwtUtil jwtUtil;
 
+    @Override
+    protected boolean shouldNotFilter(HttpServletRequest request) {
+        return Constants.NO_NEED_AUTH.stream()
+                .anyMatch(pattern -> Constants.PATH_MATCHER.match(pattern, request.getRequestURI()));
+    }
+
     @Override
     protected void doFilterInternal(HttpServletRequest request,
                                     HttpServletResponse response,
                                     FilterChain filterChain) throws ServletException, IOException {
-
         try {
             MdcUtils.generateTraceId();
 
@@ -45,18 +57,16 @@ protected void doFilterInternal(HttpServletRequest request,
                 filterChain.doFilter(request, response);
                 return;
             }
+
             String token = HeaderUtil.refineHeader(request, Constants.PREFIX_AUTH, Constants.BEARER);
             Claims claim = jwtUtil.validateToken(token);
             log.info("claim: getUserId() = {}", claim.get(Constants.CLAIM_USER_ID, Long.class));
 
             JwtUserInfo jwtUserInfo = JwtUserInfo.from(claim);
-
             MdcUtils.setUserId(jwtUserInfo.userId());
 
             JwtAuthenticationToken unAuthenticatedToken = new JwtAuthenticationToken(jwtUserInfo);
-
             JwtAuthenticationToken authenticatedToken = (JwtAuthenticationToken) jwtAuthenticationManager.authenticate(unAuthenticatedToken);
-
             log.info("Authentication Successful: {}", authenticatedToken);
 
             authenticatedToken.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
@@ -65,10 +75,45 @@ protected void doFilterInternal(HttpServletRequest request,
             securityContext.setAuthentication(authenticatedToken);
             SecurityContextHolder.setContext(securityContext);
 
+            filterChain.doFilter(request, response);
+        } catch (SecurityException e) {
+            log.error("SecurityException: {}", e.getMessage());
+            request.setAttribute("errorCode", CommonErrorCode.ACCESS_DENIED);
+            filterChain.doFilter(request, response);
+        } catch (MalformedJwtException e) {
+            log.error("MalformedJwtException: {}", e.getMessage());
+            request.setAttribute("errorCode", CommonErrorCode.TOKEN_MALFORMED_ERROR);
+            filterChain.doFilter(request, response);
+        } catch (ExpiredJwtException e) {
+            log.error("ExpiredJwtException: {}", e.getMessage());
+            request.setAttribute("errorCode", CommonErrorCode.EXPIRED_TOKEN_ERROR);
+            filterChain.doFilter(request, response);
+        } catch (UnsupportedJwtException e) {
+            log.error("UnsupportedJwtException: {}", e.getMessage());
+            request.setAttribute("errorCode", CommonErrorCode.TOKEN_UNSUPPORTED_ERROR);
+            filterChain.doFilter(request, response);
+        } catch (JwtException e) {
+            log.error("JwtException: {}", e.getMessage());
+            request.setAttribute("errorCode", CommonErrorCode.TOKEN_UNKNOWN_ERROR);
+            filterChain.doFilter(request, response);
+        } catch (IllegalArgumentException e) {
+            log.error("IllegalArgumentException: {}", e.getMessage());
+            request.setAttribute("errorCode", CommonErrorCode.TOKEN_TYPE_ERROR);
+            filterChain.doFilter(request, response);
+        } catch (UsernameNotFoundException e) {
+            log.error("UsernameNotFoundException: {}", e.getMessage());
+            request.setAttribute("errorCode", CommonErrorCode.AUTHENTICATION_USER_NOT_FOUND);
+            filterChain.doFilter(request, response);
+        } catch (AuthenticationCredentialsNotFoundException e) {
+            log.error("AuthenticationCredentialsNotFoundException: {}", e.getMessage());
+            request.setAttribute("errorCode", CommonErrorCode.INVALID_HEADER_VALUE);
+            filterChain.doFilter(request, response);
+        } catch (Exception e) {
+            log.error("Unexpected filter exception: {}", e.getMessage());
+            request.setAttribute("errorCode", CommonErrorCode.INTERNAL_SERVER_ERROR);
             filterChain.doFilter(request, response);
         } finally {
             MdcUtils.clear();
         }
     }
-
 }