From 59806412f586c6062928f5cb9b270eb9b6570335 Mon Sep 17 00:00:00 2001 From: ddglackrp Date: Wed, 4 Dec 2024 16:49:29 +0900 Subject: [PATCH 1/2] =?UTF-8?q?feat=20:=20"Cookie=20HttpOnly=20true,=20fal?= =?UTF-8?q?se=20=EA=B5=AC=EB=B6=84"?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../domain/auth/controller/AuthApiController.java | 2 +- .../security/oauth/OAuth2SuccessHandler.java | 4 ++-- .../utils/servletUtils/cookie/CookieUtils.java | 14 ++++++++++++-- 3 files changed, 15 insertions(+), 5 deletions(-) diff --git a/src/main/java/PNUMEAT/Backend/domain/auth/controller/AuthApiController.java b/src/main/java/PNUMEAT/Backend/domain/auth/controller/AuthApiController.java index 247148d..5b0db14 100644 --- a/src/main/java/PNUMEAT/Backend/domain/auth/controller/AuthApiController.java +++ b/src/main/java/PNUMEAT/Backend/domain/auth/controller/AuthApiController.java @@ -56,7 +56,7 @@ public ResponseEntity> reissue(HttpServletRequest request, HttpSe response.setHeader(AuthConstant.AUTHORIZATION, AuthConstant.BEARER + newAccess); response.addCookie(CookieUtils.createCookie(AuthConstant.ACCESS_TOKEN, newAccess)); - response.addCookie(CookieUtils.createCookie(AuthConstant.REFRESH_TOKEN, newRefresh)); + response.addCookie(CookieUtils.createCookieWithHttpOnly(AuthConstant.REFRESH_TOKEN, newRefresh)); return ResponseEntity.status(HttpStatus.OK) .contentType(MediaType.APPLICATION_JSON) diff --git a/src/main/java/PNUMEAT/Backend/global/security/oauth/OAuth2SuccessHandler.java b/src/main/java/PNUMEAT/Backend/global/security/oauth/OAuth2SuccessHandler.java index 7ba9abc..803e82e 100644 --- a/src/main/java/PNUMEAT/Backend/global/security/oauth/OAuth2SuccessHandler.java +++ b/src/main/java/PNUMEAT/Backend/global/security/oauth/OAuth2SuccessHandler.java @@ -71,9 +71,9 @@ public void onAuthenticationSuccess(HttpServletRequest request, HttpServletRespo } } - private void setInformationInResponse(HttpServletResponse response, String accessToken, String refreshToken) throws IOException { + private void setInformationInResponse(HttpServletResponse response, String accessToken, String refreshToken) { Cookie access = CookieUtils.createCookie(ACCESS_TOKEN, accessToken); - Cookie refresh = CookieUtils.createCookie(REFRESH_TOKEN, refreshToken); + Cookie refresh = CookieUtils.createCookieWithHttpOnly(REFRESH_TOKEN, refreshToken); response.addCookie(access); response.addCookie(refresh); diff --git a/src/main/java/PNUMEAT/Backend/global/security/utils/servletUtils/cookie/CookieUtils.java b/src/main/java/PNUMEAT/Backend/global/security/utils/servletUtils/cookie/CookieUtils.java index e806f4d..ffd5be1 100644 --- a/src/main/java/PNUMEAT/Backend/global/security/utils/servletUtils/cookie/CookieUtils.java +++ b/src/main/java/PNUMEAT/Backend/global/security/utils/servletUtils/cookie/CookieUtils.java @@ -11,16 +11,26 @@ @Slf4j public class CookieUtils { - public static Cookie createCookie(String key, String value) { + public static Cookie createCookieWithHttpOnly(String key, String value) { Cookie cookie = new Cookie(key, value); cookie.setMaxAge(60 * 60); - //cookie.setSecure(true); + cookie.setSecure(true); cookie.setPath("/"); cookie.setHttpOnly(true); return cookie; } + public static Cookie createCookie(String key, String value) { + Cookie cookie = new Cookie(key, value); + cookie.setMaxAge(60 * 60); + cookie.setSecure(true); + cookie.setPath("/"); + cookie.setHttpOnly(false); + + return cookie; + } + public static void clearCookie(HttpServletResponse response) { Cookie cookie = new Cookie(REFRESH_TOKEN, null); cookie.setMaxAge(0); From e657897b0a31f7336a05dd443b3401da046667cb Mon Sep 17 00:00:00 2001 From: ddglackrp Date: Wed, 4 Dec 2024 16:54:55 +0900 Subject: [PATCH 2/2] =?UTF-8?q?feat=20:=20"=EC=9E=AC=20=EB=A1=9C=EA=B7=B8?= =?UTF-8?q?=EC=9D=B8=EC=8B=9C=20=EA=B8=B0=EC=A1=B4=20Refresh=20Token=20upd?= =?UTF-8?q?ate"?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../Backend/global/security/oauth/OAuth2SuccessHandler.java | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/src/main/java/PNUMEAT/Backend/global/security/oauth/OAuth2SuccessHandler.java b/src/main/java/PNUMEAT/Backend/global/security/oauth/OAuth2SuccessHandler.java index 803e82e..24e8d54 100644 --- a/src/main/java/PNUMEAT/Backend/global/security/oauth/OAuth2SuccessHandler.java +++ b/src/main/java/PNUMEAT/Backend/global/security/oauth/OAuth2SuccessHandler.java @@ -48,13 +48,12 @@ public void onAuthenticationSuccess(HttpServletRequest request, HttpServletRespo Optional findRefreshToken = refreshTokenService.findRefreshToken(customUserDetails.getMember().getId()); - String refreshToken = null; + String refreshToken = jwtUtil.generateRefreshToken(uuid, role); if (findRefreshToken.isEmpty()) { - refreshToken = jwtUtil.generateRefreshToken(uuid, role); refreshTokenService.addRefreshEntity(refreshToken, uuid, jwtUtil.getRefreshExpiredTime()); } else { - refreshToken = findRefreshToken.get().getToken(); + refreshTokenService.renewalRefreshToken(findRefreshToken.get().getToken(), refreshToken, jwtUtil.getRefreshExpiredTime()); } String accessToken = jwtUtil.generateAccessToken(uuid, role);