๐Ÿ”’Spring Login Logout

๋ฐ•์šฉ๋ฏผยท2024๋…„ 2์›” 26์ผ
0

ํŒ€ ํ”„๋กœ์ ํŠธ๋กœ ๋กœ๊ทธ์ธ ๋กœ๊ทธ์•„์›ƒ ๋ฐ ๊ธฐํƒ€๋ฅผ ๋‹ด๋‹นํ•˜๊ฒŒ ๋˜์—ˆ๋‹ค.
์Šคํ”„๋ง ์‹œํ๋ฆฌํ‹ฐ๋ฅผ ํ†ตํ•ด์„œ ์ œ์ž‘์„ ํ•˜๋ ค๊ณ  ํ–ˆ๋Š”๋ฐ ์–ด๋ ค์šด ๋ถ€๋ถ„์ด ๋งŽ์•„ ๋‹ค์Œ๊ธฐํšŒ์— ๊ณต๋ถ€๋ฅผ ํ•˜๊ณ  ๋‹ค์‹œ ์‹œ๋„ํ•ด๋ณด๋ ค๊ณ  ํ•œ๋‹ค.๐Ÿ˜…
๊ทธ๋ž˜์„œ ์ด๋ฒˆ์—๋Š” ๋กœ๊ทธ์ธ ์ฒ˜๋ฆฌ ๋ฐ ๋กœ๊ทธ์•„์›ƒ ์ฒ˜๋ฆฌ๋ฅผ ์„œ๋น„์Šค ํ˜•ํƒœ๋กœ ์ œ์ž‘ํ•˜์˜€๋‹ค.
๋กœ๊ทธ์ธ์‹œ JWT ํ† ํฐ์„ ์ฟ ํ‚คํ˜•ํƒœ๋กœ ์ œ์ž‘ํ•ด์„œ ๋งŒ๋“ค์–ด ์‘๋‹ตํ•˜๊ณ  ๋กœ๊ทธ์•„์›ƒ์‹œ ์ฟ ํ‚ค ํ—ค๋”๋ฅผ ์—†์• ๋Š” ์ž‘์—…์„ ์‹œ๋„ํ•˜์˜€๋‹ค.

// AuthController 
@RequiredArgsConstructor
@RestController
@RequestMapping("/auth")
public class AuthController {
    private final AuthService authService;
    @PostMapping("/login")
    public ResponseEntity<ResponseDto> login(@RequestBody LoginUserDto loginUserDto,
                                             HttpServletResponse response){
        return ResponseEntity.status(HttpStatus.OK).body(authService.login(loginUserDto,response));
    }
    @PostMapping("/logout")
    public ResponseEntity<ResponseDto> logout(HttpServletRequest request,
                                              HttpServletResponse response){
        return ResponseEntity.status(HttpStatus.OK).body(authService.logout(request,response));
    }
}
  • ๋กœ๊ทธ์ธ ์š”์ฒญ์ด ๋“ค์–ด์˜ค๋ฉด LoginUserDto๋ฅผ ํ†ตํ•ด์„œ ๋กœ๊ทธ์ธ ์ •๋ณด๋ฅผ ๊ฐ€์ ธ์˜ค๊ณ  ์ฟ ํ‚ค๋ฅผ ์ €์žฅํ•˜๊ธฐ ์œ„ํ•ด response ๊ฐ์ฒด๋„ ์„ ์–ธ
  • ๋กœ๊ทธ์•„์›ƒ ์š”์ฒญ์‹œ ์ฟ ํ‚ค๋ฅผ ์ œ์ €ํ•˜๊ธฐ ์œ„ํ•ด response ๊ฐ์ฒด ์„ ์–ธ
// AuthService 
@RequiredArgsConstructor
@Service
public class AuthService {

    private final AuthenticationManager authenticationManager;
    private final JwtUtil jwtUtil;
    public ResponseDto login(LoginUserDto loginUserDto,
                             HttpServletResponse response){
        Authentication authentication = authenticationManager.authenticate(
                new UsernamePasswordAuthenticationToken(loginUserDto.getUserId(),loginUserDto.getPassword()));

        UserDetails userDetails = (UserDetails) authentication.getPrincipal();

        String token = jwtUtil.createToken(userDetails.getUsername());

        Cookie cookie = new Cookie(JwtUtil.AUTHORIZATION_HEADER,token);
        cookie.setMaxAge((int)jwtUtil.TOKEN_TIME);
        cookie.setHttpOnly(true);
        cookie.setPath("/");
        response.addCookie(cookie);

        return new ResponseDto(HttpStatus.OK.value(),"๋กœ๊ทธ์ธ ์„ฑ๊ณต");
    }
    public ResponseDto logout(HttpServletRequest request,
                              HttpServletResponse response){

        Cookie cookie = new Cookie(JwtUtil.AUTHORIZATION_HEADER,null);
        cookie.setMaxAge(0);
        cookie.setPath("/");
        response.addCookie(cookie);
        return new ResponseDto(HttpStatus.OK.value(),"๋กœ๊ทธ์•„์›ƒ ์„ฑ๊ณต");
    }
}

๐Ÿ”“๋กœ๊ทธ์ธ ๊ณผ์ •

  • authenticationManager.authenticate๋ฅผ ํ†ตํ•ด ์‚ฌ์šฉ์ž๋ฅผ ์ธ์ฆ
  • jwtUtil.createToken๋กœ ํ† ํฐ์„ ์ƒ์„ฑ
  • Cookie cookie = new Cookie(JwtUtil.AUTHORIZATION_HEADER,token)๋กœ ์ฟ ํ‚ค๋ฅผ ์ƒ์„ฑ
  • cookie.setMaxAge(ํ† ํฐ ๋งŒ๋ฃŒ๊ธฐ๊ฐ„)
  • cookie.setHttpOnly(true)(HTTP ์ „์šฉ JS์—์„œ ์ ‘๊ทผ ๋ถˆ๊ฐ€)
  • cookie.setPath("/")(์ฟ ํ‚ค ๊ฒฝ๋กœ ์„ค์ • ์ „์ฒด ์‚ฌ์šฉ)
  • response.addCookie(cookie)(์ฟ ํ‚ค ์ถ”๊ฐ€)

๐Ÿ”๋กœ๊ทธ์•„์›ƒ ๊ณผ์ •

  • Cookie cookie = new Cookie(JwtUtil.AUTHORIZATION_HEADER,null) (์†Œ๋ฉธ ์‹œํ‚ฌ ์ฟ ํ‚ค ์ƒ์„ฑ)
  • cookie.setMaxAge(0); (์ฟ ํ‚ค ๋งŒ๋ฃŒ ์„ค์ •)
  • cookie.setPath("/");
  • response.addCookie(cookie);

DONE

0๊ฐœ์˜ ๋Œ“๊ธ€