Restore custom JWT principal
All checks were successful
Deploy Blog Backend / test (push) Successful in 1m19s
Deploy Blog Backend / deploy (push) Successful in 1m23s

This commit is contained in:
박원엽
2026-06-19 15:51:58 +09:00
parent fe9b37eccb
commit 81d312eb04
2 changed files with 57 additions and 3 deletions

View File

@@ -10,7 +10,6 @@ import org.springframework.security.authentication.UsernamePasswordAuthenticatio
import org.springframework.security.core.Authentication import org.springframework.security.core.Authentication
import org.springframework.security.core.GrantedAuthority import org.springframework.security.core.GrantedAuthority
import org.springframework.security.core.authority.SimpleGrantedAuthority import org.springframework.security.core.authority.SimpleGrantedAuthority
import org.springframework.security.core.userdetails.User
import org.springframework.stereotype.Component import org.springframework.stereotype.Component
import java.util.* import java.util.*
import javax.crypto.SecretKey import javax.crypto.SecretKey
@@ -90,7 +89,19 @@ class JwtProvider(
.map { SimpleGrantedAuthority(it) } .map { SimpleGrantedAuthority(it) }
// UserDetails 객체를 생성하여 Authentication에 담음 (비밀번호는 불필요하므로 빈 문자열) // UserDetails 객체를 생성하여 Authentication에 담음 (비밀번호는 불필요하므로 빈 문자열)
val principal = User(claims.subject, "", authorities) val memberId = when (val claim = claims["memberId"]) {
is Number -> claim.toLong()
is String -> claim.toLong()
else -> throw RuntimeException("memberId claim is missing.")
}
val nickname = claims["nickname"]?.toString() ?: claims.subject
val principal = CustomUserDetails(
memberId = memberId,
nickname = nickname,
username = claims.subject,
password = "",
authorities = authorities
)
return UsernamePasswordAuthenticationToken(principal, "", authorities) return UsernamePasswordAuthenticationToken(principal, "", authorities)
} }
@@ -126,4 +137,4 @@ class JwtProvider(
e.claims e.claims
} }
} }
} }

View File

@@ -0,0 +1,43 @@
package me.wypark.blogbackend.core.config.jwt
import me.wypark.blogbackend.domain.auth.CustomUserDetails
import org.junit.jupiter.api.Test
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken
import org.springframework.security.core.authority.SimpleGrantedAuthority
import kotlin.test.assertEquals
import kotlin.test.assertIs
class JwtProviderTest {
private val jwtProvider = JwtProvider(
secretKey = "c2VjcmV0LWtleS1mb3ItdGVzdC1hZG1pbi1kYXNoYm9hcmQtMzItYnl0ZXM=",
accessTokenValidity = 600000,
refreshTokenValidity = 604800000
)
@Test
fun `access token authentication restores custom user details`() {
val originalPrincipal = CustomUserDetails(
memberId = 2L,
nickname = "tester",
username = "tester@example.com",
password = "",
authorities = listOf(SimpleGrantedAuthority("ROLE_ADMIN"))
)
val token = jwtProvider.generateTokenDto(
UsernamePasswordAuthenticationToken(
originalPrincipal,
"",
originalPrincipal.authorities
)
)
val authentication = jwtProvider.getAuthentication(token.accessToken)
val principal = assertIs<CustomUserDetails>(authentication.principal)
assertEquals(2L, principal.memberId)
assertEquals("tester", principal.nickname)
assertEquals("tester@example.com", principal.username)
assertEquals("ROLE_ADMIN", authentication.authorities.single().authority)
}
}