diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..e76b04d --- /dev/null +++ b/.gitignore @@ -0,0 +1,14 @@ +.env +.env.* +!.env.example + +target/ + +.idea/ +*.iml + +.DS_Store +Thumbs.db + +*.log +logs/ \ No newline at end of file diff --git a/spring-security/README.md b/spring-security/README.md new file mode 100644 index 0000000..36e04c6 --- /dev/null +++ b/spring-security/README.md @@ -0,0 +1,36 @@ +# 과제명 +JWT 인증 서버 + +## ⚙️ 실행 방법 +1. MySQL에서 데이터베이스 생성 +```sql +CREATE DATABASE security; +``` + +2. '.env'에 데이터베이스 정보 설정 +```env +DB_URL=jdbc:mysql://localhost:3306/security?serverTimezone=Asia/Seoul&Encoding=UTF-8&&useSSL=false&allowPublicKeyRetrieval=true +DB_USERNAME=(MySQL_사용자명) +DB_USERNAME(MySQL_패스워드) + +JWT_SECRET=(Base 64로 인코딩된 JWT 비밀키) +JWT_EXPIRATION_MS=3600000 +``` + +3. Spring Boot 실행 + +## 💡 작업 내용 +- POST /auth/register - 회원가입 구현 +- POST /auth/login → JWT 토큰 수령 구현 +- GET /posts (protected) → Authorization: Bearer {token} 구현 + +## 📡 API 명세 (Spring 과제의 경우) +| Method | URI | 설명 | +|--------|----------------|--------| +| POST | /auth/register | 회원가입 | +| POST | /auth/login | 로그인 | +| GET | /posts | 게시글 조회 | + +## 🤔 느낀 점 / 어려웠던 점 +- JWT의 생성, 검증, 필터 처리 과정이 여러 단계로 되어 있어 전체적인 흐름을 이해하는 데 어려웠다. +- 부족한 예외처리나 글로벌 예외처리는 시간이 좀 나면 작성해야겠다. \ No newline at end of file diff --git a/spring-security/images/get_fail.png b/spring-security/images/get_fail.png new file mode 100644 index 0000000..72c4ce4 Binary files /dev/null and b/spring-security/images/get_fail.png differ diff --git a/spring-security/images/get_success.png b/spring-security/images/get_success.png new file mode 100644 index 0000000..11559b7 Binary files /dev/null and b/spring-security/images/get_success.png differ diff --git a/spring-security/images/login_fail.png b/spring-security/images/login_fail.png new file mode 100644 index 0000000..9f0d3a0 Binary files /dev/null and b/spring-security/images/login_fail.png differ diff --git a/spring-security/images/login_success.png b/spring-security/images/login_success.png new file mode 100644 index 0000000..8880988 Binary files /dev/null and b/spring-security/images/login_success.png differ diff --git a/spring-security/images/register_fail.png b/spring-security/images/register_fail.png new file mode 100644 index 0000000..d8dfcad Binary files /dev/null and b/spring-security/images/register_fail.png differ diff --git a/spring-security/images/register_success.png b/spring-security/images/register_success.png new file mode 100644 index 0000000..f0f8037 Binary files /dev/null and b/spring-security/images/register_success.png differ diff --git a/spring-security/spring-security/.gitattributes b/spring-security/spring-security/.gitattributes new file mode 100644 index 0000000..3b41682 --- /dev/null +++ b/spring-security/spring-security/.gitattributes @@ -0,0 +1,2 @@ +/mvnw text eol=lf +*.cmd text eol=crlf diff --git a/spring-security/spring-security/.gitignore b/spring-security/spring-security/.gitignore new file mode 100644 index 0000000..667aaef --- /dev/null +++ b/spring-security/spring-security/.gitignore @@ -0,0 +1,33 @@ +HELP.md +target/ +.mvn/wrapper/maven-wrapper.jar +!**/src/main/**/target/ +!**/src/test/**/target/ + +### STS ### +.apt_generated +.classpath +.factorypath +.project +.settings +.springBeans +.sts4-cache + +### IntelliJ IDEA ### +.idea +*.iws +*.iml +*.ipr + +### NetBeans ### +/nbproject/private/ +/nbbuild/ +/dist/ +/nbdist/ +/.nb-gradle/ +build/ +!**/src/main/**/build/ +!**/src/test/**/build/ + +### VS Code ### +.vscode/ diff --git a/spring-security/spring-security/.mvn/wrapper/maven-wrapper.properties b/spring-security/spring-security/.mvn/wrapper/maven-wrapper.properties new file mode 100644 index 0000000..216df05 --- /dev/null +++ b/spring-security/spring-security/.mvn/wrapper/maven-wrapper.properties @@ -0,0 +1,3 @@ +wrapperVersion=3.3.4 +distributionType=only-script +distributionUrl=https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.9.16/apache-maven-3.9.16-bin.zip diff --git a/spring-security/spring-security/mvnw b/spring-security/spring-security/mvnw new file mode 100755 index 0000000..bd8896b --- /dev/null +++ b/spring-security/spring-security/mvnw @@ -0,0 +1,295 @@ +#!/bin/sh +# ---------------------------------------------------------------------------- +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# ---------------------------------------------------------------------------- + +# ---------------------------------------------------------------------------- +# Apache Maven Wrapper startup batch script, version 3.3.4 +# +# Optional ENV vars +# ----------------- +# JAVA_HOME - location of a JDK home dir, required when download maven via java source +# MVNW_REPOURL - repo url base for downloading maven distribution +# MVNW_USERNAME/MVNW_PASSWORD - user and password for downloading maven +# MVNW_VERBOSE - true: enable verbose log; debug: trace the mvnw script; others: silence the output +# ---------------------------------------------------------------------------- + +set -euf +[ "${MVNW_VERBOSE-}" != debug ] || set -x + +# OS specific support. +native_path() { printf %s\\n "$1"; } +case "$(uname)" in +CYGWIN* | MINGW*) + [ -z "${JAVA_HOME-}" ] || JAVA_HOME="$(cygpath --unix "$JAVA_HOME")" + native_path() { cygpath --path --windows "$1"; } + ;; +esac + +# set JAVACMD and JAVACCMD +set_java_home() { + # For Cygwin and MinGW, ensure paths are in Unix format