Security 관련 코드 리팩토링 & 카카오 로그인 방식 제거

module-api/src/main/java/com/zoopi/controller/ResultCode.java

@@ -8,8 +8,8 @@
 public enum ResultCode {
 
 	// Member
-	EMAIL_AVAILABLE(200, "R-M001", "사용 가능한 이메일입니다."),
-	EMAIL_DUPLICATE(200, "R-M002", "이미 사용 중인 이메일입니다."),
+	USERNAME_AVAILABLE(200, "R-M001", "사용 가능한 아이디입니다."),
+	USERNAME_DUPLICATE(200, "R-M002", "이미 사용 중인 아이디입니다."),
 	PHONE_AVAILABLE(200, "R-M003", "사용 가능한 휴대폰 번호입니다."),
 	PHONE_DUPLICATE(200, "R-M004", "이미 사용 중인 휴대폰 번호입니다."),
 	SIGN_UP_SUCCESS(200, "R-M005", "회원 가입에 성공하였습니다."),

module-api/src/main/java/com/zoopi/controller/member/MemberAuthController.java

@@ -4,7 +4,6 @@
 import static com.zoopi.domain.member.dto.SigninResponse.SigninResult.*;
 
 import javax.validation.Valid;
-import javax.validation.constraints.Email;
 import javax.validation.constraints.Pattern;
 import javax.validation.constraints.Size;
 
@@ -28,7 +27,6 @@
 import com.zoopi.domain.authentication.service.AuthenticationService;
 import com.zoopi.domain.authentication.service.BanService;
 import com.zoopi.domain.member.dto.SigninResponse;
-import com.zoopi.domain.member.entity.JoinType;
 import com.zoopi.domain.member.service.MemberService;
 import com.zoopi.util.AuthenticationCodeUtils;
 
@@ -53,19 +51,19 @@ public class MemberAuthController {
 
 	// TODO: @APiResponse 추가
 
-	@ApiOperation(value = "이메일 유효성 검사")
-	@ApiImplicitParam(name = "email", value = "이메일", required = true, example = "zoopi@gmail.com")
-	@PostMapping("/email/validate")
-	public ResponseEntity<ResultResponse> validateEmail(@RequestParam @Size(max = 30) @Email String email) {
-		final boolean isValidated = memberService.validateEmail(email);
+	@ApiOperation(value = "아이디 유효성 검사")
+	@ApiImplicitParam(name = "username", value = "아이디", required = true, example = "zoopi")
+	@PostMapping("/username/validate")
+	public ResponseEntity<ResultResponse> validateUsername(@RequestParam @Size(max = 30) String username) {
+		final boolean isValidated = memberService.validateUsername(username);
 		final ResultCode resultCode;
 		if (isValidated) {
-			resultCode = EMAIL_AVAILABLE;
+			resultCode = USERNAME_AVAILABLE;
 		} else {
-			resultCode = EMAIL_DUPLICATE;
+			resultCode = USERNAME_DUPLICATE;
 		}
 
-		final ValidationResponse response = new ValidationResponse(email, isValidated);
+		final ValidationResponse response = new ValidationResponse(username, isValidated);
 		return ResponseEntity.ok(ResultResponse.of(resultCode, response));
 	}
 
@@ -139,13 +137,13 @@ public ResponseEntity<ResultResponse> deleteExpiredAuthenticationCodes() {
 		return ResponseEntity.ok(ResultResponse.of(DELETE_ALL_EXPIRED_AUTHENTICATION_CODES));
 	}
 
