Skip to content

feat: JWT 인증 필터에서 액세스 토큰 및 검증 토큰 처리 로직 개선 #398

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
fivedragon5 merged 1 commit into from
Jan 4, 2026
Merged

feat: JWT 인증 필터에서 액세스 토큰 및 검증 토큰 처리 로직 개선 #398

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
44 changes: 30 additions & 14 deletions src/main/java/org/ject/support/common/security/jwt/JwtAuthenticationFilter.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
package org.ject.support.common.security.jwt;

import jakarta.servlet.FilterChain;
import jakarta.servlet.http.Cookie;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import lombok.RequiredArgsConstructor;
Expand Down Expand Up @@ -40,33 +41,40 @@ public class JwtAuthenticationFilter extends OncePerRequestFilter {
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain) {

String accessToken = jwtTokenProvider.resolveAccessToken(request);

try {
// =========================
// 1. Access Token 처리 (선택 인증)
// =========================
String accessToken = jwtTokenProvider.resolveAccessToken(request);

if (accessToken != null) {
if (!jwtTokenProvider.validateToken(accessToken)) {
throw new AuthException(AuthErrorCode.INVALID_TOKEN);
if (jwtTokenProvider.validateToken(accessToken)) {
Authentication auth = jwtTokenProvider.getAuthenticationByToken(accessToken);
SecurityContextHolder.getContext().setAuthentication(auth);
} else {
clearAuthCookie(response, "accessToken");
SecurityContextHolder.clearContext();
}
Authentication auth = jwtTokenProvider.getAuthenticationByToken(accessToken);
SecurityContextHolder.getContext().setAuthentication(auth);
chain.doFilter(request, response);
return;
}

String verificationToken = jwtTokenProvider.resolveVerificationToken(request);
// =========================
// 2. Verification Token 처리 (의도적 인증)
// =========================
String verificationToken =
jwtTokenProvider.resolveVerificationToken(request);

if (verificationToken != null) {
if (!jwtTokenProvider.validateToken(verificationToken)) {
// verification token은 실패 시 에러가 맞음
throw new AuthException(AuthErrorCode.INVALID_TOKEN);
}
// verification 토큰에서 이메일 추출

String email = jwtTokenProvider.extractEmailFromVerificationToken(verificationToken);

Authentication auth = createVerificationAuthentication(email);
SecurityContextHolder.getContext().setAuthentication(auth);
chain.doFilter(request, response);
return;
}

// 두 토큰 모두 없으면 인증 없이 진행 (익명 요청)
chain.doFilter(request, response);

} catch (Exception e) {
Expand All @@ -87,5 +95,13 @@ private Authentication createVerificationAuthentication(String email) {
return new UsernamePasswordAuthenticationToken(
userDetails, "", authorities);
}
}

private void clearAuthCookie(HttpServletResponse response, String cookieName) {
Cookie cookie = new Cookie(cookieName, null);
cookie.setMaxAge(0);
cookie.setPath("/");
cookie.setHttpOnly(true);
cookie.setSecure(true);
response.addCookie(cookie);
}
}
Loading