before anything is touched + if [ -n "${JAVA_HOME-}" ]; then + if [ -x "$JAVA_HOME/jre/sh/java" ]; then + # IBM's JDK on AIX uses strange locations for the executables + JAVACMD="$JAVA_HOME/jre/sh/java" + JAVACCMD="$JAVA_HOME/jre/sh/javac" + else + JAVACMD="$JAVA_HOME/bin/java" + JAVACCMD="$JAVA_HOME/bin/javac" + + if [ ! -x "$JAVACMD" ] || [ ! -x "$JAVACCMD" ]; then + echo "The JAVA_HOME environment variable is not defined correctly, so mvnw cannot run." >&2 + echo "JAVA_HOME is set to \"$JAVA_HOME\", but \"\$JAVA_HOME/bin/java\" or \"\$JAVA_HOME/bin/javac\" does not exist." >&2 + return 1 + fi + fi + else + JAVACMD="$( + 'set' +e + 'unset' -f command 2>/dev/null + 'command' -v java + )" || : + JAVACCMD="$( + 'set' +e + 'unset' -f command 2>/dev/null + 'command' -v javac + )" || : + + if [ ! -x "${JAVACMD-}" ] || [ ! -x "${JAVACCMD-}" ]; then + echo "The java/javac command does not exist in PATH nor is JAVA_HOME set, so mvnw cannot run." >&2 + return 1 + fi + fi +} + +# hash string like Java String::hashCode +hash_string() { + str="${1:-}" h=0 + while [ -n "$str" ]; do + char="${str%"${str#?}"}" + h=$(((h * 31 + $(LC_CTYPE=C printf %d "'$char")) % 4294967296)) + str="${str#?}" + done + printf %x\\n $h +} + +verbose() { :; } +[ "${MVNW_VERBOSE-}" != true ] || verbose() { printf %s\\n "${1-}"; } + +die() { + printf %s\\n "$1" >&2 + exit 1 +} + +trim() { + # MWRAPPER-139: + # Trims trailing and leading whitespace, carriage returns, tabs, and linefeeds. + # Needed for removing poorly interpreted newline sequences when running in more + # exotic environments such as mingw bash on Windows. + printf "%s" "${1}" | tr -d '[:space:]' +} + +scriptDir="$(dirname "$0")" +scriptName="$(basename "$0")" + +# parse distributionUrl and optional distributionSha256Sum, requires .mvn/wrapper/maven-wrapper.properties +while IFS="=" read -r key value; do + case "${key-}" in + distributionUrl) distributionUrl=$(trim "${value-}") ;; + distributionSha256Sum) distributionSha256Sum=$(trim "${value-}") ;; + esac +done <"$scriptDir/.mvn/wrapper/maven-wrapper.properties" +[ -n "${distributionUrl-}" ] || die "cannot read distributionUrl property in $scriptDir/.mvn/wrapper/maven-wrapper.properties" + +case "${distributionUrl##*/}" in +maven-mvnd-*bin.*) + MVN_CMD=mvnd.sh _MVNW_REPO_PATTERN=/maven/mvnd/ + case "${PROCESSOR_ARCHITECTURE-}${PROCESSOR_ARCHITEW6432-}:$(uname -a)" in + *AMD64:CYGWIN* | *AMD64:MINGW*) distributionPlatform=windows-amd64 ;; + :Darwin*x86_64) distributionPlatform=darwin-amd64 ;; + :Darwin*arm64) distributionPlatform=darwin-aarch64 ;; + :Linux*x86_64*) distributionPlatform=linux-amd64 ;; + *) + echo "Cannot detect native platform for mvnd on $(uname)-$(uname -m), use pure java version" >&2 + distributionPlatform=linux-amd64 + ;; + esac + distributionUrl="${distributionUrl%-bin.*}-$distributionPlatform.zip" + ;; +maven-mvnd-*) MVN_CMD=mvnd.sh _MVNW_REPO_PATTERN=/maven/mvnd/ ;; +*) MVN_CMD="mvn${scriptName#mvnw}" _MVNW_REPO_PATTERN=/org/apache/maven/ ;; +esac + +# apply MVNW_REPOURL and calculate MAVEN_HOME +# maven home pattern: ~/.m2/wrapper/dists/{apache-maven-,maven-mvnd--}/ +[ -z "${MVNW_REPOURL-}" ] || distributionUrl="$MVNW_REPOURL$_MVNW_REPO_PATTERN${distributionUrl#*"$_MVNW_REPO_PATTERN"}" +distributionUrlName="${distributionUrl##*/}" +distributionUrlNameMain="${distributionUrlName%.*}" +distributionUrlNameMain="${distributionUrlNameMain%-bin}" +MAVEN_USER_HOME="${MAVEN_USER_HOME:-${HOME}/.m2}" +MAVEN_HOME="${MAVEN_USER_HOME}/wrapper/dists/${distributionUrlNameMain-}/$(hash_string "$distributionUrl")" + +exec_maven() { + unset MVNW_VERBOSE MVNW_USERNAME MVNW_PASSWORD MVNW_REPOURL || : + exec "$MAVEN_HOME/bin/$MVN_CMD" "$@" || die "cannot exec $MAVEN_HOME/bin/$MVN_CMD" +} + +if [ -d "$MAVEN_HOME" ]; then + verbose "found existing MAVEN_HOME at $MAVEN_HOME" + exec_maven "$@" +fi + +case "${distributionUrl-}" in +*?-bin.zip | *?maven-mvnd-?*-?*.zip) ;; +*) die "distributionUrl is not valid, must match *-bin.zip or maven-mvnd-*.zip, but found '${distributionUrl-}'" ;; +esac + +# prepare tmp dir +if TMP_DOWNLOAD_DIR="$(mktemp -d)" && [ -d "$TMP_DOWNLOAD_DIR" ]; then + clean() { rm -rf -- "$TMP_DOWNLOAD_DIR"; } + trap clean HUP INT TERM EXIT +else + die "cannot create temp dir" +fi + +mkdir -p -- "${MAVEN_HOME%/*}" + +# Download and Install Apache Maven +verbose "Couldn't find MAVEN_HOME, downloading and installing it ..." +verbose "Downloading from: $distributionUrl" +verbose "Downloading to: $TMP_DOWNLOAD_DIR/$distributionUrlName" + +# select .zip or .tar.gz +if ! command -v unzip >/dev/null; then + distributionUrl="${distributionUrl%.zip}.tar.gz" + distributionUrlName="${distributionUrl##*/}" +fi + +# verbose opt +__MVNW_QUIET_WGET=--quiet __MVNW_QUIET_CURL=--silent __MVNW_QUIET_UNZIP=-q __MVNW_QUIET_TAR='' +[ "${MVNW_VERBOSE-}" != true ] || __MVNW_QUIET_WGET='' __MVNW_QUIET_CURL='' __MVNW_QUIET_UNZIP='' __MVNW_QUIET_TAR=v + +# normalize http auth +case "${MVNW_PASSWORD:+has-password}" in +'') MVNW_USERNAME='' MVNW_PASSWORD='' ;; +has-password) [ -n "${MVNW_USERNAME-}" ] || MVNW_USERNAME='' MVNW_PASSWORD='' ;; +esac + +if [ -z "${MVNW_USERNAME-}" ] && command -v wget >/dev/null; then + verbose "Found wget ... using wget" + wget ${__MVNW_QUIET_WGET:+"$__MVNW_QUIET_WGET"} "$distributionUrl" -O "$TMP_DOWNLOAD_DIR/$distributionUrlName" || die "wget: Failed to fetch $distributionUrl" +elif [ -z "${MVNW_USERNAME-}" ] && command -v curl >/dev/null; then + verbose "Found curl ... using curl" + curl ${__MVNW_QUIET_CURL:+"$__MVNW_QUIET_CURL"} -f -L -o "$TMP_DOWNLOAD_DIR/$distributionUrlName" "$distributionUrl" || die "curl: Failed to fetch $distributionUrl" +elif set_java_home; then + verbose "Falling back to use Java to download" + javaSource="$TMP_DOWNLOAD_DIR/Downloader.java" + targetZip="$TMP_DOWNLOAD_DIR/$distributionUrlName" + cat >"$javaSource" <<-END + public class Downloader extends java.net.Authenticator + { + protected java.net.PasswordAuthentication getPasswordAuthentication() + { + return new java.net.PasswordAuthentication( System.getenv( "MVNW_USERNAME" ), System.getenv( "MVNW_PASSWORD" ).toCharArray() ); + } + public static void main( String[] args ) throws Exception + { + setDefault( new Downloader() ); + java.nio.file.Files.copy( java.net.URI.create( args[0] ).toURL().openStream(), java.nio.file.Paths.get( args[1] ).toAbsolutePath().normalize() ); + } + } + END + # For Cygwin/MinGW, switch paths to Windows format before running javac and java + verbose " - Compiling Downloader.java ..." + "$(native_path "$JAVACCMD")" "$(native_path "$javaSource")" || die "Failed to compile Downloader.java" + verbose " - Running Downloader.java ..." + "$(native_path "$JAVACMD")" -cp "$(native_path "$TMP_DOWNLOAD_DIR")" Downloader "$distributionUrl" "$(native_path "$targetZip")" +fi + +# If specified, validate the SHA-256 sum of the Maven distribution zip file +if [ -n "${distributionSha256Sum-}" ]; then + distributionSha256Result=false + if [ "$MVN_CMD" = mvnd.sh ]; then + echo "Checksum validation is not supported for maven-mvnd." >&2 + echo "Please disable validation by removing 'distributionSha256Sum' from your maven-wrapper.properties." >&2 + exit 1 + elif command -v sha256sum >/dev/null; then + if echo "$distributionSha256Sum $TMP_DOWNLOAD_DIR/$distributionUrlName" | sha256sum -c - >/dev/null 2>&1; then + distributionSha256Result=true + fi + elif command -v shasum >/dev/null; then + if echo "$distributionSha256Sum $TMP_DOWNLOAD_DIR/$distributionUrlName" | shasum -a 256 -c >/dev/null 2>&1; then + distributionSha256Result=true + fi + else + echo "Checksum validation was requested but neither 'sha256sum' or 'shasum' are available." >&2 + echo "Please install either command, or disable validation by removing 'distributionSha256Sum' from your maven-wrapper.properties." >&2 + exit 1 + fi + if [ $distributionSha256Result = false ]; then + echo "Error: Failed to validate Maven distribution SHA-256, your Maven distribution might be compromised." >&2 + echo "If you updated your Maven version, you need to update the specified distributionSha256Sum property." >&2 + exit 1 + fi +fi + +# unzip and move +if command -v unzip >/dev/null; then + unzip ${__MVNW_QUIET_UNZIP:+"$__MVNW_QUIET_UNZIP"} "$TMP_DOWNLOAD_DIR/$distributionUrlName" -d "$TMP_DOWNLOAD_DIR" || die "failed to unzip" +else + tar xzf${__MVNW_QUIET_TAR:+"$__MVNW_QUIET_TAR"} "$TMP_DOWNLOAD_DIR/$distributionUrlName" -C "$TMP_DOWNLOAD_DIR" || die "failed to untar" +fi + +# Find the actual extracted directory name (handles snapshots where filename != directory name) +actualDistributionDir="" + +# First try the expected directory name (for regular distributions) +if [ -d "$TMP_DOWNLOAD_DIR/$distributionUrlNameMain" ]; then + if [ -f "$TMP_DOWNLOAD_DIR/$distributionUrlNameMain/bin/$MVN_CMD" ]; then + actualDistributionDir="$distributionUrlNameMain" + fi +fi + +# If not found, search for any directory with the Maven executable (for snapshots) +if [ -z "$actualDistributionDir" ]; then + # enable globbing to iterate over items + set +f + for dir in "$TMP_DOWNLOAD_DIR"/*; do + if [ -d "$dir" ]; then + if [ -f "$dir/bin/$MVN_CMD" ]; then + actualDistributionDir="$(basename "$dir")" + break + fi + fi + done + set -f +fi + +if [ -z "$actualDistributionDir" ]; then + verbose "Contents of $TMP_DOWNLOAD_DIR:" + verbose "$(ls -la "$TMP_DOWNLOAD_DIR")" + die "Could not find Maven distribution directory in extracted archive" +fi + +verbose "Found extracted Maven distribution directory: $actualDistributionDir" +printf %s\\n "$distributionUrl" >"$TMP_DOWNLOAD_DIR/$actualDistributionDir/mvnw.url" +mv -- "$TMP_DOWNLOAD_DIR/$actualDistributionDir" "$MAVEN_HOME" || [ -d "$MAVEN_HOME" ] || die "fail to move MAVEN_HOME" + +clean || : +exec_maven "$@" diff --git a/spring-security/spring-security/mvnw.cmd b/spring-security/spring-security/mvnw.cmd new file mode 100644 index 0000000..92450f9 --- /dev/null +++ b/spring-security/spring-security/mvnw.cmd @@ -0,0 +1,189 @@ +<# : batch portion +@REM ---------------------------------------------------------------------------- +@REM Licensed to the Apache Software Foundation (ASF) under one +@REM or more contributor license agreements. See the NOTICE file +@REM distributed with this work for additional information +@REM regarding copyright ownership. The ASF licenses this file +@REM to you under the Apache License, Version 2.0 (the +@REM "License"); you may not use this file except in compliance +@REM with the License. You may obtain a copy of the License at +@REM +@REM http://www.apache.org/licenses/LICENSE-2.0 +@REM +@REM Unless required by applicable law or agreed to in writing, +@REM software distributed under the License is distributed on an +@REM "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +@REM KIND, either express or