️♻️ refactor: 시큐리티 구조 개선 (#73)

* refactor: 시큐리티 구조개선, 예외처리 개선

* feat: 임시로 예외 세부내용을 처리하도록 변경

Author: kimday0326

src/main/java/com/sponus/sponusbe/auth/jwt/exception/CustomExpiredJwtException.java

@@ -0,0 +1,31 @@
+package com.sponus.sponusbe.auth.jwt.exception;
+
+import java.io.IOException;
+
+import org.springframework.http.HttpStatus;
+import org.springframework.security.access.AccessDeniedException;
+import org.springframework.security.web.access.AccessDeniedHandler;
+import org.springframework.stereotype.Component;
+
+import com.sponus.sponusbe.auth.jwt.util.HttpResponseUtil;
+
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import lombok.extern.slf4j.Slf4j;
+
+/**
+ * 인증된 사용자가 필요한 권한없이 접근하려고 할 때 발생하는 예외 처리
+ */
+@Slf4j
+@Component
+public class JwtAccessDeniedHandler implements AccessDeniedHandler {
+
+	@Override
+	public void handle(HttpServletRequest request, HttpServletResponse response,
+		AccessDeniedException accessDeniedException) throws IOException {
+		log.warn("Access Denied: ", accessDeniedException);
+
+		HttpResponseUtil.setErrorResponse(response, HttpStatus.FORBIDDEN,
+			SecurityErrorCode.FORBIDDEN.getErrorResponse());
+	}
+}

src/main/java/com/sponus/sponusbe/auth/jwt/exception/CustomMalformedException.java

@@ -0,0 +1,40 @@
+package com.sponus.sponusbe.auth.jwt.exception;
+
+import java.io.IOException;
+
+import org.springframework.http.HttpStatus;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.web.AuthenticationEntryPoint;
+import org.springframework.stereotype.Component;
+
+import com.sponus.sponusbe.auth.jwt.util.HttpResponseUtil;
+import com.sponus.sponusbe.global.common.ApiResponse;
+
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import lombok.extern.slf4j.Slf4j;
+
+/**
+ * 사용자가 인증되지 않은 상태에서 접근하려고 할 때 발생하는 예외 처리
+ */
+@Slf4j
+@Component
+public class JwtAuthenticationEntryPoint implements AuthenticationEntryPoint {
+
+	@Override
+	public void commence(HttpServletRequest request, HttpServletResponse response,
+		AuthenticationException authException)
+		throws IOException {
+		HttpStatus httpStatus;
+		ApiResponse<String> errorResponse;
+
+		log.error(">>>>>> AuthenticationException: ", authException);
+		httpStatus = HttpStatus.UNAUTHORIZED;
+		errorResponse = ApiResponse.onFailure(
+			SecurityErrorCode.UNAUTHORIZED.getCode(),
+			SecurityErrorCode.UNAUTHORIZED.getMessage(),
+			authException.getMessage());
+
+		HttpResponseUtil.setErrorResponse(response, httpStatus, errorResponse);
+	}
+}

src/main/java/com/sponus/sponusbe/auth/jwt/exception/CustomNoTokenException.java

@@ -3,9 +3,20 @@
 import com.sponus.sponusbe.global.common.BaseErrorCode;
 import com.sponus.sponusbe.global.common.exception.CustomException;
 
+import lombok.Getter;
+
+@Getter
 public class SecurityCustomException extends CustomException {
 
+	private final Throwable cause;
+
 	public SecurityCustomException(BaseErrorCode errorCode) {
 		super(errorCode);
+		this.cause = null;
+	}
+
+	public SecurityCustomException(BaseErrorCode errorCode, Throwable cause) {
+		super(errorCode);
+		this.cause = cause;
 	}
 }

src/main/java/com/sponus/sponusbe/auth/jwt/exception/CustomSignatureException.java

@@ -12,13 +12,14 @@
 @AllArgsConstructor
 public enum SecurityErrorCode implements BaseErrorCode {
 
