[Feat] Jwt를 이용한 로그인 기능 구현

build.gradle

@@ -48,9 +48,9 @@ dependencies {
 	implementation 'org.springdoc:springdoc-openapi-starter-webmvc-ui:2.7.0'
 
 	// JWT -> 원하는 버전 사용
-	implementation 'io.jsonwebtoken:jjwt-api:0.11.5'
-	implementation 'io.jsonwebtoken:jjwt-impl:0.11.5'
-	implementation 'io.jsonwebtoken:jjwt-jackson:0.11.5'
+	implementation 'io.jsonwebtoken:jjwt-api:0.12.3'
+	implementation 'io.jsonwebtoken:jjwt-impl:0.12.3'
+	implementation 'io.jsonwebtoken:jjwt-jackson:0.12.3'
 
 	// Redis
 	implementation 'org.springframework.boot:spring-boot-starter-data-redis'

src/main/java/com/WhoIsRoom/WhoIs_Server/WhoIsServerApplication.java

@@ -2,7 +2,9 @@
 
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.data.jpa.repository.config.EnableJpaAuditing;
 
+@EnableJpaAuditing
 @SpringBootApplication
 public class WhoIsServerApplication {
 

src/main/java/com/WhoIsRoom/WhoIs_Server/domain/auth/controller/AuthController.java

@@ -0,0 +1,33 @@
+package com.WhoIsRoom.WhoIs_Server.domain.auth.controller;
+
+import com.WhoIsRoom.WhoIs_Server.domain.auth.service.JwtService;
+import com.WhoIsRoom.WhoIs_Server.global.common.response.BaseResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestParam;
+import org.springframework.web.bind.annotation.RestController;
+
+@Slf4j
+@RestController
+@RequiredArgsConstructor
+@RequestMapping("/api/auth")
+public class AuthController {
+
+    private final JwtService jwtService;
+
+    @PostMapping("/logout")
+    public BaseResponse<Void> logout(HttpServletRequest request){
+        jwtService.logout(request);
+        return BaseResponse.ok(null);
+    }
+
+    @PostMapping("/reissue")
+    public BaseResponse<Void> reissueTokens(HttpServletRequest request, HttpServletResponse response) {
+        jwtService.reissueTokens(request, response);
+        return BaseResponse.ok(null);
+    }
+}

src/main/java/com/WhoIsRoom/WhoIs_Server/domain/auth/dto/request/LoginRequest.java

@@ -0,0 +1,14 @@
+package com.WhoIsRoom.WhoIs_Server.domain.auth.dto.request;
+
+import lombok.AccessLevel;
+import lombok.Getter;
+import lombok.NoArgsConstructor;
+import lombok.Setter;
+
+@Getter
+@Setter
+@NoArgsConstructor(access = AccessLevel.PROTECTED)
+public class LoginRequest {
+    private String email;
+    private String password;
+}

src/main/java/com/WhoIsRoom/WhoIs_Server/domain/auth/dto/response/LoginResponse.java

@@ -0,0 +1,11 @@
+package com.WhoIsRoom.WhoIs_Server.domain.auth.dto.response;
+
+import lombok.Builder;
+import lombok.Getter;
+
+@Getter
+@Builder
+public class LoginResponse {
+    private String accessToken;
+    private String refreshToken;
+}

src/main/java/com/WhoIsRoom/WhoIs_Server/domain/auth/exception/CustomAuthenticationException.java

@@ -0,0 +1,15 @@
+package com.WhoIsRoom.WhoIs_Server.domain.auth.exception;
+
+import com.WhoIsRoom.WhoIs_Server.global.common.response.ErrorCode;
+import lombok.Getter;
+import org.springframework.security.core.AuthenticationException;
+
+@Getter
+public class CustomAuthenticationException extends AuthenticationException {
+    private final ErrorCode errorCode;
+
+    public CustomAuthenticationException(ErrorCode errorCode) {
+        super(errorCode.getMessage());
+        this.errorCode = errorCode;
+    }
+}

src/main/java/com/WhoIsRoom/WhoIs_Server/domain/auth/exception/CustomJwtException.java

@@ -0,0 +1,15 @@
+package com.WhoIsRoom.WhoIs_Server.domain.auth.exception;
+
+import com.WhoIsRoom.WhoIs_Server.global.common.response.ErrorCode;
+import io.jsonwebtoken.JwtException;
+import lombok.Getter;
+
+@Getter
+public class CustomJwtException extends JwtException {
+    private final ErrorCode errorCode;
+
+    public CustomJwtException(ErrorCode errorCode) {
+        super(errorCode.getMessage());
+        this.errorCode = errorCode;
+    }
+}

src/main/java/com/WhoIsRoom/WhoIs_Server/domain/auth/filter/CustomLoginFilter.java

