[2023-07-19]

- EgovLoginApiControllerTest.java 파일명 변경
- 로그아웃시 불필요 코드 제거
- 갤러리이미지보기, JWT,일반 로그인시 인증 예외처리 적용
- getAuthorities() 구현

src/main/java/egovframework/com/cmm/util/EgovUserDetailsHelper.java

@@ -1,17 +1,13 @@
 package egovframework.com.cmm.util;
 
-import java.util.ArrayList;
 import java.util.List;
+import java.util.stream.Collectors;
 
 import org.springframework.security.core.Authentication;
+import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.context.SecurityContextHolder;
-import org.springframework.web.context.request.RequestAttributes;
-import org.springframework.web.context.request.RequestContextHolder;
-
 import egovframework.com.cmm.LoginVO;
 
-import org.egovframe.rte.fdl.string.EgovObjectUtil;
-
 /**
  * EgovUserDetails Helper 클래스
  *
@@ -49,14 +45,8 @@ public class EgovUserDetailsHelper {
 		 * @return List - 사용자 권한정보 목록
 		 */
 		public static List<String> getAuthorities() {
-			List<String> listAuth = new ArrayList<String>();
-
-			if (EgovObjectUtil.isNull(RequestContextHolder.currentRequestAttributes().getAttribute("LoginVO", RequestAttributes.SCOPE_SESSION))) {
-				// log.debug("## authentication object is null!!");
-				return null;
-			}
-
-			return listAuth;
+			Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
+			return authentication.getAuthorities().stream().map(GrantedAuthority::getAuthority).collect(Collectors.toList());
 		}
 
 		/**

src/main/java/egovframework/com/security/SecurityConfig.java

@@ -13,7 +13,6 @@ import org.springframework.security.web.authentication.UsernamePasswordAuthentic
 import org.springframework.web.cors.CorsConfiguration;
 import org.springframework.web.cors.CorsConfigurationSource;
 import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
-
 import java.util.Arrays;
 
 /**
@@ -34,9 +33,11 @@ public class SecurityConfig {
     private String[] AUTH_WHITELIST = {
             "/",
             "/login/**",
-            "/uat/uia/**.do", // 로그인
+            "/uat/uia/actionLoginJWT.do",//JWT 로그인
+            "/uat/uia/actionLoginAPI.do",//일반 로그인
             "/cmm/main/**.do", // 메인페이지
             "/cmm/fms/FileDown.do", //파일 다운로드
+            "/cmm/fms/getImage.do", //갤러리 이미지보기
             "/cop/smt/sim/egovIndvdlSchdulManageDailyListAPI.do", //일별 일정 조회
             "/cop/smt/sim/egovIndvdlSchdulManageWeekListAPI.do", //주간 일정 조회
             "/cop/smt/sim/egovIndvdlSchdulManageDetailAPI.do", //일정 상세조회

src/main/java/egovframework/let/cop/bbs/web/EgovBBSAttributeManageApiController.java

@@ -193,9 +193,6 @@ public class EgovBBSAttributeManageApiController {
 		ResultVO resultVO = new ResultVO();
 		Map<String, Object> resultMap = new HashMap<String, Object>();
 
-		Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
-		LoginVO loginVO222 = (LoginVO) authentication.getPrincipal();
-
 		beanValidator.validate(boardMasterVO, bindingResult);
 		if (bindingResult.hasErrors()) {
 

src/main/java/egovframework/let/uat/uia/web/EgovLoginApiController.java

@@ -4,7 +4,9 @@ import java.util.HashMap;
 
 import javax.annotation.Resource;
 import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
 
+import egovframework.com.cmm.util.EgovUserDetailsHelper;
 import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.responses.ApiResponse;
 import io.swagger.v3.oas.annotations.responses.ApiResponses;
@@ -13,13 +15,12 @@ import org.egovframe.rte.fdl.cmmn.trace.LeaveaTrace;
 import org.egovframe.rte.fdl.property.EgovPropertyService;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.MediaType;
+import org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler;
 import org.springframework.ui.ModelMap;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RestController;
-import org.springframework.web.context.request.RequestAttributes;
-import org.springframework.web.context.request.RequestContextHolder;
 
 import egovframework.com.cmm.EgovMessageSource;
 import egovframework.com.cmm.LoginVO;
@@ -170,10 +171,11 @@ public class EgovLoginApiController {
 			@ApiResponse(responseCode = "200", description = "로그아웃 성공"),
 	})
 	@GetMapping(value = "/uat/uia/actionLogoutAPI.do")
-	public ResultVO actionLogoutJSON(HttpServletRequest request) throws Exception {
+	public ResultVO actionLogoutJSON(HttpServletRequest request, HttpServletResponse response) throws Exception {
+
 		ResultVO resultVO = new ResultVO();
 
-		RequestContextHolder.currentRequestAttributes().removeAttribute("LoginVO", RequestAttributes.SCOPE_SESSION);
+		new SecurityContextLogoutHandler().logout(request, response, null);
 
 		resultVO.setResultCode(ResponseCode.SUCCESS.getCode());
 		resultVO.setResultMessage(ResponseCode.SUCCESS.getMessage());

src/test/java/egovframework/let/uat/uia/web/EgovLoginApiControllerTest.java

@@ -3,24 +3,13 @@ package egovframework.let.uat.uia.web;
 import egovframework.com.cmm.ResponseCode;
 import egovframework.com.cmm.service.ResultVO;
 import org.assertj.core.api.Assertions;
-import org.junit.jupiter.api.BeforeAll;
-import org.junit.jupiter.api.DisplayName;
-import org.junit.jupiter.api.Test;
-import org.junit.jupiter.api.TestInstance;
+import org.junit.jupiter.api.*;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.boot.test.context.SpringBootTest;
 import org.springframework.boot.test.web.client.TestRestTemplate;
 import org.springframework.boot.test.web.server.LocalServerPort;
 import org.springframework.http.*;
-import org.springframework.http.client.ClientHttpResponse;
-import org.springframework.http.client.HttpComponentsClientHttpRequestFactory;
-import org.springframework.util.LinkedMultiValueMap;
-import org.springframework.util.MultiValueMap;
-import org.springframework.web.bind.annotation.PostMapping;
-import org.springframework.web.client.DefaultResponseErrorHandler;
 
-import java.io.IOException;
-import java.time.LocalDate;
 import java.util.HashMap;
 import java.util.Map;
 
@@ -37,16 +26,16 @@ import static org.assertj.core.api.Assertions.assertThat;
  * 2023/06/19        crlee       최초 생성
  */
 @TestInstance(TestInstance. Lifecycle.PER_CLASS)
-@SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.DEFINED_PORT)
-public class EgovLoginApiContollerTest {
+@SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT)
+public class EgovLoginApiControllerTest {
 
     @Value("${server.servlet.context-path}")
     String CONTEXT_PATH;
     String URL = "http://localhost";
-    String SERVER_URL;
 
     @LocalServerPort
     int randomServerPort;
+    String SERVER_URL;
 
     @BeforeAll
     void init(){
@@ -106,6 +95,7 @@ public class EgovLoginApiContollerTest {
         headers.set("Authorization", token);
         HttpEntity request = new HttpEntity(headers);
         TestRestTemplate rest = new TestRestTemplate();
+
          return rest.exchange(this.SERVER_URL + "/uat/esm/jwtAuthAPI.do", HttpMethod.POST, request,ResultVO.class);
     }
 }