-	INVALID_TOKEN(HttpStatus.BAD_REQUEST, "4001", "유효하지 않은 형식의 토큰입니다."),
-	TOKEN_EXCEPTION(HttpStatus.UNAUTHORIZED, "4011", "토큰 처리 중 예외가 발생했습니다."),
-	UNAUTHORIZED(HttpStatus.UNAUTHORIZED, "4012", "권한이 없습니다."),
-	TOKEN_EXPIRED(HttpStatus.UNAUTHORIZED, "4013", "만료된 토큰입니다."),
-	SIGNATURE_ERROR(HttpStatus.UNAUTHORIZED, "4014", "무결하지 않은 토큰입니다."),
-	TOKEN_NOT_FOUND(HttpStatus.UNAUTHORIZED, "4015", "토큰이 존재하지 않습니다."),
-	INTERNAL_SECURITY_ERROR(HttpStatus.INTERNAL_SERVER_ERROR, "5001", "서버 에러가 발생했습니다. 관리자에게 문의해주세요.");
+	INVALID_TOKEN(HttpStatus.BAD_REQUEST, "SEC4001", "잘못된 형식의 토큰입니다."),
+	UNAUTHORIZED(HttpStatus.UNAUTHORIZED, "SEC4010", "인증이 필요합니다."),
+	TOKEN_EXPIRED(HttpStatus.UNAUTHORIZED, "SEC4011", "토큰이 만료되었습니다."),
+	TOKEN_SIGNATURE_ERROR(HttpStatus.UNAUTHORIZED, "SEC4012", "토큰이 위조되었거나 손상되었습니다."),
+	FORBIDDEN(HttpStatus.FORBIDDEN, "SEC4030", "권한이 없습니다."),
+	TOKEN_NOT_FOUND(HttpStatus.UNAUTHORIZED, "SEC4041", "토큰이 존재하지 않습니다."),
+	INTERNAL_SECURITY_ERROR(HttpStatus.INTERNAL_SERVER_ERROR, "SEC5000", "인증 처리 중 서버 에러가 발생했습니다."),
+	INTERNAL_TOKEN_SERVER_ERROR(HttpStatus.INTERNAL_SERVER_ERROR, "SEC5001", "토큰 처리 중 서버 에러가 발생했습니다.");
 
 	private final HttpStatus httpStatus;
 	private final String code;

src/main/java/com/sponus/sponusbe/auth/jwt/exception/JwtAccessDeniedHandler.java

@@ -27,7 +27,7 @@
 import lombok.RequiredArgsConstructor;
 
 @RequiredArgsConstructor
-public class JwtFilter extends OncePerRequestFilter {
+public class JwtAuthenticationFilter extends OncePerRequestFilter {
 
 	private final JwtUtil jwtUtil;
 	private final RedisUtil redisUtil;
@@ -51,8 +51,7 @@ protected void doFilterInternal(
 			}
 
 			// logout 처리된 accessToken
-			if (redisUtil.get(accessToken) != null &&
-				redisUtil.get(accessToken).equals("logout")) {
+			if (redisUtil.get(accessToken) != null && redisUtil.get(accessToken).equals("logout")) {
 				logger.info("[*] Logout accessToken");
 				filterChain.doFilter(cachedHttpServletRequest, response);
 				return;
@@ -63,7 +62,6 @@ protected void doFilterInternal(
 			filterChain.doFilter(cachedHttpServletRequest, response);
 		} catch (ExpiredJwtException e) {
 			logger.warn("[*] case : accessToken Expired");
-
 			// accessToken 만료 시 Body에 있는 refreshToken 확인
 			String refreshToken = request.getHeader("refreshToken");
 
@@ -75,12 +73,12 @@ protected void doFilterInternal(
 					JwtPair reissueTokens = jwtUtil.reissueToken(refreshToken);
 					setSuccessResponse(response, CREATED, reissueTokens);
 				}
-			} catch (ExpiredJwtException e1) {
+			} catch (ExpiredJwtException eje) {
 				logger.info("[*] case : accessToken, refreshToken expired");
-				throw new SecurityCustomException(SecurityErrorCode.TOKEN_EXPIRED);
-			} catch (IllegalArgumentException e2) {
+				throw new SecurityCustomException(SecurityErrorCode.TOKEN_EXPIRED, eje);
+			} catch (IllegalArgumentException iae) {
 				logger.info("[*] case : Invalid refreshToken");
-				throw new SecurityCustomException(SecurityErrorCode.INVALID_TOKEN);
+				throw new SecurityCustomException(SecurityErrorCode.INVALID_TOKEN, iae);
 			}
 		}
 	}
@@ -101,7 +99,7 @@ private void authenticateAccessToken(String accessToken) {
 			null,
 			userDetails.getAuthorities());
 
-		// 세션에 사용자 등록
+		// 컨텍스트 홀더에 저장
 		SecurityContextHolder.getContext().setAuthentication(authToken);
 	}
 }

src/main/java/com/sponus/sponusbe/auth/jwt/exception/JwtAuthenticationEntryPoint.java

@@ -25,16 +25,20 @@ protected void doFilterInternal(
 		@NonNull HttpServletRequest request,
 		@NonNull HttpServletResponse response,
 		@NonNull FilterChain filterChain) throws IOException {
-		// TODO : entrypoint로 처리하도록 변경
 		try {
 			filterChain.doFilter(request, response);
 		} catch (SecurityCustomException e) {
 			log.warn(">>>>> SecurityCustomException : ", e);
 			BaseErrorCode errorCode = e.getErrorCode();
+			ApiResponse<String> errorResponse = ApiResponse.onFailure(
+				errorCode.getCode(),
+				errorCode.getMessage(),
+				e.getMessage()
+			);
 			HttpResponseUtil.setErrorResponse(
 				response,
 				errorCode.getHttpStatus(),
-				errorCode.getErrorResponse()
+				errorResponse
 			);
 		} catch (Exception e) {
 			log.error(">>>>> Exception : ", e);