-	@ApiOperation(value = "이메일 회원 가입")
-	@PostMapping("/signup/email")
-	public ResponseEntity<ResultResponse> signupByEmail(@Valid @RequestBody SignupRequest request) {
+	@ApiOperation(value = "일반 회원 가입")
+	@PostMapping("/signup")
+	public ResponseEntity<ResultResponse> signup(@Valid @RequestBody SignupRequest request) {
 		authenticationService.validatePassword(request.getPassword(), request.getPasswordCheck());
-		if (!memberService.validateEmail(request.getEmail())) {
-			final ValidationResponse response = new ValidationResponse(request.getEmail(), false);
-			return ResponseEntity.ok(ResultResponse.of(EMAIL_DUPLICATE, response));
+		if (!memberService.validateUsername(request.getUsername())) {
+			final ValidationResponse response = new ValidationResponse(request.getUsername(), false);
+			return ResponseEntity.ok(ResultResponse.of(USERNAME_DUPLICATE, response));
 		}
 		if (!memberService.validatePhone(request.getPhone())) {
 			final ValidationResponse response = new ValidationResponse(request.getPhone(), false);
@@ -162,16 +160,16 @@ public ResponseEntity<ResultResponse> signupByEmail(@Valid @RequestBody SignupRe
 			return ResponseEntity.ok(ResultResponse.of(AUTHENTICATION_KEY_NOT_AUTHENTICATED, response));
 		}
 
-		memberService.createMember(request.getEmail(), request.getPhone(), request.getName(), request.getPassword(), JoinType.EMAIL);
+		memberService.createMember(request.getUsername(), request.getPhone(), "", request.getPassword(), "");
 
 		return ResponseEntity.ok(ResultResponse.of(SIGN_UP_SUCCESS));
 	}
 
 	// TODO: RefreshToken -> Cookie 저장
-	@ApiOperation(value = "이메일 로그인")
-	@PostMapping("/signin/email")
+	@ApiOperation(value = "일반 로그인")
+	@PostMapping("/signin")
 	public ResponseEntity<ResultResponse> signinByEmail(@Valid @RequestBody SigninRequest request) {
-		final SigninResponse response = memberService.signin(request.getEmail(), request.getPassword());
+		final SigninResponse response = memberService.signin(request.getUsername(), request.getPassword());
 		final ResultCode resultCode;
 		if (response.getResult().equals(NONEXISTENT_USERNAME)) {
 			resultCode = MEMBER_USERNAME_NONEXISTENT;

module-api/src/main/java/com/zoopi/controller/member/request/SigninRequest.java

@@ -1,8 +1,6 @@
 package com.zoopi.controller.member.request;
 
-import javax.validation.constraints.Email;
 import javax.validation.constraints.NotBlank;
-import javax.validation.constraints.NotNull;
 import javax.validation.constraints.Size;
 
 import lombok.AccessLevel;
@@ -17,10 +15,9 @@
 @NoArgsConstructor(access = AccessLevel.PROTECTED)
 public class SigninRequest {
 
-	@NotNull
+	@NotBlank
 	@Size(max = 30)
-	@Email
-	private String email;
+	private String username;
 
 	@Size(max = 30)
 	@NotBlank

module-api/src/main/java/com/zoopi/controller/member/request/SignupRequest.java

@@ -1,6 +1,5 @@
 package com.zoopi.controller.member.request;
 
-import javax.validation.constraints.Email;
 import javax.validation.constraints.NotBlank;
 import javax.validation.constraints.NotNull;
 import javax.validation.constraints.Pattern;
@@ -18,10 +17,9 @@
 @NoArgsConstructor(access = AccessLevel.PROTECTED)
 public class SignupRequest {
 
-	@NotNull
+	@NotBlank
 	@Size(max = 30)
-	@Email
-	private String email;
+	private String username;
 
 	@NotNull
 	@Pattern(regexp = "^.*(?=^.{10,20}$)(?=.*\\d)(?=.*[a-zA-Z])(?=.*[`~!@#$%^&*()+=]).*$")
@@ -35,10 +33,6 @@ public class SignupRequest {
 	@Pattern(regexp = "^01(?:0|1|[6-9])(?:\\d{3}|\\d{4})\\d{4}$")
 	private String phone;
 