implied. See the License for the +@REM specific language governing permissions and limitations +@REM under the License. +@REM ---------------------------------------------------------------------------- + +@REM ---------------------------------------------------------------------------- +@REM Apache Maven Wrapper startup batch script, version 3.3.4 +@REM +@REM Optional ENV vars +@REM MVNW_REPOURL - repo url base for downloading maven distribution +@REM MVNW_USERNAME/MVNW_PASSWORD - user and password for downloading maven +@REM MVNW_VERBOSE - true: enable verbose log; others: silence the output +@REM ---------------------------------------------------------------------------- + +@IF "%__MVNW_ARG0_NAME__%"=="" (SET __MVNW_ARG0_NAME__=%~nx0) +@SET __MVNW_CMD__= +@SET __MVNW_ERROR__= +@SET __MVNW_PSMODULEP_SAVE=%PSModulePath% +@SET PSModulePath= +@FOR /F "usebackq tokens=1* delims==" %%A IN (`powershell -noprofile "& {$scriptDir='%~dp0'; $script='%__MVNW_ARG0_NAME__%'; icm -ScriptBlock ([Scriptblock]::Create((Get-Content -Raw '%~f0'))) -NoNewScope}"`) DO @( + IF "%%A"=="MVN_CMD" (set __MVNW_CMD__=%%B) ELSE IF "%%B"=="" (echo %%A) ELSE (echo %%A=%%B) +) +@SET PSModulePath=%__MVNW_PSMODULEP_SAVE% +@SET __MVNW_PSMODULEP_SAVE= +@SET __MVNW_ARG0_NAME__= +@SET MVNW_USERNAME= +@SET MVNW_PASSWORD= +@IF NOT "%__MVNW_CMD__%"=="" ("%__MVNW_CMD__%" %*) +@echo Cannot start maven from wrapper >&2 && exit /b 1 +@GOTO :EOF +: end batch / begin powershell #> + +$ErrorActionPreference = "Stop" +if ($env:MVNW_VERBOSE -eq "true") { + $VerbosePreference = "Continue" +} + +# calculate distributionUrl, requires .mvn/wrapper/maven-wrapper.properties +$distributionUrl = (Get-Content -Raw "$scriptDir/.mvn/wrapper/maven-wrapper.properties" | ConvertFrom-StringData).distributionUrl +if (!$distributionUrl) { + Write-Error "cannot read distributionUrl property in $scriptDir/.mvn/wrapper/maven-wrapper.properties" +} + +switch -wildcard -casesensitive ( $($distributionUrl -replace '^.*/','') ) { + "maven-mvnd-*" { + $USE_MVND = $true + $distributionUrl = $distributionUrl -replace '-bin\.[^.]*$',"-windows-amd64.zip" + $MVN_CMD = "mvnd.cmd" + break + } + default { + $USE_MVND = $false + $MVN_CMD = $script -replace '^mvnw','mvn' + break + } +} + +# apply MVNW_REPOURL and calculate MAVEN_HOME +# maven home pattern: ~/.m2/wrapper/dists/{apache-maven-,maven-mvnd--}/ +if ($env:MVNW_REPOURL) { + $MVNW_REPO_PATTERN = if ($USE_MVND -eq $False) { "/org/apache/maven/" } else { "/maven/mvnd/" } + $distributionUrl = "$env:MVNW_REPOURL$MVNW_REPO_PATTERN$($distributionUrl -replace "^.*$MVNW_REPO_PATTERN",'')" +} +$distributionUrlName = $distributionUrl -replace '^.*/','' +$distributionUrlNameMain = $distributionUrlName -replace '\.[^.]*$','' -replace '-bin$','' + +$MAVEN_M2_PATH = "$HOME/.m2" +if ($env:MAVEN_USER_HOME) { + $MAVEN_M2_PATH = "$env:MAVEN_USER_HOME" +} + +if (-not (Test-Path -Path $MAVEN_M2_PATH)) { + New-Item -Path $MAVEN_M2_PATH -ItemType Directory | Out-Null +} + +$MAVEN_WRAPPER_DISTS = $null +if ((Get-Item $MAVEN_M2_PATH).Target[0] -eq $null) { + $MAVEN_WRAPPER_DISTS = "$MAVEN_M2_PATH/wrapper/dists" +} else { + $MAVEN_WRAPPER_DISTS = (Get-Item $MAVEN_M2_PATH).Target[0] + "/wrapper/dists" +} + +$MAVEN_HOME_PARENT = "$MAVEN_WRAPPER_DISTS/$distributionUrlNameMain" +$MAVEN_HOME_NAME = ([System.Security.Cryptography.SHA256]::Create().ComputeHash([byte[]][char[]]$distributionUrl) | ForEach-Object {$_.ToString("x2")}) -join '' +$MAVEN_HOME = "$MAVEN_HOME_PARENT/$MAVEN_HOME_NAME" + +if (Test-Path -Path "$MAVEN_HOME" -PathType Container) { + Write-Verbose "found existing MAVEN_HOME at $MAVEN_HOME" + Write-Output "MVN_CMD=$MAVEN_HOME/bin/$MVN_CMD" + exit $? +} + +if (! $distributionUrlNameMain -or ($distributionUrlName -eq $distributionUrlNameMain)) { + Write-Error "distributionUrl is not valid, must end with *-bin.zip, but found $distributionUrl" +} + +# prepare tmp dir +$TMP_DOWNLOAD_DIR_HOLDER = New-TemporaryFile +$TMP_DOWNLOAD_DIR = New-Item -Itemtype Directory -Path "$TMP_DOWNLOAD_DIR_HOLDER.dir" +$TMP_DOWNLOAD_DIR_HOLDER.Delete() | Out-Null +trap { + if ($TMP_DOWNLOAD_DIR.Exists) { + try { Remove-Item $TMP_DOWNLOAD_DIR -Recurse -Force | Out-Null } + catch { Write-Warning "Cannot remove $TMP_DOWNLOAD_DIR" } + } +} + +New-Item -Itemtype Directory -Path "$MAVEN_HOME_PARENT" -Force | Out-Null + +# Download and Install Apache Maven +Write-Verbose "Couldn't find MAVEN_HOME, downloading and installing it ..." +Write-Verbose "Downloading from: $distributionUrl" +Write-Verbose "Downloading to: $TMP_DOWNLOAD_DIR/$distributionUrlName" + +$webclient = New-Object System.Net.WebClient +if ($env:MVNW_USERNAME -and $env:MVNW_PASSWORD) { + $webclient.Credentials = New-Object System.Net.NetworkCredential($env:MVNW_USERNAME, $env:MVNW_PASSWORD) +} +[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 +$webclient.DownloadFile($distributionUrl, "$TMP_DOWNLOAD_DIR/$distributionUrlName") | Out-Null + +# If specified, validate the SHA-256 sum of the Maven distribution zip file +$distributionSha256Sum = (Get-Content -Raw "$scriptDir/.mvn/wrapper/maven-wrapper.properties" | ConvertFrom-StringData).distributionSha256Sum +if ($distributionSha256Sum) { + if ($USE_MVND) { + Write-Error "Checksum validation is not supported for maven-mvnd. `nPlease disable validation by removing 'distributionSha256Sum' from your maven-wrapper.properties." + } + Import-Module $PSHOME\Modules\Microsoft.PowerShell.Utility -Function Get-FileHash + if ((Get-FileHash "$TMP_DOWNLOAD_DIR/$distributionUrlName" -Algorithm SHA256).Hash.ToLower() -ne $distributionSha256Sum) { + Write-Error "Error: Failed to validate Maven distribution SHA-256, your Maven distribution might be compromised. If you updated your Maven version, you need to update the specified distributionSha256Sum property." + } +} + +# unzip and move +Expand-Archive "$TMP_DOWNLOAD_DIR/$distributionUrlName" -DestinationPath "$TMP_DOWNLOAD_DIR" | Out-Null + +# Find the actual extracted directory name (handles snapshots where filename != directory name) +$actualDistributionDir = "" + +# First try the expected directory name (for regular distributions) +$expectedPath = Join-Path "$TMP_DOWNLOAD_DIR" "$distributionUrlNameMain" +$expectedMvnPath = Join-Path "$expectedPath" "bin/$MVN_CMD" +if ((Test-Path -Path $expectedPath -PathType Container) -and (Test-Path -Path $expectedMvnPath -PathType Leaf)) { + $actualDistributionDir = $distributionUrlNameMain +} + +# If not found, search for any directory with the Maven executable (for snapshots) +if (!$actualDistributionDir) { + Get-ChildItem -Path "$TMP_DOWNLOAD_DIR" -Directory | ForEach-Object { + $testPath = Join-Path $_.FullName "bin/$MVN_CMD" + if (Test-Path -Path $testPath -PathType Leaf) { + $actualDistributionDir = $_.Name + } + } +} + +if (!$actualDistributionDir) { + Write-Error "Could not find Maven distribution directory in extracted archive" +} + +Write-Verbose "Found extracted Maven distribution directory: $actualDistributionDir" +Rename-Item -Path "$TMP_DOWNLOAD_DIR/$actualDistributionDir" -NewName $MAVEN_HOME_NAME | Out-Null +try { + Move-Item -Path "$TMP_DOWNLOAD_DIR/$MAVEN_HOME_NAME" -Destination $MAVEN_HOME_PARENT | Out-Null +} catch { + if (! (Test-Path -Path "$MAVEN_HOME" -PathType Container)) { + Write-Error "fail to move MAVEN_HOME" + } +} finally { + try { Remove-Item $TMP_DOWNLOAD_DIR -Recurse -Force | Out-Null } + catch { Write-Warning "Cannot remove $TMP_DOWNLOAD_DIR" } +} + +Write-Output "MVN_CMD=$MAVEN_HOME/bin/$MVN_CMD" diff --git a/spring-security/spring-security/pom.xml b/spring-security/spring-security/pom.xml new file mode 100644 index 0000000..fc574c4 --- /dev/null +++ b/spring-security/spring-security/pom.xml @@ -0,0 +1,149 @@ + + + + 4.0.0 + + + org.springframework.boot + spring-boot-starter-parent + 4.1.0 + + + + com.haonkr + jwt + 0.0.1-SNAPSHOT + jwt + JWT authentication example + + + 21 + 1.18.42 + 0.12.6 + + + + + + + org.springframework.boot + spring-boot-starter-webmvc + + + + + org.springframework.boot + spring-boot-starter-security + + + + + org.springframework.boot + spring-boot-starter-data-jpa + + + + + com.mysql + mysql-connector-j + runtime + + + + + org.projectlombok + lombok + ${lombok.version} + provided + + + + + io.jsonwebtoken + jjwt-api + ${jjwt.version} + + + + io.jsonwebtoken + jjwt-impl + ${jjwt.version} + runtime + + + + io.jsonwebtoken + jjwt-jackson + ${jjwt.version} + runtime + + + + + org.springframework.boot + spring-boot-devtools + runtime + true + + + + + org.springframework.boot + spring-boot-starter-data-jpa-test + test + + + + org.springframework.boot + spring-boot-starter-security-test + test + + + + org.springframework.boot + spring-boot-starter-webmvc-test + test + + + + + + + + + org.apache.maven.plugins + maven-compiler-plugin + + ${java.version} + + + + org.projectlombok + lombok + ${lombok.version} + + + + + + + org.springframework.boot + spring-boot-maven-plugin + + + + org.projectlombok + lombok + + + + + + + + + \ No newline at end of file diff --git a/spring-security/spring-security/src/main/java/com/haonkr/jwt/JwtApplication.java b/spring-security/spring-security/src/main/java/com/haonkr/jwt/JwtApplication.java new file mode 100644 index 0000000..8a20e53 --- /dev/null +++ b/spring-security/spring-security/src/main/java/com/haonkr/jwt/JwtApplication.java @@ -0,0 +1,13 @@ +package com.haonkr.jwt; + +import org.springframework.boot.SpringApplication; +import org.springframework.boot.autoconfigure.SpringBootApplication; + +@SpringBootApplication +public class JwtApplication { + + public static void main(String[] args) { + SpringApplication.run(JwtApplication.class, args); + } + +} diff --git a/spring-security/spring-security/src/main/java/com/haonkr/jwt/config/JwtUtil.java b/spring-security/spring-security/src/main/java/com/haonkr/jwt/config/JwtUtil.java new file mode 100644 index 0000000..eb7f6d0 --- /dev/null +++ b/spring-security/spring-security/src/main/java/com/haonkr/jwt/config/JwtUtil.java @@ -0,0 +1,64 @@ +package com.haonkr.jwt.config; + +import com.haonkr.jwt.entity.User; +import io.jsonwebtoken.Claims; +import io.jsonwebtoken.Jwts; +import io.jsonwebtoken.io.Decoders; +import io.jsonwebtoken.security.Keys; +import org.springframework.beans.factory.annotation.Value; +import org.springframework.stereotype.Component; + +import javax.crypto.SecretKey; +import java.time.Instant; +import java.util.Date; + +@Component +public class JwtUtil { + + private final SecretKey secretKey; + private final long expirationMs; + + public JwtUtil( + @Value("${jwt.secret}") String secret, + @Value("${jwt.expiration-ms}") long expirationMs + ) { + byte[] keyBytes = Decoders.BASE64.decode(secret); + + this.secretKey = Keys.hmacShaKeyFor(keyBytes); + this.expirationMs = expirationMs; + } + + // JWT 생성 + public String