🔀 :: 쿠키 filter 에 인가 기능 제거

sms-infrastructure/src/main/kotlin/team/msg/sms/global/filter/FilterConfig.kt

@@ -15,12 +15,10 @@ import team.msg.sms.global.security.token.JwtParser
 class FilterConfig(
     private val jwtParser: JwtParser,
     private val objectMapper: ObjectMapper,
-    private val existStudentUseCase: ExistStudentUseCase,
-    private val queryUserByUserIdUseCase: QueryUserByUserIdUseCase
 ) : SecurityConfigurerAdapter<DefaultSecurityFilterChain, HttpSecurity>() {
     override fun configure(builder: HttpSecurity) {
         builder.addFilterBefore(ExceptionFilter(objectMapper), UsernamePasswordAuthenticationFilter::class.java)
-        builder.addFilterBefore(JwtFilter(jwtParser, queryUserByUserIdUseCase, existStudentUseCase), UsernamePasswordAuthenticationFilter::class.java)
+        builder.addFilterBefore(JwtFilter(jwtParser), UsernamePasswordAuthenticationFilter::class.java)
         builder.addFilterBefore(RequestLogFilter(), UsernamePasswordAuthenticationFilter::class.java)
     }
 }

sms-infrastructure/src/main/kotlin/team/msg/sms/global/filter/JwtFilter.kt

@@ -3,56 +3,28 @@ package team.msg.sms.global.filter
 import org.springframework.security.core.Authentication
 import org.springframework.security.core.context.SecurityContextHolder
 import org.springframework.web.filter.OncePerRequestFilter
-import team.msg.sms.domain.auth.model.Role
-import team.msg.sms.domain.student.usecase.ExistStudentUseCase
-import team.msg.sms.domain.user.exception.UserNotFoundException
-import team.msg.sms.domain.user.usecase.QueryUserByUserIdUseCase
-import team.msg.sms.global.exception.InvalidUrlAccessException
 import team.msg.sms.global.security.token.JwtParser
 import team.msg.sms.global.security.token.JwtProperties
-import java.util.*
 import javax.servlet.FilterChain
 import javax.servlet.http.HttpServletRequest
 import javax.servlet.http.HttpServletResponse
 
 class JwtFilter(
     private val jwtParser: JwtParser,
-    private val queryUserByUserIdUseCase: QueryUserByUserIdUseCase,
-    private val existStudentUseCase: ExistStudentUseCase
 ) : OncePerRequestFilter() {
     override fun doFilterInternal(
         request: HttpServletRequest,
         response: HttpServletResponse,
         filterChain: FilterChain
     ) {
-        val cookieToken = resolvedCookieToken(request)
-        if(cookieToken == null) {
-            val token = resolveToken(request)
+        val token = resolvedCookieToken(request) ?: resolveToken(request)
 
-            token
-                ?.let { SecurityContextHolder.getContext().authentication = jwtParser.getAuthentication(token) }
-
-        } else {
-            cookieToken
-                .let {
-                    val authentication: Authentication = jwtParser.getAuthentication(cookieToken)
-                    SecurityContextHolder.getContext().authentication = authentication
-
-                    val isAllowStudent = authentication.authorities.any { it.authority == Role.ROLE_STUDENT.name }
-                    val isPostStudentEndpoint = request.requestURI == "/student" && request.method == "POST"
-
-                    if (isAllowStudent && !isPostStudentEndpoint) {
-                        val userId = UUID.fromString(jwtParser.getClaimsBody(cookieToken))
-                        val user = queryUserByUserIdUseCase.execute(userId) ?: throw UserNotFoundException
-
-                        if (!existStudentUseCase.execute(user)) {
-                            throw InvalidUrlAccessException
-                        }
-                    }
-                }
+        token?.let {
+            val authentication: Authentication = jwtParser.getAuthentication(it)
+            SecurityContextHolder.getContext().authentication = authentication
         }
-        filterChain.doFilter(request, response)
 
+        filterChain.doFilter(request, response)
     }
 
     private fun resolveToken(request: HttpServletRequest): String? =

sms-infrastructure/src/main/kotlin/team/msg/sms/global/security/SecurityConfig.kt

@@ -9,17 +9,13 @@ import org.springframework.security.config.http.SessionCreationPolicy
 import org.springframework.security.web.SecurityFilterChain
 import org.springframework.security.web.util.matcher.RequestMatcher
 import org.springframework.web.cors.CorsUtils
-import team.msg.sms.domain.student.usecase.ExistStudentUseCase
-import team.msg.sms.domain.user.usecase.QueryUserByUserIdUseCase
 import team.msg.sms.global.filter.FilterConfig
 import team.msg.sms.global.security.token.JwtParser
 
 @Configuration
 class SecurityConfig(
     private val jwtParser: JwtParser,
     private val objectMapper: ObjectMapper,
-    private val existStudentUseCase: ExistStudentUseCase,
-    private val queryUserByUserIdUseCase: QueryUserByUserIdUseCase,
     private val customAuthenticationEntryPoint: CustomAuthenticationEntryPoint
 ) {
 
@@ -68,7 +64,7 @@ class SecurityConfig(
             .anyRequest().authenticated()
 
         http
-            .apply(FilterConfig(jwtParser, objectMapper, existStudentUseCase, queryUserByUserIdUseCase))
+            .apply(FilterConfig(jwtParser, objectMapper))
 
         http
             .exceptionHandling()