-	@NotNull
-	@Pattern(regexp = "^[\\da-zA-Z가-힣]{1,10}$")
-	private String name;
-
 	@NotBlank
 	@Size(max = 36)
 	private String authenticationKey;

module-domain/src/main/java/com/zoopi/config/ObjectMapperConfig.java

@@ -0,0 +1,16 @@
+package com.zoopi.config;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+
+import com.fasterxml.jackson.databind.ObjectMapper;
+
+@Configuration
+public class ObjectMapperConfig {
+
+	@Bean
+	public ObjectMapper objectMapper() {
+		return new ObjectMapper();
+	}
+
+}

module-domain/src/main/java/com/zoopi/config/security/WebSecurityConfig.java

@@ -15,6 +15,7 @@
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.config.http.SessionCreationPolicy;
+import org.springframework.security.web.authentication.AuthenticationEntryPointFailureHandler;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
 import org.springframework.security.web.util.matcher.RequestMatcher;
 import org.springframework.web.cors.CorsConfiguration;
@@ -60,6 +61,11 @@ public void configure(WebSecurity web) {
 		web.ignoring().requestMatchers(PathRequest.toStaticResources().atCommonLocations());
 	}
 
+	@Bean
+	public AuthenticationEntryPointFailureHandler authenticationEntryPointFailureHandler() {
+		return new AuthenticationEntryPointFailureHandler(authenticationEntryPoint);
+	}
+
 	@Override
 	protected void configure(HttpSecurity http) throws Exception {
 		http
@@ -90,6 +96,7 @@ protected void configure(HttpSecurity http) throws Exception {
 			.and()
 
 			.successHandler(oAuth2SuccessHandler)
+			.failureHandler(authenticationEntryPointFailureHandler())
 			.userInfoEndpoint().userService(oAuth2UserService)
 		;
 
@@ -104,6 +111,7 @@ public JwtAuthenticationFilter jwtAuthenticationFilter() throws Exception {
 		final RequestMatcher matcher = new SkipPathRequestMatcher(skipPaths);
 		final JwtAuthenticationFilter filter = new JwtAuthenticationFilter(matcher, jwtUtils);
 		filter.setAuthenticationManager(super.authenticationManager());
+		filter.setAuthenticationFailureHandler(authenticationEntryPointFailureHandler());
 		return filter;
 	}
 

module-domain/src/main/java/com/zoopi/config/security/exception/CustomAuthenticationException.java

@@ -0,0 +1,31 @@
+package com.zoopi.config.security.exception;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import org.springframework.security.core.AuthenticationException;
+
+import com.zoopi.exception.response.ErrorCode;
+import com.zoopi.exception.response.ErrorResponse;
+
+import lombok.Getter;
+
+@Getter
+public abstract class CustomAuthenticationException extends AuthenticationException {
+
+	private final ErrorCode errorCode;
+	private final List<ErrorResponse.FieldError> errors;
+
+	public CustomAuthenticationException(ErrorCode errorCode, List<ErrorResponse.FieldError> errors) {
+		super(errorCode.getMessage());
+		this.errorCode = errorCode;
+		this.errors = errors;
+	}
+
+	public CustomAuthenticationException(ErrorCode errorCode) {
+		super(errorCode.getMessage());
+		this.errorCode = errorCode;
+		this.errors = new ArrayList<>();
+	}
+
+}

module-domain/src/main/java/com/zoopi/config/security/handler/CustomAuthenticationEntryPoint.java

@@ -1,9 +1,6 @@
 package com.zoopi.config.security.handler;
 
-import static com.zoopi.exception.response.ErrorCode.*;
-
 import java.io.OutputStream;
-import java.util.List;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
@@ -15,23 +12,23 @@
 import org.springframework.stereotype.Component;
 
 import com.fasterxml.jackson.databind.ObjectMapper;
-import com.zoopi.config.security.jwt.exception.JwtAuthenticationException;
+import com.zoopi.config.security.exception.CustomAuthenticationException;
 import com.zoopi.exception.response.ErrorResponse;
 