createToken(User user) { + Instant now = Instant.now(); + + return Jwts.builder() + // JWT의 주체로 사용자 이름 저장 + .subject(user.getUsername()) + + // 추가 정보 저장 + .claim("userId", user.getId()) + .claim("role", user.getRole()) + + // 발급 시간 + .issuedAt(Date.from(now)) + + // 만료 시간 + .expiration(Date.from(now.plusMillis(expirationMs))) + + // 비밀키로 서명 + .signWith(secretKey) + + // 문자열 JWT 생성 + .compact(); + } + + // JWT 검증 및 Claims 추출 + public Claims parseClaims(String token) { + return Jwts.parser() + .verifyWith(secretKey) + .build() + .parseSignedClaims(token) + .getPayload(); + } +} diff --git a/spring-security/spring-security/src/main/java/com/haonkr/jwt/config/SecurityConfig.java b/spring-security/spring-security/src/main/java/com/haonkr/jwt/config/SecurityConfig.java new file mode 100644 index 0000000..98aef8e --- /dev/null +++ b/spring-security/spring-security/src/main/java/com/haonkr/jwt/config/SecurityConfig.java @@ -0,0 +1,88 @@ +package com.haonkr.jwt.config; + +import com.haonkr.jwt.filter.JwtAuthFilter; +import lombok.RequiredArgsConstructor; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.http.HttpMethod; +import org.springframework.http.MediaType; +import org.springframework.security.config.annotation.web.builders.HttpSecurity; +import org.springframework.security.config.http.SessionCreationPolicy; +import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; +import org.springframework.security.crypto.password.PasswordEncoder; +import org.springframework.security.web.SecurityFilterChain; +import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; + +import java.nio.charset.StandardCharsets; + +@Configuration +@RequiredArgsConstructor +public class SecurityConfig { + + private final JwtAuthFilter jwtAuthFilter; + + @Bean + public PasswordEncoder passwordEncoder() { + return new BCryptPasswordEncoder(); + } + + @Bean + public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { + + http + // REST API이므로 CSRF 비활성화 + .csrf(csrf -> csrf.disable()) + + // JWT를 사용하므로 세션을 생성하지 않음 + .sessionManagement(session -> + session.sessionCreationPolicy(SessionCreationPolicy.STATELESS)) + + // 기본 로그인 화면 비활성화 + .formLogin(form -> form.disable()) + + // HTTP Basic 인증 비활성화 + .httpBasic(basic -> basic.disable()) + + // 인증 및 권한 오류 응답 설정 + .exceptionHandling(exception -> exception + + // 인증되지 않은 사용자의 접근 + .authenticationEntryPoint( + (request, response, authException) -> { + response.setStatus(401); + response.setContentType(MediaType.APPLICATION_JSON_VALUE); + response.setCharacterEncoding(StandardCharsets.UTF_8.name()); + response.getWriter().write("{\"message\":\"인증이 필요합니다.\"}"); + } + ) + + // 인증은 되었지만 권한이 부족한 경우 + .accessDeniedHandler( + ((request, response, accessDeniedException) -> { + response.setStatus(403); + response.setContentType(MediaType.APPLICATION_JSON_VALUE); + response.setCharacterEncoding(StandardCharsets.UTF_8.name()); + response.getWriter().write("{\"message\":\"접근 권한이 없습니다.\"}"); + }) + ) + ) + + // 엔드포인트 권한 설정 + .authorizeHttpRequests(auth -> auth + + // 회원 가입과 로그인은 인증 없이 접근 가능 + .requestMatchers(HttpMethod.POST, "/auth/register", "/auth/login").permitAll() + + // 오류 처리 경로 허용 + .requestMatchers("/error").permitAll() + + // 나머지 모든 요청은 인증 필요 + .anyRequest().authenticated() + ) + + // JWT 필터를 UsernamePasswordAuthenticationFilter보다 앞에서 실행 + .addFilterBefore(jwtAuthFilter, UsernamePasswordAuthenticationFilter.class); + + return http.build(); + } +} diff --git a/spring-security/spring-security/src/main/java/com/haonkr/jwt/controller/AuthController.java b/spring-security/spring-security/src/main/java/com/haonkr/jwt/controller/AuthController.java new file mode 100644 index 0000000..15b0822 --- /dev/null +++ b/spring-security/spring-security/src/main/java/com/haonkr/jwt/controller/AuthController.java @@ -0,0 +1,41 @@ +package com.haonkr.jwt.controller; + +import com.haonkr.jwt.dto.LoginRequest; +import com.haonkr.jwt.dto.RegisterRequest; +import com.haonkr.jwt.dto.TokenResponse; +import com.haonkr.jwt.service.AuthService; +import lombok.RequiredArgsConstructor; +import org.springframework.http.HttpStatus; +import org.springframework.http.ResponseEntity; +import org.springframework.web.bind.annotation.PostMapping; +import org.springframework.web.bind.annotation.RequestBody; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RestController; + +import java.util.Map; + +@RestController +@RequestMapping("/auth") +@RequiredArgsConstructor +public class AuthController { + + private final AuthService authService; + + // 회원가입 + @PostMapping("/register") + public ResponseEntity> register(@RequestBody RegisterRequest request) { + authService.register(request); + + return ResponseEntity + .status(HttpStatus.CREATED) + .body(Map.of("message", "회원가입이 완료되었습니다.")); + } + + // 로그인 및 JWT 발급 + @PostMapping("/login") + public ResponseEntity login(@RequestBody LoginRequest request) { + TokenResponse response = authService.login(request); + + return ResponseEntity.ok(response); + } +} diff --git a/spring-security/spring-security/src/main/java/com/haonkr/jwt/controller/PostController.java b/spring-security/spring-security/src/main/java/com/haonkr/jwt/controller/PostController.java new file mode 100644 index 0000000..fe30044 --- /dev/null +++ b/spring-security/spring-security/src/main/java/com/haonkr/jwt/controller/PostController.java @@ -0,0 +1,29 @@ +package com.haonkr.jwt.controller; + +import