From 74afe9765ce4b15d18d7df595479e5405c44c1e7 Mon Sep 17 00:00:00 2001
From: heejjinkim <06.hjhj.12@gmail.com>
Date: Tue, 17 Sep 2024 23:57:08 +0900
Subject: [PATCH] =?UTF-8?q?feature:=20=EB=A1=9C=EA=B7=B8=EC=95=84=EC=9B=83?=
 =?UTF-8?q?=20=EA=B5=AC=ED=98=84?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

security 기본 로그아웃 사용
저장된 refresh token 삭제하는 핸들러 추가

related to: #11
---
 .../global/config/WebSecurityConfig.java      | 28 +++++++++----------
 .../global/handler/CustomLogoutHandler.java   | 22 +++++++++++++++
 .../handler/CustomLogoutSuccessHandler.java   | 19 +++++++++++++
 3 files changed, 55 insertions(+), 14 deletions(-)
 create mode 100644 src/main/java/com/_119/wepro/global/handler/CustomLogoutHandler.java
 create mode 100644 src/main/java/com/_119/wepro/global/handler/CustomLogoutSuccessHandler.java

diff --git a/src/main/java/com/_119/wepro/global/config/WebSecurityConfig.java b/src/main/java/com/_119/wepro/global/config/WebSecurityConfig.java
index 1a1d83a..0f82601 100644
--- a/src/main/java/com/_119/wepro/global/config/WebSecurityConfig.java
+++ b/src/main/java/com/_119/wepro/global/config/WebSecurityConfig.java
@@ -4,26 +4,20 @@
 
 import com._119.wepro.global.filter.JwtTokenExceptionFilter;
 import com._119.wepro.global.filter.JwtTokenFilter;
+import com._119.wepro.global.handler.CustomLogoutHandler;
+import com._119.wepro.global.handler.CustomLogoutSuccessHandler;
 import com._119.wepro.global.security.CustomOidcAuthenticationSuccessHandler;
-import com._119.wepro.global.security.CustomOidcUserService;
 import com._119.wepro.global.security.JwtTokenProvider;
 import lombok.RequiredArgsConstructor;
-import org.springframework.boot.autoconfigure.security.oauth2.server.servlet.OAuth2AuthorizationServerAutoConfiguration;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
-import org.springframework.http.HttpMethod;
-import org.springframework.security.config.Customizer;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
 import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
 import org.springframework.security.config.http.SessionCreationPolicy;
-import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
-import org.springframework.security.oauth2.client.web.OAuth2AuthorizedClientRepository;
 import org.springframework.security.web.SecurityFilterChain;
-import org.springframework.security.web.authentication.AuthenticationFailureHandler;
-import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
-import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+import org.springframework.security.web.authentication.logout.LogoutFilter;
 
 @Configuration
 @EnableWebSecurity
@@ -40,7 +34,8 @@ public class WebSecurityConfig {
   public WebSecurityCustomizer webSecurityCustomizer() { // 정적 리소스 제외
     return web -> web.ignoring()
         .requestMatchers("/css/**", "/images/**", "/js/**", "/lib/**")
-        .requestMatchers("/swagger-ui-custom.html", "/api-docs/**", "/swagger-ui/**", "swagger-ui.html", "/v3/api-docs/**")
+        .requestMatchers("/swagger-ui-custom.html", "/api-docs/**", "/swagger-ui/**",
+            "swagger-ui.html", "/v3/api-docs/**")
         .requestMatchers("/error", "/favicon.ico");
   }
 
@@ -62,13 +57,18 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
             c.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
         .httpBasic(withDefaults())
         .oauth2Login(oauth2Login -> oauth2Login
-            .loginPage("http://localhost:3000/")
-            .failureHandler(customAuthenticationFailureHandler)
-            .successHandler(customOidcAuthenticationSuccessHandler())
+//            .loginPage("http://localhost:3000/")
+                .failureHandler(customAuthenticationFailureHandler)
+                .successHandler(customOidcAuthenticationSuccessHandler())
+        )
+        .logout(logoutConfigurer -> logoutConfigurer
+            .logoutUrl("/logout")
+            .addLogoutHandler(new CustomLogoutHandler(jwtTokenProvider))
+            .logoutSuccessHandler(new CustomLogoutSuccessHandler())
         );
 
     http.addFilterBefore(new JwtTokenFilter(jwtTokenProvider),
-        UsernamePasswordAuthenticationFilter.class)
+            LogoutFilter.class)
         .addFilterBefore(new JwtTokenExceptionFilter(), JwtTokenFilter.class);
     return http.build();
   }
diff --git a/src/main/java/com/_119/wepro/global/handler/CustomLogoutHandler.java b/src/main/java/com/_119/wepro/global/handler/CustomLogoutHandler.java
new file mode 100644
index 0000000..df2f034
--- /dev/null
+++ b/src/main/java/com/_119/wepro/global/handler/CustomLogoutHandler.java
@@ -0,0 +1,22 @@
+package com._119.wepro.global.handler;
+
+import com._119.wepro.global.security.JwtTokenProvider;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import lombok.RequiredArgsConstructor;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.web.authentication.logout.LogoutHandler;
+
+@RequiredArgsConstructor
+public class CustomLogoutHandler implements LogoutHandler {
+
+  private final JwtTokenProvider jwtTokenProvider;
+
+  @Override
+  public void logout(HttpServletRequest request, HttpServletResponse response,
+      Authentication authentication) {
+
+    String providerId = authentication.getName();
+    jwtTokenProvider.deleteInvalidRefreshToken(providerId);
+  }
+}
diff --git a/src/main/java/com/_119/wepro/global/handler/CustomLogoutSuccessHandler.java b/src/main/java/com/_119/wepro/global/handler/CustomLogoutSuccessHandler.java
new file mode 100644
index 0000000..3634f25
--- /dev/null
+++ b/src/main/java/com/_119/wepro/global/handler/CustomLogoutSuccessHandler.java
@@ -0,0 +1,19 @@
+package com._119.wepro.global.handler;
+
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import java.io.IOException;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
+
+public class CustomLogoutSuccessHandler implements LogoutSuccessHandler {
+
+  @Override
+  public void onLogoutSuccess(HttpServletRequest request, HttpServletResponse response,
+      Authentication authentication) throws IOException, ServletException {
+
+    response.setStatus(HttpServletResponse.SC_OK);
+    response.getWriter().flush();
+  }
+}