FIX : logout 로직 변경(handler사용)

Dongnaebangnae · May 4, 2024 · 0d11a48 · 0d11a48
1 parent b6090b6
commit 0d11a48
Show file tree

Hide file tree

Showing 4 changed files with 31 additions and 27 deletions.
diff --git a/src/main/java/com/nawabali/nawabali/HelloController.java b/src/main/java/com/nawabali/nawabali/HelloController.java
@@ -7,6 +7,6 @@
 public class HelloController {
     @GetMapping("/ping")
     public String check() {
-        return "Pong! BEARER_PREFIX 추가";
+        return "Pong! 로그아웃핸들러 변경";
     }
 }
diff --git a/src/main/java/com/nawabali/nawabali/config/WebSecurityConfig.java b/src/main/java/com/nawabali/nawabali/config/WebSecurityConfig.java
@@ -122,10 +122,9 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Excepti
                                 .anyRequest().authenticated() // 그 외 모든 요청 인증처리
         );
 
-//        http.logout(logoutconfigurer->logoutconfigurer
-//                .logoutUrl("/users/logout")
-//                .logoutSuccessUrl("/")
-//                .addLogoutHandler(jwtLogoutHandler));
+        http.logout(logoutconfigurer->logoutconfigurer
+                .logoutUrl("/users/logout")
+                .addLogoutHandler(jwtLogoutHandler));
 
         // 필터 관리
         http.addFilterBefore(jwtExceptionHandlerFilter(), JwtAuthenticationFilter.class);

diff --git a/src/main/java/com/nawabali/nawabali/controller/UserController.java b/src/main/java/com/nawabali/nawabali/controller/UserController.java
@@ -34,10 +34,10 @@
 public class UserController {
     private final UserService userService;
 
-    @PostMapping("/logout")
-    public ResponseEntity<String> logout(HttpServletRequest request, HttpServletResponse response){
-        return userService.logout(request, response);
-    }
+//    @PostMapping("/logout")
+//    public ResponseEntity<String> logout(HttpServletRequest request, HttpServletResponse response){
+//        return userService.logout(request, response);
+//    }
 
     @PostMapping("/signup")
     @Operation(summary = "회원가입", description = "회원가입에 사용하는 API")

diff --git a/src/main/java/com/nawabali/nawabali/security/Jwt/JwtLogoutHandler.java b/src/main/java/com/nawabali/nawabali/security/Jwt/JwtLogoutHandler.java
@@ -32,25 +32,30 @@ public void logout(HttpServletRequest request, HttpServletResponse response, Aut
         response.addHeader(JwtUtil.AUTHORIZATION_HEADER, null);
         response.addCookie(cookie);
 
-        // refresh 토큰 삭제
-        log.info("refreshToken 삭제");
-        String accessToken = jwtUtil.getTokenFromCookieAndName(request, JwtUtil.AUTHORIZATION_HEADER);
-        if(StringUtils.hasText(accessToken)){
-            accessToken = jwtUtil.substringToken(accessToken);
-            String refreshToken = redisTool.getValues(accessToken);
-            if(!refreshToken.equals("false")){
-                redisTool.deleteValues(accessToken);
+        String headerAccessToken = jwtUtil.getJwtFromHeader(request);
+        String cookieAccessToken = jwtUtil.getTokenFromCookieAndName(request, JwtUtil.AUTHORIZATION_HEADER);
+        log.info("accessToken : " + headerAccessToken);
+        log.info("cookieAccessToken : " + cookieAccessToken);
 
-                //access의 남은 유효시간만큼  redis에 블랙리스트로 저장
-                log.info("redis에 블랙리스트 저장");
-                Long remainedExpiration = jwtUtil.getUserInfoFromToken(accessToken).getExpiration().getTime();
-                Long now = new Date().getTime();
-                if(remainedExpiration > now){
-                    long newExpiration = remainedExpiration - now;
-                    redisTool.setValues(accessToken, "logout", Duration.ofMillis(newExpiration));
-                }
-            }
-        }
+        // refresh 토큰 삭제
+//        log.info("refreshToken 삭제");
+//        String accessToken = jwtUtil.getTokenFromCookieAndName(request, JwtUtil.AUTHORIZATION_HEADER);
+//        if(StringUtils.hasText(accessToken)){
+//            accessToken = jwtUtil.substringToken(accessToken);
+//            String refreshToken = redisTool.getValues(accessToken);
+//            if(!refreshToken.equals("false")){
+//                redisTool.deleteValues(accessToken);
+//
+//                //access의 남은 유효시간만큼  redis에 블랙리스트로 저장
+//                log.info("redis에 블랙리스트 저장");
+//                Long remainedExpiration = jwtUtil.getUserInfoFromToken(accessToken).getExpiration().getTime();
+//                Long now = new Date().getTime();
+//                if(remainedExpiration > now){
+//                    long newExpiration = remainedExpiration - now;
+//                    redisTool.setValues(accessToken, "logout", Duration.ofMillis(newExpiration));
+//                }
+//            }
+//        }
 
 
     }