org.springframework.http.ResponseEntity; +import org.springframework.security.core.Authentication; +import org.springframework.web.bind.annotation.GetMapping; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RestController; + +import java.util.List; +import java.util.Map; + +@RestController +@RequestMapping("/posts") +public class PostController { + + @GetMapping + public ResponseEntity>> getPosts(Authentication authentication) { + return ResponseEntity.ok( + List.of( + Map.of( + "id", 1, + "title", "JWT 테스트 게시글의 제목", + "content", "JWT 테스트 게시글의 내용", + "username", authentication.getName() + ) + ) + ); + } +} diff --git a/spring-security/spring-security/src/main/java/com/haonkr/jwt/dto/LoginRequest.java b/spring-security/spring-security/src/main/java/com/haonkr/jwt/dto/LoginRequest.java new file mode 100644 index 0000000..6dade57 --- /dev/null +++ b/spring-security/spring-security/src/main/java/com/haonkr/jwt/dto/LoginRequest.java @@ -0,0 +1,6 @@ +package com.haonkr.jwt.dto; + +public record LoginRequest( + String username, + String password +) { } diff --git a/spring-security/spring-security/src/main/java/com/haonkr/jwt/dto/RegisterRequest.java b/spring-security/spring-security/src/main/java/com/haonkr/jwt/dto/RegisterRequest.java new file mode 100644 index 0000000..3c51907 --- /dev/null +++ b/spring-security/spring-security/src/main/java/com/haonkr/jwt/dto/RegisterRequest.java @@ -0,0 +1,6 @@ +package com.haonkr.jwt.dto; + +public record RegisterRequest( + String username, + String password +) { } diff --git a/spring-security/spring-security/src/main/java/com/haonkr/jwt/dto/TokenResponse.java b/spring-security/spring-security/src/main/java/com/haonkr/jwt/dto/TokenResponse.java new file mode 100644 index 0000000..62715dd --- /dev/null +++ b/spring-security/spring-security/src/main/java/com/haonkr/jwt/dto/TokenResponse.java @@ -0,0 +1,6 @@ +package com.haonkr.jwt.dto; + +public record TokenResponse( + String token, + String tokenType +) { } diff --git a/spring-security/spring-security/src/main/java/com/haonkr/jwt/entity/User.java b/spring-security/spring-security/src/main/java/com/haonkr/jwt/entity/User.java new file mode 100644 index 0000000..8bebb6d --- /dev/null +++ b/spring-security/spring-security/src/main/java/com/haonkr/jwt/entity/User.java @@ -0,0 +1,31 @@ +package com.haonkr.jwt.entity; + +import jakarta.persistence.*; +import lombok.Getter; +import lombok.NoArgsConstructor; + +@Getter +@Entity +@Table(name = "users") +@NoArgsConstructor +public class User { + + @Id + @GeneratedValue(strategy = GenerationType.IDENTITY) + private Long id; + + @Column(nullable = false, unique = true, length = 50) + private String username; + + @Column(nullable = false) + private String password; + + @Column(nullable = false, length = 30) + private String role; + + public User(String username, String password, String role) { + this.username = username; + this.password = password; + this.role = role; + } +} diff --git a/spring-security/spring-security/src/main/java/com/haonkr/jwt/filter/JwtAuthFilter.java b/spring-security/spring-security/src/main/java/com/haonkr/jwt/filter/JwtAuthFilter.java new file mode 100644 index 0000000..2a533bb --- /dev/null +++ b/spring-security/spring-security/src/main/java/com/haonkr/jwt/filter/JwtAuthFilter.java @@ -0,0 +1,84 @@ +package com.haonkr.jwt.filter; + +import com.haonkr.jwt.config.JwtUtil; +import io.jsonwebtoken.Claims; +import io.jsonwebtoken.JwtException; +import jakarta.servlet.FilterChain; +import jakarta.servlet.ServletException; +import jakarta.servlet.http.HttpServletRequest; +import jakarta.servlet.http.HttpServletResponse; +import lombok.RequiredArgsConstructor; +import org.springframework.http.MediaType; +import org.springframework.http.HttpHeaders; +import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; +import org.springframework.security.core.authority.SimpleGrantedAuthority; +import org.springframework.security.core.context.SecurityContextHolder; +import org.springframework.security.web.authentication.WebAuthenticationDetailsSource; +import org.springframework.stereotype.Component; +import org.springframework.web.filter.OncePerRequestFilter; + +import java.io.IOException; +import java.nio.charset.StandardCharsets; +import java.util.List; + +@Component +@RequiredArgsConstructor +public class JwtAuthFilter extends OncePerRequestFilter { + + private final JwtUtil jwtUtil; + + @Override + protected void doFilterInternal( + HttpServletRequest request, + HttpServletResponse response, + FilterChain filterChain + ) throws ServletException, IOException { + + String authorizationHeader = request.getHeader(HttpHeaders.AUTHORIZATION); + + // Authorization 헤더가 없거나 + // Bearer 형식이 아니면 인증 정보를 설정하지 않고 다음 필터 실행 + if (authorizationHeader == null || !authorizationHeader.startsWith("Bearer ")) { + filterChain.doFilter(request, response); + return; + } + + // "Bearer " 이후의 JWT 문자열만 추출 + String token = authorizationHeader.substring(7); + + try { + Claims claims = jwtUtil.parseClaims(token); + + String username = claims.getSubject(); + String role = claims.get("role", String.class); + + // 아직 인증 정보가 등록되지 않은 경우에만 + // SecurityContext에 Authentication 저장 + if (username != null && SecurityContextHolder.getContext().getAuthentication() == null) { + List authorities = role == null + ? List.of() + : List.of(new SimpleGrantedAuthority(role)); + + UsernamePasswordAuthenticationToken authenticationToken = + new UsernamePasswordAuthenticationToken(username, null, authorities); + + authenticationToken.setDetails(new WebAuthenticationDetailsSource().buildDetails(request)); + + SecurityContextHolder.getContext().setAuthentication(authenticationToken); + } + + filterChain.doFilter(request, response); + + } catch (JwtException | IllegalArgumentException e) { + SecurityContextHolder.clearContext(); + + response.setStatus(HttpServletResponse.SC_UNAUTHORIZED); + + response.setContentType(MediaType.APPLICATION_JSON_VALUE); + + response.setCharacterEncoding(StandardCharsets.UTF_8.name()); + + response.getWriter().write("{\"message\":\"유효하지 않거나 만료된 토큰입니다.