+import lombok.RequiredArgsConstructor;
+
 @Component
+@RequiredArgsConstructor
 public class CustomAuthenticationEntryPoint implements AuthenticationEntryPoint {
 
+	private final ObjectMapper objectMapper;
+
 	@Override
 	public void commence(HttpServletRequest request, HttpServletResponse response,
 		AuthenticationException authException) {
-		final JwtAuthenticationException exception = (JwtAuthenticationException)authException;
-		final int status = AUTHENTICATION_FAILURE.getStatus();
-		final String code = AUTHENTICATION_FAILURE.getCode();
-		final String message = AUTHENTICATION_FAILURE.getMessage();
-		final List<ErrorResponse.FieldError> errors = exception.getErrors();
-		final ErrorResponse errorResponse = ErrorResponse.of(status, code, message, errors);
-
-		final ObjectMapper objectMapper = new ObjectMapper();
+		final CustomAuthenticationException exception = (CustomAuthenticationException)authException;
+		final ErrorResponse errorResponse = ErrorResponse.of(exception.getErrorCode(), exception.getErrors());
+
 		try (OutputStream os = response.getOutputStream()) {
 			objectMapper.writeValue(os, errorResponse);
 			os.flush();

module-domain/src/main/java/com/zoopi/config/security/jwt/JwtAuthenticationFilter.java

@@ -22,17 +22,10 @@
 public class JwtAuthenticationFilter extends AbstractAuthenticationProcessingFilter {
 
 	private final JwtUtils jwtUtils;
-	private final RequestMatcher matcher;
 
 	public JwtAuthenticationFilter(RequestMatcher matcher, JwtUtils jwtUtils) {
-		super(ALL_PATTERN);
+		super(matcher);
 		this.jwtUtils = jwtUtils;
-		this.matcher = matcher;
-	}
-
-	@Override
-	protected boolean requiresAuthentication(HttpServletRequest request, HttpServletResponse response) {
-		return matcher.matches(request);
 	}
 
 	@Override
@@ -54,14 +47,14 @@ public Authentication attemptAuthentication(HttpServletRequest request, HttpServ
 	protected void successfulAuthentication(HttpServletRequest request, HttpServletResponse response, FilterChain chain,
 		Authentication authResult) throws IOException, ServletException {
 		SecurityContextHolder.getContext().setAuthentication(authResult);
-		super.successfulAuthentication(request, response, chain, authResult);
+		chain.doFilter(request, response);
 	}
 
 	@Override
 	protected void unsuccessfulAuthentication(HttpServletRequest request, HttpServletResponse response,
 		AuthenticationException failed) throws IOException, ServletException {
 		SecurityContextHolder.clearContext();
-		super.unsuccessfulAuthentication(request, response, failed);
+		super.getFailureHandler().onAuthenticationFailure(request, response, failed);
 	}
 
 }

module-domain/src/main/java/com/zoopi/config/security/jwt/exception/JwtAuthenticationException.java

@@ -2,21 +2,18 @@
 
 import java.util.List;
 
-import org.springframework.security.core.AuthenticationException;
-
+import com.zoopi.config.security.exception.CustomAuthenticationException;
 import com.zoopi.exception.response.ErrorCode;
 import com.zoopi.exception.response.ErrorResponse;
 
 import lombok.Getter;
 
 @Getter
-public class JwtAuthenticationException extends AuthenticationException {
+public class JwtAuthenticationException extends CustomAuthenticationException {
 
-	private final List<ErrorResponse.FieldError> errors;
 
 	public JwtAuthenticationException(List<ErrorResponse.FieldError> errors) {
-		super(ErrorCode.AUTHENTICATION_FAILURE.getMessage());
-		this.errors = errors;
+		super(ErrorCode.AUTHENTICATION_FAILURE, errors);
 	}
 
 }