@@ -0,0 +1,70 @@
+package com.WhoIsRoom.WhoIs_Server.domain.auth.filter;
+
+import com.WhoIsRoom.WhoIs_Server.domain.auth.dto.request.LoginRequest;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.authentication.AuthenticationServiceException;
+import org.springframework.security.authentication.BadCredentialsException;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.web.authentication.AuthenticationFailureHandler;
+import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
+import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+
+import java.io.IOException;
+
+@Slf4j
+public class CustomLoginFilter extends UsernamePasswordAuthenticationFilter {
+
+    private final ObjectMapper objectMapper;
+
+    public CustomLoginFilter(AuthenticationManager authenticationManager,
+                            ObjectMapper objectMapper,
+                            AuthenticationSuccessHandler successHandler,
+                            AuthenticationFailureHandler failureHandler) {
+        this.objectMapper = objectMapper;
+        super.setFilterProcessesUrl("/api/auth/login");
+        super.setAuthenticationManager(authenticationManager);
+        super.setAuthenticationSuccessHandler(successHandler);
+        super.setAuthenticationFailureHandler(failureHandler);
+    }
+
+    @Override
+    public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response)
+            throws AuthenticationException {
+
+        log.info("=== Login Filter (JSON only) 진입 ===");
+
+        if (!"POST".equalsIgnoreCase(request.getMethod())) {
+            throw new AuthenticationServiceException("지원하지 않는 HTTP 메서드입니다.");
+        }
+
+        String contentType = request.getContentType();
+        if (contentType == null || !contentType.toLowerCase().contains("application/json")) {
+            throw new AuthenticationServiceException("Content-Type application/json 만 허용됩니다.");
+        }
+
+        LoginRequest login;
+        try {
+            login = objectMapper.readValue(request.getInputStream(), LoginRequest.class);
+        } catch (IOException e) {
+            throw new AuthenticationServiceException("JSON 파싱 실패", e);
+        }
+
+        String email = login.getEmail();
+        String password = login.getPassword();
+
+        if (email == null || email.isBlank() || password == null || password.isBlank()) {
+            throw new BadCredentialsException("이메일/비밀번호가 비어있습니다.");
+        }
+
+        UsernamePasswordAuthenticationToken authToken =
+                new UsernamePasswordAuthenticationToken(email.trim(), password);
+
+        return this.getAuthenticationManager().authenticate(authToken);
+    }
+}

src/main/java/com/WhoIsRoom/WhoIs_Server/domain/auth/filter/JwtAuthenticationFilter.java

@@ -0,0 +1,109 @@
+package com.WhoIsRoom.WhoIs_Server.domain.auth.filter;
+
+import com.WhoIsRoom.WhoIs_Server.domain.auth.exception.CustomAuthenticationException;
+import com.WhoIsRoom.WhoIs_Server.domain.auth.exception.CustomJwtException;
+import com.WhoIsRoom.WhoIs_Server.domain.auth.model.UserPrincipal;
+import com.WhoIsRoom.WhoIs_Server.domain.auth.service.JwtService;
+import com.WhoIsRoom.WhoIs_Server.domain.auth.util.JwtUtil;
+import com.WhoIsRoom.WhoIs_Server.global.common.response.ErrorCode;
+import io.jsonwebtoken.JwtException;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException;
+import org.springframework.security.authentication.BadCredentialsException;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.stereotype.Component;
+import org.springframework.util.AntPathMatcher;
+import org.springframework.web.filter.GenericFilterBean;
+import org.springframework.web.filter.OncePerRequestFilter;
+
+import javax.security.sasl.AuthenticationException;
+import java.io.IOException;
+import java.util.Arrays;
+import java.util.List;
+import java.util.Optional;
+
+@Slf4j
+@Component
+@RequiredArgsConstructor
+public class JwtAuthenticationFilter extends OncePerRequestFilter {
+    private final JwtUtil jwtUtil;
+    private final JwtService jwtService;
+
+    // 인증을 안해도 되니 토큰이 필요없는 URL들 (에러: 로그인이 필요합니다)
+    public final static List<String> PASS_URIS = Arrays.asList(
+            "/api/users/signup",
+            "/api/auth/**"
+    );
+
+    private static final AntPathMatcher ANT = new AntPathMatcher();
+
+    @Override
+    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
+
+        if(isPassUri(request.getRequestURI())) {
+            log.info("JWT Filter Passed (pass uri) : {}", request.getRequestURI());
+            filterChain.doFilter(request, response);
+            return;
+        }
+
+        // 엑세스 토큰이 없으면 Authentication도 없음 -> EntryPoint (401)
+        log.info("Request URI: {}", request.getRequestURI()); // 요청 URI 로깅
+        String accessToken = jwtUtil.extractAccessToken(request)
+                .orElseThrow(() -> new CustomAuthenticationException(ErrorCode.SECURITY_UNAUTHORIZED));
+
+        // 토큰 유효성 검사
+        jwtUtil.validateToken(accessToken);
+
+        // 토큰 타입 검사
+        if(!"access".equals(jwtUtil.getTokenType(accessToken))) {
+            throw new CustomJwtException(ErrorCode.INVALID_TOKEN_TYPE);
+        }
+
+        // 로그아웃 체크
+        jwtService.checkLogout(accessToken);
+
+        // 권한 리스트 생성
+        List<GrantedAuthority> authorities = Arrays.asList(new SimpleGrantedAuthority(jwtUtil.getRole(accessToken)));
+        log.info("Granted Authorities : {}", authorities);
+        UserPrincipal principal = new UserPrincipal(
+                jwtUtil.getUserId(accessToken),
+                jwtUtil.getName(accessToken),
+                null, // 패스워드는 필요 없음
+                jwtUtil.getProviderId(accessToken),
+                authorities
+        );
+        log.info("UserPrincipal.userId: {}", principal.getUserId());
+        log.info("UserPrincipal.nickName: {}", principal.getUsername());
+        log.info("UserPrincipal.providerId: {}", principal.getProviderId());
+        log.info("UserPrincipal.role: {}", principal.getAuthorities().stream().findFirst().get().toString());
+
+        Authentication authToken = null;
+        if ("localhost".equals(principal.getProviderId())) {
+            // 폼 로그인(자체 회원)
+            authToken = new UsernamePasswordAuthenticationToken(principal, null, authorities);
+        }
+//        else {
+//            // 소셜 로그인
+//      authToken = new OAuth2AuthenticationToken(principal, authorities, loginProvider);
+//        }
+        log.info("Authentication set in SecurityContext: {}", SecurityContextHolder.getContext().getAuthentication());
+        log.info("Authorities in SecurityContext: {}", authToken.getAuthorities());
+
+        log.info("JWT Filter Success : {}", request.getRequestURI());
+        SecurityContextHolder.getContext().setAuthentication(authToken);
+        filterChain.doFilter(request, response);
+    }
+
+    private boolean isPassUri(String uri) {
+        return PASS_URIS.stream().anyMatch(pattern -> ANT.match(pattern, uri));
+    }
+}

