feat: 쿠키관련 시큐리티 재설정3

NOzigak · Jul 11, 2024 · e7e9ff5 · e7e9ff5
1 parent 535f2bc
commit e7e9ff5
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 6 deletions.
diff --git a/src/main/java/hamsung/hamsung_project/config/jwt/CustomLogoutFilter.java b/src/main/java/hamsung/hamsung_project/config/jwt/CustomLogoutFilter.java
@@ -12,6 +12,7 @@
 import org.springframework.web.filter.GenericFilterBean;
 
 import java.io.IOException;
+import java.util.Date;
 
 public class CustomLogoutFilter extends GenericFilterBean {
 
@@ -99,11 +100,15 @@ private void doFilter(HttpServletRequest request, HttpServletResponse response,
         refreshRepository.deleteByRefresh(refresh);
 
         //Refresh 토큰 Cookie 값 0
-        Cookie cookie = new Cookie("refresh", null);
-        cookie.setMaxAge(0);
-        cookie.setPath("/");
+//        Cookie cookie = new Cookie("refresh", null);
+//        cookie.setMaxAge(0);
+//        cookie.setPath("/");
+//        response.addCookie(cookie);
+
+        response.setHeader("Set-Cookie",
+                "refresh=" + null + "; Path=/; HttpOnly; SameSite=None; Secure;");
+
 
-        response.addCookie(cookie);
         response.setStatus(HttpServletResponse.SC_OK);
 
     }

diff --git a/src/main/java/hamsung/hamsung_project/config/jwt/LoginFilter.java b/src/main/java/hamsung/hamsung_project/config/jwt/LoginFilter.java
@@ -91,14 +91,14 @@ protected void successfulAuthentication(HttpServletRequest request
         //토큰 생성
         String access = jwtUtil.createJwt(userId,"access", username, role, 1000 * 60 * 10L); // (1초 * 60) * 10 = 10분
         String refresh = jwtUtil.createJwt(userId,"refresh", username, role, 86400000L);
-        String expires = new Date(System.currentTimeMillis() + 1000L * 60 * 60 * 24).toString(); // 1일 후 만료
 
         //Refresh 토큰 저장
         addRefreshEntity(userId ,username, refresh, 86400000L);
 
         //응답 설정
         response.setHeader("access", access);
 //        response.addCookie(jwtUtil.createCookie("refresh", refresh));
+        String expires = new Date(System.currentTimeMillis() + 1000L * 60 * 60 * 24).toString(); // 1일 후 만료
         response.setHeader("Set-Cookie",
                 "refresh=" + refresh + "; Path=/; HttpOnly; SameSite=None; Secure; expires=" + expires);
         response.setStatus(HttpStatus.OK.value());

diff --git a/src/main/java/hamsung/hamsung_project/service/RefreshService.java b/src/main/java/hamsung/hamsung_project/service/RefreshService.java
@@ -81,7 +81,11 @@ public ResponseEntity<?>    reissue(HttpServletRequest request, HttpServletRespo
 
         //response
         response.setHeader("access", newAccess);
-        response.addCookie(jwtUtil.createCookie("refresh", newRefresh));
+//        response.addCookie(jwtUtil.createCookie("refresh", newRefresh));
+
+        String expires = new Date(System.currentTimeMillis() + 1000L * 60 * 60 * 24).toString(); // 1일 후 만료
+        response.setHeader("Set-Cookie",
+                "refresh=" + newRefresh + "; Path=/; HttpOnly; SameSite=None; Secure; expires=" + expires);
 
         return new ResponseEntity<>(HttpStatus.OK);
     }