\"}"); + } + } +} diff --git a/spring-security/spring-security/src/main/java/com/haonkr/jwt/repository/UserRepository.java b/spring-security/spring-security/src/main/java/com/haonkr/jwt/repository/UserRepository.java new file mode 100644 index 0000000..2145648 --- /dev/null +++ b/spring-security/spring-security/src/main/java/com/haonkr/jwt/repository/UserRepository.java @@ -0,0 +1,13 @@ +package com.haonkr.jwt.repository; + +import com.haonkr.jwt.entity.User; +import org.springframework.data.jpa.repository.JpaRepository; + +import java.util.Optional; + +public interface UserRepository extends JpaRepository { + + Optional findByUsername(String username); + + boolean existsByUsername(String username); +} diff --git a/spring-security/spring-security/src/main/java/com/haonkr/jwt/service/AuthService.java b/spring-security/spring-security/src/main/java/com/haonkr/jwt/service/AuthService.java new file mode 100644 index 0000000..3f69e64 --- /dev/null +++ b/spring-security/spring-security/src/main/java/com/haonkr/jwt/service/AuthService.java @@ -0,0 +1,84 @@ +package com.haonkr.jwt.service; + +import com.haonkr.jwt.config.JwtUtil; +import com.haonkr.jwt.dto.LoginRequest; +import com.haonkr.jwt.dto.RegisterRequest; +import com.haonkr.jwt.dto.TokenResponse; +import com.haonkr.jwt.entity.User; +import com.haonkr.jwt.repository.UserRepository; +import lombok.RequiredArgsConstructor; +import org.springframework.http.HttpStatus; +import org.springframework.security.crypto.password.PasswordEncoder; +import org.springframework.stereotype.Service; +import org.springframework.web.server.ResponseStatusException; +import org.springframework.transaction.annotation.Transactional; + +@Service +@RequiredArgsConstructor +public class AuthService { + + private static final String DEFAULT_ROLE = "ROLE_USER"; + + private final UserRepository userRepository; + private final PasswordEncoder passwordEncoder; + private final JwtUtil jwtUtil; + + // 회원가입 + @Transactional + public void register(RegisterRequest request) { + validateRequest(request.username(), request.password()); + + if (userRepository.existsByUsername(request.username())) { + throw new ResponseStatusException( + HttpStatus.CONFLICT, + "이미 사용 중인 사용자 이름입니다." + ); + } + + String encodedPassword = passwordEncoder.encode(request.password()); + + User user = new User(request.username(), encodedPassword, DEFAULT_ROLE); + + userRepository.save(user); + } + + // 로그인 + @Transactional(readOnly = true) + public TokenResponse login(LoginRequest request) { + validateRequest(request.username(), request.password()); + + User user = userRepository.findByUsername(request.username()) + .orElseThrow(() -> new ResponseStatusException( + HttpStatus.UNAUTHORIZED, + "사용자 이름 또는 패스워드가 올바르지 않습니다." + )); + + // 입력한 패스워드와 DB의 암호화된 패스워드 비교 + if (!passwordEncoder.matches(request.password(), user.getPassword())) { + throw new ResponseStatusException( + HttpStatus.UNAUTHORIZED, + "사용자 이름 또는 패스워드가 올바르지 않습니다." + ); + } + + String token = jwtUtil.createToken(user); + + return new TokenResponse(token, "Bearer"); + } + + private void validateRequest(String username, String password) { + if (username == null || username.isBlank()) { + throw new ResponseStatusException( + HttpStatus.BAD_REQUEST, + "사용자 이름을 입력해야 합니다." + ); + } + + if (password == null || password.isBlank()) { + throw new ResponseStatusException( + HttpStatus.BAD_REQUEST, + "패스워드를 입력해야 합니다." + ); + } + } +} diff --git a/spring-security/spring-security/src/main/resources/application.yaml b/spring-security/spring-security/src/main/resources/application.yaml new file mode 100644 index 0000000..1f6b27d --- /dev/null +++ b/spring-security/spring-security/src/main/resources/application.yaml @@ -0,0 +1,24 @@ +spring: + application: + name: jwt + + config: + import: optional:file:./.env[.properties] + + datasource: + url: ${DB_URL} + username: ${DB_USERNAME} + password: ${DB_PASSWORD} + driver-class-name: com.mysql.cj.jdbc.Driver + + jpa: + hibernate: + ddl-auto: update + show-sql: true + properties: + hibernate: + format_sql: true + +jwt: + secret: ${JWT_SECRET} + expiration-ms: ${JWT_EXPIRATION_MS:3600000} \ No newline at end of file diff --git a/spring-security/spring-security/src/test/java/com/haonkr/jwt/JwtApplicationTests.java b/spring-security/spring-security/src/test/java/com/haonkr/jwt/JwtApplicationTests.java new file mode 100644 index 0000000..62c6670 --- /dev/null +++ b/spring-security/spring-security/src/test/java/com/haonkr/jwt/JwtApplicationTests.java @@ -0,0 +1,13 @@ +package com.haonkr.jwt; + +import org.junit.jupiter.api.Test; +import org.springframework.boot.test.context.SpringBootTest; + +@SpringBootTest +class JwtApplicationTests { + + @Test + void contextLoads() { + } + +}