src/main/java/com/WhoIsRoom/WhoIs_Server/domain/auth/handler/exception/CustomAccessDeniedHandler.java

@@ -0,0 +1,31 @@
+package com.WhoIsRoom.WhoIs_Server.domain.auth.handler.exception;
+
+import com.WhoIsRoom.WhoIs_Server.domain.auth.exception.CustomAuthenticationException;
+import com.WhoIsRoom.WhoIs_Server.global.common.response.ErrorCode;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.security.access.AccessDeniedException;
+import org.springframework.security.web.access.AccessDeniedHandler;
+import org.springframework.stereotype.Component;
+
+import java.io.IOException;
+import java.util.Map;
+
+import static com.WhoIsRoom.WhoIs_Server.domain.auth.util.SecurityErrorResponseUtil.setErrorResponse;
+
+@Slf4j
+@Component
+public class CustomAccessDeniedHandler implements AccessDeniedHandler {
+
+    @Override
+    public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException accessDeniedException) throws IOException{
+
+        log.info("=== AccessDeniedHandler 진입 ===");
+
+        ErrorCode code = ErrorCode.SECURITY_ACCESS_DENIED;
+        setErrorResponse(response, code);
+    }
+}

src/main/java/com/WhoIsRoom/WhoIs_Server/domain/auth/handler/exception/CustomAuthenticationEntryPoint.java

@@ -0,0 +1,50 @@
+package com.WhoIsRoom.WhoIs_Server.domain.auth.handler.exception;
+
+import com.WhoIsRoom.WhoIs_Server.domain.auth.exception.CustomAuthenticationException;
+import com.WhoIsRoom.WhoIs_Server.global.common.response.ErrorCode;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.web.AuthenticationEntryPoint;
+import org.springframework.stereotype.Component;
+
+import java.io.IOException;
+
+import static com.WhoIsRoom.WhoIs_Server.domain.auth.util.SecurityErrorResponseUtil.setErrorResponse;
+
+@Slf4j
+@Component
+public class CustomAuthenticationEntryPoint implements AuthenticationEntryPoint {
+
+    @Override
+    public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException) throws IOException{
+        log.info("=== AuthenticationEntryPoint 진입 ===");
+
+        ErrorCode code = ErrorCode.SECURITY_UNAUTHORIZED;
+
+        if (authException instanceof CustomAuthenticationException e) {
+            code = e.getErrorCode(); // 커스텀 코드 사용
+        }
+        setErrorResponse(response, code);
+    }
+}
+/**
+ * [CustomAuthenticationEntryPoint]
+ *
+ * 📌 Spring Security에서 인증(Authentication)에 실패했을 때 호출되는 진입점 클래스입니다.
+ *
+ * ✅ 주요 처리 대상:
+ * - Spring Security 내부에서 발생한 AuthenticationException
+ *   (ex. UsernameNotFoundException, BadCredentialsException, 인증 객체 없음 등)
+ *
+ * ✅ 동작 방식:
+ * - 인증되지 않은 사용자가 보호된 리소스에 접근 시
+ * - Spring Security의 ExceptionTranslationFilter가 감지
+ * - 이 EntryPoint의 commence() 메서드가 호출됨
+ * - 401 Unauthorized 상태 코드와 공통 JSON 에러 응답 반환
+ *
+ * ✅ 처리하지 않는 예외:
+ * - 필터 단계에서 발생한 JwtException 은  ExceptionHandlerFilter에서 처리됨
+ **/